πΌ Management Samenvatting
Deze security regelen waarborgt de correcte configuratie van beveiligingsinstellingen op Windows endpoints.
Aanbeveling
IMPLEMENT
Risico zonder
High
Risk Score
7/10
Implementatie
2u (tech: 1u)
Van toepassing op:
β Windows
Deze instelling is onderdeel van de Windows security baseline en beschermt tegen bekende aanvalsvectoren door het afdwingen van veilige configuraties.
PowerShell Modules Vereist
Primary API: Graph
Connection:
Required Modules: Microsoft.Graph.DeviceManagement
Connection:
Connect-MgGraphRequired Modules: Microsoft.Graph.DeviceManagement
Implementatie
Dit regelen configureert retention yammer via Microsoft Intune apparaat configuratie beleid of compliance policies om Windows endpoints te beveiligen volgens security best practices.
Vereisten
m365
Implementatie
Gebruik PowerShell-script retention-yammer.ps1 (functie Invoke-Monitoring) β Monitoren.
monitoring
Gebruik PowerShell-script retention-yammer.ps1 (functie Invoke-Monitoring) β Controleren.
Remediatie
Gebruik PowerShell-script retention-yammer.ps1 (functie Invoke-Remediation) β Herstellen.
Compliance en Auditing
Beleid documentatie
Compliance & Frameworks
- CIS M365: Control 18.9.19.2 (L1) - CIS Security Benchmark aanbevelingen
- BIO: 16.01 - BIO Baseline Informatiebeveiliging Overheid - 16.01 - Gebeurtenissen logging en audittrails
- ISO 27001:2022: A.12.4.1 - ISO 27001:2022 - Gebeurtenissen logging en audittrails
Automation
Gebruik het onderstaande PowerShell script om deze security control te monitoren en te implementeren. Het script bevat functies voor zowel monitoring (-Monitoring) als remediation (-Remediation).
PowerShell
<#
.SYNOPSIS
Retention Policy Yammer 7 Jaar
.DESCRIPTION
7-year retention for Yammer messages
.NOTES
NL Baseline v2.0
#>
#Requires -Version 5.1
#Requires -Modules ExchangeOnlineManagement
[CmdletBinding()]
param([switch]$Monitoring, [switch]$Remediation, [switch]$Revert,
[switch]$WhatIf)
$ErrorActionPreference = 'Stop'
$script:RetentionDays = 2555
$script:RetentionYears = 7
Write-Host "`n========================================" -ForegroundColor Cyan
Write-Host "Retention Policy Yammer 7 Jaar" -ForegroundColor Cyan
Write-Host "========================================`n" -ForegroundColor Cyan
function Invoke-Monitoring {
try {
Connect-IPPSSession -ShowBanner:$false -ErrorAction Stop
$policies = Get-RetentionCompliancePolicy |
Where-Object { $_.YammerCommunityLocation -ne $null -or $_.YammerUserLocation -ne $null }
$result = @{ isCompliant = $false; total = $policies.Count; compliant = 0 }
if ($policies.Count -eq 0) {
Write-Host " No Yammer policies" -ForegroundColor Red
}
else {
foreach ($p in $policies) {
$rules = Get-RetentionComplianceRule -Policy $p.Name -ErrorAction SilentlyContinue
$maxD = 0
foreach ($rule in $rules) {
if ($rule.RetentionDuration) {
$d = [int]$rule.RetentionDuration
if ($d -gt $maxD) { $maxD = $d }
if ($d -ge $script:RetentionDays -and $p.Enabled) {
$result.compliant++
$result.isCompliant = $true
}
}
}
Write-Host " $($p.Name): $maxD days" -ForegroundColor $(
if ($maxD -ge $script:RetentionDays) { "Green" } else { "Yellow" }
)
}
}
Write-Host "`n Total: $($result.total) | Compliant: $($result.compliant)" -ForegroundColor Cyan
if ($result.isCompliant) {
Write-Host "`n[OK] COMPLIANT" -ForegroundColor Green
exit 0
}
else {
Write-Host "`n[FAIL] NON-COMPLIANT" -ForegroundColor Red
exit 1
}
}
catch {
Write-Host "ERROR: $_" -ForegroundColor Red
exit 2
}
}
function Invoke-Remediation {
try {
Connect-IPPSSession -ShowBanner:$false -ErrorAction Stop
$n = "Yammer $script:RetentionYears Year Retention"
$p = New-RetentionCompliancePolicy -Name $n -Comment "NL Baseline" `
-YammerCommunityLocation All -YammerUserLocation All -Enabled $true -ErrorAction Stop
$r = New-RetentionComplianceRule -Name "$n - Rule" -Policy $n `
-RetentionDuration $script:RetentionDays -RetentionComplianceAction Keep -ErrorAction Stop
Write-Host "[OK] Policy created" -ForegroundColor Green
exit 0
}
catch {
Write-Host "ERROR: $_" -ForegroundColor Red
exit 2
}
}
function Invoke-Revert {
try {
Connect-IPPSSession -ShowBanner:$false -ErrorAction Stop
$n = "Yammer $script:RetentionYears Year Retention"
$p = Get-RetentionCompliancePolicy -Identity $n -ErrorAction SilentlyContinue
if ($p) {
Remove-RetentionCompliancePolicy -Identity $n -Confirm:$false -ErrorAction Stop
Write-Host "Removed" -ForegroundColor Yellow
}
exit 0
}
catch {
Write-Host "ERROR: $_" -ForegroundColor Red
exit 2
}
}
try {
if ($Revert) { Invoke-Revert }
elseif ($Monitoring) { Invoke-Monitoring }
elseif ($Remediation) { Invoke-Remediation }
else { Write-Host "Use: -Monitoring | -Remediation | -Revert" -ForegroundColor Yellow }
}
catch { throw }
finally {
Write-Host "`n========================================`n" -ForegroundColor Cyan
}
Risico zonder implementatie
Risico zonder implementatie
High: No auth tracking.
Management Samenvatting
Schakel in audit logging.
- Implementatietijd: 2 uur
- FTE required: 0.01 FTE