NLBaselineIntuneDeviceHardening

1.0.0

Public/Import-AuditPoliciesToIntune.ps1

                                <#

.SYNOPSIS

    Imports Audit Policies to Intune.

.DESCRIPTION

    Creates Intune policy for Windows Audit Policies configuration.

.EXAMPLE

    Import-AuditPoliciesToIntune

#>

function Import-AuditPoliciesToIntune {

    [CmdletBinding()]

    param(

        [switch]$DryRun

    )

    $ErrorActionPreference = "Stop"

    $workspacePath = Get-WorkspacePath

    if (-not $workspacePath) {

        Write-Error "Workspace not configured. Run Initialize-NLBaseline first."

        return

    }

    $config = Get-Config -WorkspacePath $workspacePath

    if (-not $config -or [string]::IsNullOrEmpty($config.AppRegistration.ClientId) -or [string]::IsNullOrEmpty($config.AppRegistration.ClientSecret) -or [string]::IsNullOrEmpty($config.AppRegistration.TenantId)) {

        Write-Error "App Registration not configured in config.json."

        return

    }

    Write-Host "`nImporting Audit Policies to Intune`n" -ForegroundColor Cyan

    if ($DryRun) {

        Write-Host "[DryRun] Would create Audit Policies configuration" -ForegroundColor Cyan

        Write-Host "Note: Audit Policies are configured via Security Settings in Group Policy" -ForegroundColor Yellow

        Write-Host "Use Group Policy Analytics in Intune to convert GPO to Settings Catalog policy" -ForegroundColor Gray

        return

    }

    Write-Host "`nNote: Audit Policies must be configured via:" -ForegroundColor Yellow

    Write-Host "1. Group Policy: Computer Configuration > Windows Settings > Security Settings > Audit Policy" -ForegroundColor White

    Write-Host "2. Use Group Policy Analytics in Intune to convert to Settings Catalog policy" -ForegroundColor White

    Write-Host "3. Or use Intune Scripts with auditpol.exe commands" -ForegroundColor White

    Write-Host "`nRecommended audit settings:" -ForegroundColor Cyan

    Write-Host "  - Account Logon: Success, Failure" -ForegroundColor White

    Write-Host "  - Account Management: Success, Failure" -ForegroundColor White

    Write-Host "  - Logon/Logoff: Success, Failure" -ForegroundColor White

    Write-Host "  - Object Access: Success, Failure" -ForegroundColor White

    Write-Host "  - Policy Change: Success, Failure" -ForegroundColor White

    Write-Host "  - Privilege Use: Failure" -ForegroundColor White

    Write-Host "  - System Events: Success, Failure" -ForegroundColor White

}