![Full Logo.png]](https://help.devicie.com/hs-fs/hubfs/Full%20Logo.png?height=30&name=Full%20Logo.png){kind=small}
ACSC E8 Nov 2023-ML2 User app hardening
Overview:
The Devicie Essential Eight Maturity Level 2 User Application Hardening (Nov 2023) configuration is to meet the Australian Cyber Security Centre’s guidance for this mitigation strategy.
Intune Description:
E8 ML2 User App Hardening (Nov 2023)
Scope:
This baseline should be applied to Windows devices. Must be deployed with “ACSC E8 Nov 2023-ML1 User app hardening” & all additional “ACSC E8 Nov 2023-ML2 User app hardening” add on items.
Policy Impact Areas:
When deployed, this policy will impact:
-
Enable additional Defender Attack Surface Reduction Rules.
-
Enable additional Powershell logging.
Deployment Notes
-
Pre-Deployment Considerations:
-
N/A
-
-
Post-Deployment Validation:
-
Review Defender for Endpoint configuration. Check Attack Surface Reduction rule has been enabled to block Office from creating child processes.
-
Known Issues and Resolutions
-
Issue 1: None at this time
-
Resolution: N/A
-
Configuration Settings:
|
Administrative Templates |
|
|
Audit Process Creation |
|
|
Include command line in process creation events |
Enabled |
|
Windows PowerShell |
|
|
Turn on Module Logging |
Enabled |
|
Module Names (Device) |
* |
|
Turn on PowerShell Script Block Logging |
Enabled |
|
Log script block invocation start / stop events: |
False |
|
Turn on PowerShell Transcription |
Enabled |
|
Include invocation headers: (Device) |
False |
|
Transcript output directory (Device) |
C:\Windows\system32\config\systemprofile\Documents |
|
Auditing |
|
|
Detailed Tracking Audit Process Creation |
Success |
|
Defender |
|
|
Attack Surface Reduction Rules |
|
|
Block all Office applications from creating child processes |
Block |
|
Block Office applications from creating executable content |
Block |
|
Block Office applications from injecting code into other processes |
Block |
|
Block Office communication application from creating child processes |
Block |
|
Block Adobe Reader from creating child processes |
Block |
|
Devicie Template Name |
ACSC E8 Nov 2023-ML2 User app hardening |
|
Default Intune Deployed Name |
Devicie - ACSC E8 Nov 2023-ML2 User app hardening |
|
Version |
1.0 |
|
Template Last Updated |
Nov 8, 2024 |
|
Document Last Updated: |
Jul 24, 2025 |