Skip to content

Commit 65d6f56

Browse files
authored
Merge pull request #1044 from KelvinTegelaar/dev
[pull] dev from KelvinTegelaar:dev
2 parents 02029fa + 7dea7f4 commit 65d6f56

4 files changed

Lines changed: 37 additions & 19 deletions

File tree

Config/standards.json

Lines changed: 19 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -378,8 +378,8 @@
378378
"cat": "Global Standards",
379379
"tag": ["CIS M365 7.0.0 (1.3.6)", "CustomerLockBoxEnabled"],
380380
"appliesToTest": ["CIS_1_3_6"],
381-
"helpText": "**Requires Entra ID P2.** Enables Customer Lockbox that offers an approval process for Microsoft support to access organization data",
382-
"docsDescription": "**Requires Entra ID P2.** Customer Lockbox ensures that Microsoft can't access your content to do service operations without your explicit approval. Customer Lockbox ensures only authorized requests allow access to your organizations data.",
381+
"helpText": "**Requires CustomerLockbox (E5, E7, A5, Purview Addon for BP, EDU or FL)** Enables Customer Lockbox that offers an approval process for Microsoft support to access organization data",
382+
"docsDescription": "**Requires CustomerLockbox (E5, E7, A5, Purview Addon for BP, EDU or FL)** Customer Lockbox ensures that Microsoft can't access your content to do service operations without your explicit approval. Customer Lockbox ensures only authorized requests allow access to your organizations data.",
383383
"executiveText": "Requires explicit organizational approval before Microsoft support staff can access company data for service operations. This provides an additional layer of data protection and ensures the organization maintains control over who can access sensitive business information, even during technical support scenarios.",
384384
"addedComponent": [],
385385
"label": "Enable Customer Lockbox",
@@ -5865,7 +5865,7 @@
58655865
{
58665866
"type": "switch",
58675867
"name": "standards.TeamsFederationConfiguration.AllowTeamsConsumer",
5868-
"label": "Allow users to communicate with other organizations"
5868+
"label": "Allow users to communicate with consumer Teams accounts"
58695869
},
58705870
{
58715871
"type": "autoComplete",
@@ -7255,6 +7255,12 @@
72557255
"label": "Block Android if partner data unavailable",
72567256
"defaultValue": false
72577257
},
7258+
{
7259+
"type": "switch",
7260+
"name": "standards.DefenderCompliancePolicy.grantMobileThreatDefensePartnerRole",
7261+
"label": "Grant MTD role to MDE on enrolled Android COBO/COPE devices",
7262+
"defaultValue": false
7263+
},
72587264
{
72597265
"type": "switch",
72607266
"name": "standards.DefenderCompliancePolicy.ConnectIos",
@@ -7264,13 +7270,19 @@
72647270
{
72657271
"type": "switch",
72667272
"name": "standards.DefenderCompliancePolicy.ConnectIosCompliance",
7267-
"label": "Connect iOS 13.0+ (App-based MAM)",
7273+
"label": "Connect iOS/iPadOS devices for app protection policy evaluation (MAM)",
72687274
"defaultValue": false
72697275
},
72707276
{
72717277
"type": "switch",
72727278
"name": "standards.DefenderCompliancePolicy.appSync",
7273-
"label": "Enable App Sync for iOS",
7279+
"label": "Enable App Sync (sending application inventory) for iOS/iPadOS devices",
7280+
"defaultValue": false
7281+
},
7282+
{
7283+
"type": "switch",
7284+
"name": "standards.DefenderCompliancePolicy.allowPartnerToCollectIosPersonalApplicationMetadata",
7285+
"label": "Send full application inventory data on personally-owned iOS/iPadOS devices",
72747286
"defaultValue": false
72757287
},
72767288
{
@@ -7282,13 +7294,13 @@
72827294
{
72837295
"type": "switch",
72847296
"name": "standards.DefenderCompliancePolicy.allowPartnerToCollectIosCertificateMetadata",
7285-
"label": "Collect certificate metadata from iOS",
7297+
"label": "Enable Certificate Sync for iOS/iPadOS devices",
72867298
"defaultValue": false
72877299
},
72887300
{
72897301
"type": "switch",
72907302
"name": "standards.DefenderCompliancePolicy.allowPartnerToCollectIosPersonalCertificateMetadata",
7291-
"label": "Collect personal certificate metadata from iOS",
7303+
"label": "Send full certificate inventory data on personally-owned iOS/iPadOS devices",
72927304
"defaultValue": false
72937305
},
72947306
{

Modules/CIPPCore/Public/Set-CIPPDefenderCompliancePolicy.ps1

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -27,17 +27,18 @@ function Set-CIPPDefenderCompliancePolicy {
2727
macEnabled = [bool]$Compliance.ConnectMac
2828
partnerUnsupportedOsVersionBlocked = [bool]$Compliance.BlockunsupportedOS
2929
partnerUnresponsivenessThresholdInDays = 7
30-
allowPartnerToCollectIOSApplicationMetadata = [bool]$Compliance.ConnectIosCompliance
31-
allowPartnerToCollectIOSPersonalApplicationMetadata = [bool]$Compliance.ConnectIosCompliance
30+
allowPartnerToCollectIOSApplicationMetadata = [bool]$Compliance.AppSync
31+
allowPartnerToCollectIOSPersonalApplicationMetadata = [bool]$Compliance.allowPartnerToCollectIosPersonalApplicationMetadata
3232
androidDeviceBlockedOnMissingPartnerData = [bool]$Compliance.androidDeviceBlockedOnMissingPartnerData
3333
iosDeviceBlockedOnMissingPartnerData = [bool]$Compliance.iosDeviceBlockedOnMissingPartnerData
3434
windowsDeviceBlockedOnMissingPartnerData = [bool]$Compliance.windowsDeviceBlockedOnMissingPartnerData
3535
macDeviceBlockedOnMissingPartnerData = [bool]$Compliance.macDeviceBlockedOnMissingPartnerData
3636
androidMobileApplicationManagementEnabled = [bool]$Compliance.ConnectAndroidCompliance
37-
iosMobileApplicationManagementEnabled = [bool]$Compliance.appSync
37+
iosMobileApplicationManagementEnabled = [bool]$Compliance.ConnectIosCompliance
3838
windowsMobileApplicationManagementEnabled = [bool]$Compliance.windowsMobileApplicationManagementEnabled
3939
allowPartnerToCollectIosCertificateMetadata = [bool]$Compliance.allowPartnerToCollectIosCertificateMetadata
4040
allowPartnerToCollectIosPersonalCertificateMetadata = [bool]$Compliance.allowPartnerToCollectIosPersonalCertificateMetadata
41+
grantMobileThreatDefensePartnerRole = [bool]$Compliance.grantMobileThreatDefensePartnerRole
4142
microsoftDefenderForEndpointAttachEnabled = [bool]$true
4243
}
4344
$SettingsObj = $SettingsObject | ConvertTo-Json -Compress

Modules/CIPPStandards/Public/Standards/Invoke-CIPPStandardDefenderCompliancePolicy.ps1

Lines changed: 12 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -21,12 +21,14 @@ function Invoke-CIPPStandardDefenderCompliancePolicy {
2121
{"type":"switch","name":"standards.DefenderCompliancePolicy.ConnectAndroid","label":"Connect Android devices to MDE","defaultValue":false}
2222
{"type":"switch","name":"standards.DefenderCompliancePolicy.ConnectAndroidCompliance","label":"Connect Android 6.0.0+ (App-based MAM)","defaultValue":false}
2323
{"type":"switch","name":"standards.DefenderCompliancePolicy.androidDeviceBlockedOnMissingPartnerData","label":"Block Android if partner data unavailable","defaultValue":false}
24+
{"type":"switch","name":"standards.DefenderCompliancePolicy.grantMobileThreatDefensePartnerRole","label":"Grant MTD role to MDE on enrolled Android COBO/COPE devices","defaultValue":false}
2425
{"type":"switch","name":"standards.DefenderCompliancePolicy.ConnectIos","label":"Connect iOS/iPadOS devices to MDE","defaultValue":false}
25-
{"type":"switch","name":"standards.DefenderCompliancePolicy.ConnectIosCompliance","label":"Connect iOS 13.0+ (App-based MAM)","defaultValue":false}
26-
{"type":"switch","name":"standards.DefenderCompliancePolicy.appSync","label":"Enable App Sync for iOS","defaultValue":false}
26+
{"type":"switch","name":"standards.DefenderCompliancePolicy.ConnectIosCompliance","label":"Connect iOS/iPadOS devices for app protection policy evaluation (MAM)","defaultValue":false}
27+
{"type":"switch","name":"standards.DefenderCompliancePolicy.appSync","label":"Enable App Sync (sending application inventory) for iOS/iPadOS devices","defaultValue":false}
28+
{"type":"switch","name":"standards.DefenderCompliancePolicy.allowPartnerToCollectIosPersonalApplicationMetadata","label":"Send full application inventory data on personally-owned iOS/iPadOS devices","defaultValue":false}
2729
{"type":"switch","name":"standards.DefenderCompliancePolicy.iosDeviceBlockedOnMissingPartnerData","label":"Block iOS if partner data unavailable","defaultValue":false}
28-
{"type":"switch","name":"standards.DefenderCompliancePolicy.allowPartnerToCollectIosCertificateMetadata","label":"Collect certificate metadata from iOS","defaultValue":false}
29-
{"type":"switch","name":"standards.DefenderCompliancePolicy.allowPartnerToCollectIosPersonalCertificateMetadata","label":"Collect personal certificate metadata from iOS","defaultValue":false}
30+
{"type":"switch","name":"standards.DefenderCompliancePolicy.allowPartnerToCollectIosCertificateMetadata","label":"Enable Certificate Sync for iOS/iPadOS devices","defaultValue":false}
31+
{"type":"switch","name":"standards.DefenderCompliancePolicy.allowPartnerToCollectIosPersonalCertificateMetadata","label":"Send full certificate inventory data on personally-owned iOS/iPadOS devices","defaultValue":false}
3032
{"type":"switch","name":"standards.DefenderCompliancePolicy.ConnectMac","label":"Connect macOS devices to MDE","defaultValue":false}
3133
{"type":"switch","name":"standards.DefenderCompliancePolicy.macDeviceBlockedOnMissingPartnerData","label":"Block macOS if partner data unavailable","defaultValue":false}
3234
{"type":"switch","name":"standards.DefenderCompliancePolicy.ConnectWindows","label":"Connect Windows 10.0.15063+ to MDE (Note: enabling this forces 'Block Windows if partner data unavailable' to on)","defaultValue":false}
@@ -58,17 +60,18 @@ function Invoke-CIPPStandardDefenderCompliancePolicy {
5860
windowsEnabled = [bool]$Settings.ConnectWindows
5961
macEnabled = [bool]$Settings.ConnectMac
6062
partnerUnsupportedOsVersionBlocked = [bool]$Settings.BlockunsupportedOS
61-
allowPartnerToCollectIOSApplicationMetadata = [bool]$Settings.ConnectIosCompliance
62-
allowPartnerToCollectIOSPersonalApplicationMetadata = [bool]$Settings.ConnectIosCompliance
63+
allowPartnerToCollectIOSApplicationMetadata = [bool]$Settings.appSync
64+
allowPartnerToCollectIOSPersonalApplicationMetadata = [bool]$Settings.allowPartnerToCollectIosPersonalApplicationMetadata
6365
androidDeviceBlockedOnMissingPartnerData = [bool]$Settings.androidDeviceBlockedOnMissingPartnerData
6466
iosDeviceBlockedOnMissingPartnerData = [bool]$Settings.iosDeviceBlockedOnMissingPartnerData
6567
windowsDeviceBlockedOnMissingPartnerData = if ([bool]$Settings.ConnectWindows) { $true } else { [bool]$Settings.windowsDeviceBlockedOnMissingPartnerData }
6668
macDeviceBlockedOnMissingPartnerData = [bool]$Settings.macDeviceBlockedOnMissingPartnerData
6769
androidMobileApplicationManagementEnabled = [bool]$Settings.ConnectAndroidCompliance
68-
iosMobileApplicationManagementEnabled = [bool]$Settings.appSync
70+
iosMobileApplicationManagementEnabled = [bool]$Settings.ConnectIosCompliance
6971
windowsMobileApplicationManagementEnabled = [bool]$Settings.windowsMobileApplicationManagementEnabled
7072
allowPartnerToCollectIosCertificateMetadata = [bool]$Settings.allowPartnerToCollectIosCertificateMetadata
7173
allowPartnerToCollectIosPersonalCertificateMetadata = [bool]$Settings.allowPartnerToCollectIosPersonalCertificateMetadata
74+
grantMobileThreatDefensePartnerRole = [bool]$Settings.grantMobileThreatDefensePartnerRole
7275
microsoftDefenderForEndpointAttachEnabled = $true
7376
}
7477

@@ -112,6 +115,7 @@ function Invoke-CIPPStandardDefenderCompliancePolicy {
112115
windowsMobileApplicationManagementEnabled = [bool]$CurrentState.windowsMobileApplicationManagementEnabled
113116
allowPartnerToCollectIosCertificateMetadata = [bool]$CurrentState.allowPartnerToCollectIosCertificateMetadata
114117
allowPartnerToCollectIosPersonalCertificateMetadata = [bool]$CurrentState.allowPartnerToCollectIosPersonalCertificateMetadata
118+
grantMobileThreatDefensePartnerRole = [bool]$CurrentState.grantMobileThreatDefensePartnerRole
115119
microsoftDefenderForEndpointAttachEnabled = [bool]$CurrentState.microsoftDefenderForEndpointAttachEnabled
116120
}
117121
} else {
@@ -132,6 +136,7 @@ function Invoke-CIPPStandardDefenderCompliancePolicy {
132136
windowsMobileApplicationManagementEnabled = $false
133137
allowPartnerToCollectIosCertificateMetadata = $false
134138
allowPartnerToCollectIosPersonalCertificateMetadata = $false
139+
grantMobileThreatDefensePartnerRole = $false
135140
microsoftDefenderForEndpointAttachEnabled = $false
136141
}
137142
}

Modules/CIPPStandards/Public/Standards/Invoke-CIPPStandardEnableCustomerLockbox.ps1

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -7,8 +7,8 @@ function Invoke-CIPPStandardEnableCustomerLockbox {
77
.SYNOPSIS
88
(Label) Enable Customer Lockbox
99
.DESCRIPTION
10-
(Helptext) **Requires Entra ID P2.** Enables Customer Lockbox that offers an approval process for Microsoft support to access organization data
11-
(DocsDescription) \*\*Requires Entra ID P2.\*\* Customer Lockbox ensures that Microsoft can't access your content to do service operations without your explicit approval. Customer Lockbox ensures only authorized requests allow access to your organizations data.
10+
(Helptext) **Requires CustomerLockbox (E5, E7, A5, Purview Addon for BP, EDU or FL)** Enables Customer Lockbox that offers an approval process for Microsoft support to access organization data
11+
(DocsDescription) \*\*Requires CustomerLockbox (E5, E7, A5, Purview Addon for BP, EDU or FL)\*\* Customer Lockbox ensures that Microsoft can't access your content to do service operations without your explicit approval. Customer Lockbox ensures only authorized requests allow access to your organizations data.
1212
.NOTES
1313
CAT
1414
Global Standards

0 commit comments

Comments
 (0)