microsoft / secmgmt-open-powershell Goto Github PK
View Code? Open in Web Editor NEWSecurity and Management Open PowerShell Module
License: MIT License
Security and Management Open PowerShell Module
License: MIT License
Install-Module -Name SecMgmt -AllowClobber -Scope AllUsers
i expected the module to be installed
I get the following
PackageManagement\Install-Package : No match was found for the specified search criteria and module name 'SecMgmt'. Try Get-PSRepository to see all available registered module repositories.
At C:\Users\dgross\Documents\WindowsPowerShell\Modules\PowerShellGet\2.2.4.1\PSModule.psm1:9709 char:34
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Please share test platform diagnostics logs.
The logs may contain test assembly paths, kindly review and mask those before sharing.
Version: 1.46.1 (user setup)
Commit: cd9ea6488829f560dc949a8b2fb789f3cdc05f5d
Date: 2020-06-17T21:13:20.174Z
Electron: 7.3.1
Chrome: 78.0.3904.130
Node.js: 12.8.1
V8: 7.8.279.23-electron.0
OS: Windows_NT x64 10.0.17134
Is your feature request related to a problem?
As an administrator it would be helpful to have a mechanism to create recommended policies, so I can ensure that my tenant has a better security posture
Describe the solution you would like
Ideally there would be a cmdlet that would create policies with the recommended settings
New-SecMgmtIntuneRecommendedPolicies [-TenantId <identifier>]
Describe alternatives you have considered
It is possible to create compliance and configuration policies using .NET or the Intune PowerShell module. However, the recommended policies are not well defined which means that I have to develop code similar to the following
DeviceConfiguration endpointPolicy = await client.DeviceManagement.DeviceConfigurations.Request().AddAsync(new Windows10EndpointProtectionConfiguration
{
BitLockerEncryptDevice = true,
DefenderEmailContentExecutionType = DefenderAttackSurfaceType.AuditMode,
DefenderGuardMyFoldersType = FolderProtectionType.AuditMode,
DefenderNetworkProtectionType = DefenderProtectionType.AuditMode,
DefenderOfficeAppsLaunchChildProcessType = DefenderAttackSurfaceType.AuditMode,
DefenderOfficeAppsExecutableContentCreationOrLaunchType = DefenderAttackSurfaceType.AuditMode,
DefenderScriptDownloadedPayloadExecutionType = DefenderAttackSurfaceType.AuditMode,
DisplayName = "Windows 10 - Endpoint protection policy"
}).ConfigureAwait(false);
DeviceConfiguration generalPoliy = await client.DeviceManagement.DeviceConfigurations.Request().AddAsync(new Windows10GeneralConfiguration
{
DefenderPromptForSampleSubmission = DefenderPromptForSampleSubmission.PromptBeforeSendingPersonalData,
DefenderRequireCloudProtection = true,
DefenderRequireRealTimeMonitoring = true,
DisplayName = "Windows 10 - General configuration policy",
EdgeRequireSmartScreen = true,
PasswordMinutesOfInactivityBeforeScreenTimeout = 5
}).ConfigureAwait(false);
Is your feature request related to a problem?
I am frustrated when invoking the Initialize-SecMgmtHybirdDeviceEnrollment cmdlet that I have to specify the domain
Describe the solution you would like
Since a connection is being established to Microsoft Graph, the domain value should be obtained from Azure Active Directory. If the parameter is not specified, then is should be requested.
Invoke the following
Connect-SecMgmtAccount
Expecting successful authentication
Connect-SecMgmtAccount : Could not get access to the shared lock file.
At line:1 char:1
+ Connect-SecMgmtAccount -Debug
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : CloseError: (:) [Connect-SecMgmtAccount], InvalidOperationException
+ FullyQualifiedErrorId : Microsoft.Online.SecMgmt.PowerShell.Commands.ConnectSecMgmtAccount
The msal.cache.lockfile
is not being released which is blocking all requests for access tokens
Exception type: System.IO.IOException
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights,
FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean
bFromProxy, Boolean useLongPath, Boolean checkHost)
at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize,
FileOptions options)
at Microsoft.Identity.Client.Extensions.Msal.CrossPlatLock..ctor(String lockfilePath, Int32 lockFileRetryDelay,
Int32 lockFileRetryCount)
=== End of inner exception stack trace ===
at Microsoft.Identity.Client.Extensions.Msal.CrossPlatLock..ctor(String lockfilePath, Int32 lockFileRetryDelay,
Int32 lockFileRetryCount)
at Microsoft.Identity.Client.Extensions.Msal.MsalCacheHelper.CreateCrossPlatLock(StorageCreationProperties
storageCreationProperties)
at Microsoft.Identity.Client.Extensions.Msal.MsalCacheHelper.<CreateAsync>d__23.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.ConfiguredTaskAwaitable`1.ConfiguredTaskAwaiter.GetResult()
at Microsoft.Online.SecMgmt.PowerShell.Utilities.PersistentTokenCache.GetMsalCacheStorage()
Is your feature request related to a problem?
As a consumer of the module I am frustrated when the module is broken by updates to other modules.
Describe the solution you would like
Typically the module breaks due to assembly dependency conflicts. This article provides details on how best to address the potential for assembly dependency conflicts
If you stare at that cmdlet name long enough you're going to chuckle to yourself ... then maybe blush. To my knowledge this isn't a docs issue: that's the actual name of the cmdlet.
Is your feature request related to a problem?
As a maintainer of this project, I am frustrated when bugs are not caught before the module is pushed to the PowerShell Gallery.
Describe the solution you would like
There should be unit tests associated with each command. Also, guidance should be incorporated into the documentation on how the test should be developed.
Invoke the following PowerShell
Install-SecMgmtInsightsConnector -ApplicationDisplayName 'Security and Management Insights'
That the command create and configure the Azure AD application, and then install the connector.
Install-SecMgmtInsightsConnector : Code: Request_BadRequest
Message: Missing property: expiryTime
Inner error:
AdditionalData:
date: 2020-07-02T17:35:02
request-id: 0429a18f-866f-49f2-bef7-5515ad530ee1
ClientRequestId: 0429a18f-866f-49f2-bef7-5515ad530ee1
At line:1 char:1
+ Install-SecMgmtInsightsConnector -ApplicationDisplayName 'Security an ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : CloseError: (:) [Install-SecMgmtInsightsConnector], ServiceException
+ FullyQualifiedErrorId : Microsoft.Online.SecMgmt.PowerShell.Commands.InstallSecMgmtInsightsConnector
Windows 10
PowerShell version 5.1
Is your feature request related to a problem?
As an administrator I am frustrated with the number of steps required to leverage the Security and Management Insights Power BI connector.
Describe the solution you would like
Ideally there should be automation for ensuring the connector is configured and installed correctly.
The tenant identifier value should be a parameter
The keywords property on the container contains the correct tenant identifier
When the value is written it will have the wrong identifier
Windows 2019
PowerShell 5.1
Version 0.0.1
Is your feature request related to a problem?
As an administrator, or partner, I would like a way to automate the cloud domain join process for Windows 10
Describe the solution you would like
I would like to have a command to perform the cloud domain join process without being prompted for credentials. Also, this process should enroll the device into MDM
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.