Initial commit

.gitattributes

@@ -0,0 +1,2 @@
+# Auto detect text files and perform LF normalization
+* text=auto

Enrollment/enrolldevices.ps1

@@ -0,0 +1,74 @@
+#===========================================================================
+
+#.DESCRIPTION
+
+#MDM Enrollment script. Creates a registry key and a schedule task to start the process to MDM enroll a computer.
+
+#===========================================================================
+Begin{
+$RegKey ="HKLM:\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\"
+$RegKey1 ="HKLM:\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\MDM"
+$ScheduleName ="Schedule created by enrollment client for automatically enrolling in MDM from AAD"
+$Date = Get-Date -Format "yyyy-MM-dd"
+$Time = (Get-date).AddMinutes(5).ToString("HH:mm:ss")
+$ST = @"
+<?xml version='1.0' encoding='UTF-16'?>
+<Task version='1.3' xmlns='http://schemas.microsoft.com/windows/2004/02/mit/task'>
+<RegistrationInfo>
+<Author>Microsoft Corporation</Author>
+<URI>\Microsoft\Windows\EnterpriseMgmt\Schedule created by enrollment client for automatically enrolling in MDM from AAD</URI>
+<SecurityDescriptor>D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;LS)</SecurityDescriptor>
+</RegistrationInfo>
+<Triggers>
+<TimeTrigger>
+<Repetition>
+<Interval>PT5M</Interval>
+<Duration>P1D</Duration>
+<StopAtDurationEnd>true</StopAtDurationEnd>
+</Repetition>
+<StartBoundary>${Date}T${Time}</StartBoundary>
+<Enabled>true</Enabled>
+</TimeTrigger>
+</Triggers>
+<Principals>
+<Principal id='Author'>
+<UserId>S-1-5-18</UserId>
+<RunLevel>LeastPrivilege</RunLevel>
+</Principal>
+</Principals>
+<Settings>
+<MultipleInstancesPolicy>Queue</MultipleInstancesPolicy>
+<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
+<StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>
+<AllowHardTerminate>true</AllowHardTerminate>
+<StartWhenAvailable>true</StartWhenAvailable>
+<RunOnlyIfNetworkAvailable>true</RunOnlyIfNetworkAvailable>
+<IdleSettings>
+<StopOnIdleEnd>false</StopOnIdleEnd>
+<RestartOnIdle>false</RestartOnIdle>
+</IdleSettings>
+<AllowStartOnDemand>true</AllowStartOnDemand>
+<Enabled>true</Enabled>
+<Hidden>false</Hidden>
+<RunOnlyIfIdle>false</RunOnlyIfIdle>
+<UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>
+<WakeToRun>false</WakeToRun>
+<ExecutionTimeLimit>PT1H</ExecutionTimeLimit>
+<Priority>7</Priority>
+</Settings>
+<Actions Context="Author">
+<Exec>
+<Command>%windir%\system32\deviceenroller.exe</Command>
+<Arguments>/c /AutoEnrollMDM</Arguments>
+</Exec>
+</Actions>
+</Task>
+"@
+}
+
+Process
+{
+    New-Item -Path $RegKey -Name MDM
+    New-ItemProperty -Path $RegKey1 -Name AutoEnrollMDM -Value 1
+    (Register-ScheduledTask -XML $ST.Trim() -TaskName $ScheduleName -Force) | Out-null
+}

Proactive Remediation/Set NTP Servers/detection.ps1

@@ -0,0 +1,15 @@
+# Define the desired list of NTP servers
+$ntpServers = "0.north-america.pool.ntp.org,1.north-america.pool.ntp.org,2.north-america.pool.ntp.org,3.north-america.pool.ntp.org"
+
+# Get the current NTP server list from the Windows Time service registry key, and convert it to an array of strings
+$currentNtpServers = (Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\w32time\Parameters" -Name "NtpServer").NtpServer -split ' '
+
+# Compare the current NTP server list with the desired list, and check if they are the same
+$diff = Compare-Object $ntpServers $currentNtpServers
+if ($diff.Count -eq 0) {
+    Write-Output "NTP servers are already correctly configured."
+    exit 0 # NTP servers are already correctly configured
+} else {
+    Write-Output "NTP servers are not correctly configured."
+    exit 1 # NTP servers are not correctly configured
+}

Proactive Remediation/Set NTP Servers/remediation.ps1

@@ -0,0 +1,19 @@
+# Define the desired list of NTP servers
+$ntpServers = "0.north-america.pool.ntp.org,1.north-america.pool.ntp.org,2.north-america.pool.ntp.org,3.north-america.pool.ntp.org"
+
+# Verify that the Windows Time service is running
+$serviceName = "w32time"
+$serviceStatus = (Get-Service -Name $serviceName).Status
+if ($serviceStatus -ne "Running") {
+    Write-Output "Starting Windows Time service..."
+    Start-Service $serviceName
+}
+
+# Set the NTP server list and the AnnounceFlags value in the registry
+Write-Output "Setting NTP server list and AnnounceFlags value..."
+Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\w32time\Parameters" -Name "NtpServer" -Value $ntpServers -Type "MultiString"
+Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\w32time\Config" -Name "AnnounceFlags" -Value 5 -Type "DWord"
+
+# Restart the Windows Time service to apply the changes
+Write-Output "Restarting Windows Time service..."
+Restart-Service $serviceName

Proactive Remediation/Update Chrome/detection.ps1

@@ -0,0 +1,64 @@
+#name of your app in winget
+$name = 'Chrome'
+#winget ID for the package
+$ID = 'Google.Chrome'
+#Name of the running process (so you don't force close it
+$AppProcess = "Chrome"
+#location of the winget exe
+$wingetexe = Resolve-Path "C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_*_x64__8wekyb3d8bbwe\winget.exe"
+    if ($wingetexe){
+           $SystemContext = $wingetexe[-1].Path
+    }
+#create the sysget alias so winget can be ran as system
+new-alias -Name sysget -Value "$systemcontext"
+#this gets the info on the app (if it has an update, or not)
+$lines = sysget list --accept-source-agreements --Id $ID
+try {
+$process = get-process -name "$AppProcess" -ErrorAction SilentlyContinue
+#check if there's an available update
+if (($lines -match '\bVersion\s+Available\b' -and $process -ne $null)) {
+$verinstalled, $verAvailable = (-split $lines[-1])[-3,-2]
+Write-Verbose -Verbose "Application update available for $Name. Current version is $verinstalled, version available is $verAvailable. $Name is currently running, will try again later."
+#create custom psobject for reporting the output in intune
+[pscustomobject] @{
+Name = $Name
+InstalledVersion = $verInstalled
+AvailableVersion = $verAvailable
+}
+write-host "Application update available for $Name. Current version is $verinstalled, version available is $verAvailable. $Name is currently running, will try again later."
+exit 1
+}
+if (($lines -match '\bVersion\s+Available\b' -and $process -eq $null)) {
+$verinstalled, $verAvailable = (-split $lines[-1])[-3,-2]
+Write-Verbose -Verbose "Application update available for $Name. Current version is $verinstalled, version available is $verAvailable"
+#create custom psobject for reporting the output in intune
+[pscustomobject] @{
+Name = $Name
+InstalledVersion = $verInstalled
+AvailableVersion = $verAvailable
+}
+write-host "Application update available for $Name. Current version is $verinstalled, version available is $verAvailable"
+exit 1
+}else {
+if ($lines -eq "No installed package found matching input criteria.") {write-host "$name is not installed on this device." 
+exit 0
+}else{
+#rechecks the version if it installed and creates values for final output.
+$lines = sysget list --accept-source-agreements --Id $ID
+if ($Lines -match '\d+(\.\d+)+') {
+$versionavailable, $versioninstalled = (-split $Lines[-1])[-3,-2]
+}
+#the final output as a pscustomobject
+[pscustomobject] @{
+Name = $name
+InstalledVersion = $VersionInstalled
+}}
+Write-Host "$name upgraded to $versioninstalled, or $name was already up to date."
+exit 0
+}
+}
+catch {
+  $errMsg = $_.Exception.Message
+    Write-Error $errMsg
+   exit 1
+} 

Proactive Remediation/Update Chrome/remediation.ps1

@@ -0,0 +1,50 @@
+#name of your app in winget
+$name = 'Chrome'
+#winget ID for the package
+$ID = 'Google.Chrome'
+#Name of the running process (so you don't force close it
+$AppProcess = "Chrome"
+#location of the winget exe
+$wingetexe = Resolve-Path "C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_*_x64__8wekyb3d8bbwe\winget.exe"
+    if ($wingetexe){
+        $SystemContext = $wingetexe[-1].Path
+    }
+#create the sysget alias so winget can be ran as system
+new-alias -Name sysget -Value "$systemcontext"
+#this gets the info on the app (if it has an update, or not)
+$lines = sysget list --accept-source-agreements --Id $ID
+#tries to upgrade if the installed version is lower than the available version
+try {
+if ($lines -match '\bVersion\s+Available\b') {
+    $verinstalled, $verAvailable = (-split $lines[-1])[-3,-2]
+    Write-Verbose -Verbose "Application update available for $name"
+    Write-Verbose -Verbose "Downloading and Installing $name"
+}
+#checks if your app is running as to not auto-close. change the process value to the app you want.
+$process = get-process -name "$AppProcess" -ErrorAction SilentlyContinue
+if ($process -eq $null){
+    #run the upgrade
+    sysget upgrade -e --id $ID --silent --accept-package-agreements --accept-source-agreements
+    #rechecks the version if it installed and creates values for final output.
+    $lines = sysget list --accept-source-agreements --Id $ID } else {write-host "$Name is currently running, will try again later."
+    exit 1
+}
+if ($Lines -match '\d+(\.\d+)+') {
+$versionavailable, $versioninstalled = (-split $Lines[-1])[-3,-2]
+
+    #the final output as a pscustomobject
+    [pscustomobject] @{
+    Name = $name
+    InstalledVersion = $VersionInstalled}
+    exit 0
+} else 
+{
+write-host "$Name is not installed."
+exit 1
+} 
+
+}catch {
+    $errMsg = $_.Exception.Message
+        Write-Error $errMsg
+    exit 1
+}

Proactive Remediation/Update Edge/detection.ps1

@@ -0,0 +1,64 @@
+#name of your app in winget
+$name = 'Edge'
+#winget ID for the package
+$ID = 'Microsoft.Edge'
+#Name of the running process (so you don't force close it
+$AppProcess = "Edge"
+#location of the winget exe
+$wingetexe = Resolve-Path "C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_*_x64__8wekyb3d8bbwe\winget.exe"
+    if ($wingetexe){
+           $SystemContext = $wingetexe[-1].Path
+    }
+#create the sysget alias so winget can be ran as system
+new-alias -Name sysget -Value "$systemcontext"
+#this gets the info on the app (if it has an update, or not)
+$lines = sysget list --accept-source-agreements --Id $ID
+try {
+$process = get-process -name "$AppProcess" -ErrorAction SilentlyContinue
+#check if there's an available update
+if (($lines -match '\bVersion\s+Available\b' -and $process -ne $null)) {
+$verinstalled, $verAvailable = (-split $lines[-1])[-3,-2]
+Write-Verbose -Verbose "Application update available for $Name. Current version is $verinstalled, version available is $verAvailable. $Name is currently running, will try again later."
+#create custom psobject for reporting the output in intune
+[pscustomobject] @{
+Name = $Name
+InstalledVersion = $verInstalled
+AvailableVersion = $verAvailable
+}
+write-host "Application update available for $Name. Current version is $verinstalled, version available is $verAvailable. $Name is currently running, will try again later."
+exit 1
+}
+if (($lines -match '\bVersion\s+Available\b' -and $process -eq $null)) {
+$verinstalled, $verAvailable = (-split $lines[-1])[-3,-2]
+Write-Verbose -Verbose "Application update available for $Name. Current version is $verinstalled, version available is $verAvailable"
+#create custom psobject for reporting the output in intune
+[pscustomobject] @{
+Name = $Name
+InstalledVersion = $verInstalled
+AvailableVersion = $verAvailable
+}
+write-host "Application update available for $Name. Current version is $verinstalled, version available is $verAvailable"
+exit 1
+}else {
+if ($lines -eq "No installed package found matching input criteria.") {write-host "$name is not installed on this device." 
+exit 0
+}else{
+#rechecks the version if it installed and creates values for final output.
+$lines = sysget list --accept-source-agreements --Id $ID
+if ($Lines -match '\d+(\.\d+)+') {
+$versionavailable, $versioninstalled = (-split $Lines[-1])[-3,-2]
+}
+#the final output as a pscustomobject
+[pscustomobject] @{
+Name = $name
+InstalledVersion = $VersionInstalled
+}}
+Write-Host "$name upgraded to $versioninstalled, or $name was already up to date."
+exit 0
+}
+}
+catch {
+  $errMsg = $_.Exception.Message
+    Write-Error $errMsg
+   exit 1
+} 

Proactive Remediation/Update Edge/remediation.ps1

@@ -0,0 +1,50 @@
+#name of your app in winget
+$name = 'Edge'
+#winget ID for the package
+$ID = 'Microsoft.Edge'
+#Name of the running process (so you don't force close it
+$AppProcess = "Edge"
+#location of the winget exe
+$wingetexe = Resolve-Path "C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_*_x64__8wekyb3d8bbwe\winget.exe"
+    if ($wingetexe){
+        $SystemContext = $wingetexe[-1].Path
+    }
+#create the sysget alias so winget can be ran as system
+new-alias -Name sysget -Value "$systemcontext"
+#this gets the info on the app (if it has an update, or not)
+$lines = sysget list --accept-source-agreements --Id $ID
+#tries to upgrade if the installed version is lower than the available version
+try {
+if ($lines -match '\bVersion\s+Available\b') {
+    $verinstalled, $verAvailable = (-split $lines[-1])[-3,-2]
+    Write-Verbose -Verbose "Application update available for $name"
+    Write-Verbose -Verbose "Downloading and Installing $name"
+}
+#checks if your app is running as to not auto-close. change the process value to the app you want.
+$process = get-process -name "$AppProcess" -ErrorAction SilentlyContinue
+if ($process -eq $null){
+    #run the upgrade
+    sysget upgrade -e --id $ID --silent --accept-package-agreements --accept-source-agreements
+    #rechecks the version if it installed and creates values for final output.
+    $lines = sysget list --accept-source-agreements --Id $ID } else {write-host "$Name is currently running, will try again later."
+    exit 1
+}
+if ($Lines -match '\d+(\.\d+)+') {
+$versionavailable, $versioninstalled = (-split $Lines[-1])[-3,-2]
+
+    #the final output as a pscustomobject
+    [pscustomobject] @{
+    Name = $name
+    InstalledVersion = $VersionInstalled}
+    exit 0
+} else 
+{
+write-host "$Name is not installed."
+exit 1
+} 
+
+}catch {
+    $errMsg = $_.Exception.Message
+        Write-Error $errMsg
+    exit 1
+}