Overview
The Devicie Essential Eight Maturity Level 2 User Application Hardening (Nov 2023) configuration is to meet the Australian Cyber Security Centre’s guidance for this mitigation strategy.
Intune Description:
E8 ML2 User App Hardening (Nov 2023)
Scope:
This baseline should be applied to Windows devices. Must be deployed with “DEVICIE-PROD-ACSC E8 Nov 2023-ML1 User app hardening” & all additional “DEVICIE-PROD-ACSC E8 Nov 2023-ML2 User app hardening” add on items
Configuration Settings:
|
Name |
Value |
|
Administrative Templates |
|
|
Audit Process Creation |
|
|
Include command line in process creation events |
Enabled |
|
Windows PowerShell |
|
|
Turn on Module Logging |
Enabled |
|
Module Names (Device) |
* |
|
Turn on PowerShell Script Block Logging |
Enabled |
|
Log script block invocation start / stop events: |
False |
|
Turn on PowerShell Transcription |
Enabled |
|
Include invocation headers: (Device) |
False |
|
Transcript output directory (Device) |
C:\Windows\system32\config\systemprofile\Documents |
|
Auditing |
|
|
Detailed Tracking Audit Process Creation |
Success |
|
Defender |
|
|
Attack Surface Reduction Rules |
|
|
Block all Office applications from creating child processes |
Block |
|
Block Office applications from creating executable content |
Block |
|
Block Office applications from injecting code into other processes |
Block |
|
Block Office communication application from creating child processes |
Block |
|
Block Adobe Reader from creating child processes |
Block |
|
Devicie Template Name |
ACSC E8 Nov 2023-ML2 User app hardening |
|
Default Intune Deployed Name |
DEVICIE-PROD-ACSC E8 Nov 2023-ML2 User app hardening |
|
Version |
1.0 |
|
Template Last Updated |
Nov 18, 2024 |
|
Document Last Updated: |
Jun 12, 2025 |