These Microsoft Intune policies were put together to help organisations comply with the Australian Cyber Security Centre's (ACSC) Windows 10 Hardening Guidance. These policies were originally provided by the ACSC as Group Policy Objects. This repository will provide exports of Intune policies that organisations will be able to import into their Intune tenant for deployment to their Windows devices.
The policies on this page are only the settings recommended by the ACSC for hardening Microsoft Edge, intended for organisations that do not require additional Windows hardening policies. These policies are included in the ACSC Windows Hardening Guidelines. If you have already using the ACSC Windows Hardening Guidelines, there is no need to import these policies for Microsoft Edge.
While the intent of these policies is to assist in an organisations compliance efforts, Microsoft does not represent that use of these policies will create compliance with the Australian Cyber Security Centre's guidance.
- ACSC Edge Hardening Guidelines
- This Settings Catalog policy contains all currently available settings recommended by the ACSC for hardening Microsoft Edge.
Supplementary documentation has been provided for the ACSC Edge Hardening Guidelines policy, detailing each configured setting, description of the setting and a link to the corresponding Microsoft Docs page.
These policies were developed on Azure AD Joined Windows 10 & Windows 11 devices and can be deployed to either Operating System where Intune is providing the device configuration workload, regardless of join type. Ensure that devices are currently supported and the appropriate Microsoft Endpoint Manager licences have been assigned.
Ensure that KB5005565 has been installed, which was released as a part of the September 14th, 2021 quality updates. This KB contains updated Mobile Device Management policies. Without this update, the policies provided will not be applied successfully.
To import the policies, use Graph Explorer. After running through the import instructions below, the following policies and profiles will be imported into the organisations Intune tenant.
Note: After importing the policies, the policies will need to be assigned to a group.
- A Settings Catalog policy, named: ACSC Edge Hardening Guidelines
- This Settings Catalog policy will be found in the Microsoft Endpoint Manager Admin Center, under: Devices > Windows > Configuration profiles
Note: When using Graph Explorer, you may need to consent to permissions if you have not done so before. For more information, please see Working with Graph Explorer.
- Navigate to Graph Explorer and authenticate
- Create a POST request, using the beta schema to the configuration policies endpoint: https://graph.microsoft.com/beta/deviceManagement/configurationPolicies
- Copy the JSON in the ACSC Edge Hardening Guidelines policy and paste it in the request body
- (Optional) modify the name value if required