Windows Configuration Policies
Windows - Enable ASR Rules
Enable Defender Attack Surface Reduction Rules in the Block Configuration. You must have proper licensing to use this profile: Microsoft 365 Business Premium, E3, or E5. Use either the Audit policy or the Enable policy, but not both at the same time.
OLD - Microsoft Defender Antivirus
Old Antivirus policy, kept for reference to compare to Michael’s Antivirus policy
BlastIQ Tablet – Power Settings
Power settings for the BlastIQ Tablet deployment
Camera Kiosk – Power Settings
Power settings for the Camera Kiosk deployment
Defender Antivirus Baseline
Baseline Settings for Defender Antivirus - Michael
Defender Antivirus Exclusions
Path and extension exclusions for Defender Antivirus
Defender for Endpoint Onboard
Onboards Devices to Defender for Endpoint
Kiosk PC – Block Microsoft Store
Blocks access to the Microsoft Store on Kiosk Devices
Kiosk – PC MDMWins
Ensures that MDM policy wins over Group Policy. Blocks group policy. “Needed for Kiosk Policy.”
Kiosk PC – Remove News and Interests from Taskbar
Removes News and Interests from the Taskbar to reduce distractions and increase security on a single-purpose device.
Kiosk PC – Remove Teams from startup
Removes Teams from the startup to make sure that only the necessary apps are launched on startup.
NBSecure – CARootCertificate
Deploys the CA Root Certificate for authenticating to the NBSecure Sid
NBSecure – MerakiIDENTrustROOT
Deploys the MerakiIDENTrustROOT Certificate for authenticating to the NBSecure Sid
NBSecure – MerakiWifiAuthentication Template
Deploys the WifiAuthentication Template needed for authenticating to the NBSecure Sid
NBSecure – WifiSCEPCert
Deploys the WifiSCEP Certificate for authenticating to the NBSecure Sid
Shared PC – Block Microsoft Store
Blocks access to the Microsoft Store on Shared PC’s
Shared PC – Config Profile
Configures Shared PC mode and Device settings to support Shared PC mode
Shared PC – Tuning Profile
Configuration Improvements for the Shared PC deployment for usability. Skip ESP user status page and disable the first sign-in animation.
Shop Kiosk – Power Settings
Power settings for the Shop Kiosk deployment
Windows – Security Device Restrictions
Sets basic general device restrictions for endpoints. App store, cellular and connectivity, locked screen experience, Microsoft Edge Legacy, Password, Reporting and Telemetry, Drive indexing, Defender SmartScreen, Windows Spotlight, Microsoft Defender Antivirus, and Power settings.
Windows – Bitlocker Policy
Enables BitLocker and configures device encryption.
Windows – Create nbadmin Local Admin Account
Creates the nbadmin local admin account and adds it to the local admin group
Windows – Disable First Sign-in Animation
Disables the sign-in animation sequence for users signing into the device for the first time.
Windows – Enable Location Services
Turns on location services and force allows all apps access to location.
Windows – LAPS nbadmin
Configures LAPS for nbadmin local admin account to back up the account to AzureAD.
Windows – Outlook Settings
Configures Outlook settings for users
Windows – Security Device Baseline
General security profile for Windows devices that is appropriate for corporate-owned workstations. Configures Firewall, Defender SmartScreen, Exploit Guard, Security Center, Device Security Options, and Xbox Services.
Windows – Allow Elevation for RingCentral Integration for Teams
Allows Elevation for the RingCentral Integration for Teams to allow users to use the integration.
Windows – Data Collection Policy
Enables Health monitoring for Endpoint analytics and windowsUpdates
Windows – Edge Browser
Hides the First-run experience and splash screen for Edge when setting up a new device.
Windows – OneDrive Config
Enables OneDrive and configures backup path, notifications, user interactions, and reporting for OneDrive.
Windows – Power Settings
General Power settings for all Windows devices
Windows – RDP DNS Config
DNS configuration for Remote RDP users