secmgmt-insights-connector/controls/recommended.json

{
    "id": "recommended", 
    "description": "Recommended controls for SMB customers", 
    "version": "1.3",
    "controls": [
        {
            "expectedValue": "true",
            "id": "EnableAntispoofEnforcement",
            "info": "https://docs.microsoft.com/microsoft-365/security/office-365-security/recommended-settings-for-eop-and-office365-atp",
            "resource": "antiPhishPolicy",
            "tenantFilter": [], 
            "type": "data"
        }, 
        {
            "expectedValue": "false",
            "id": "EnableInternalSenderNotifications",
            "info": "https://docs.microsoft.com/microsoft-365/security/office-365-security/recommended-settings-for-eop-and-office365-atp",
            "resource": "malwareFilterPolicy",
            "tenantFilter": [], 
            "type": "data" 
        },
        {
            "expectedValue": "true",
            "id": "ZapEnabled",
            "info": "https://docs.microsoft.com/microsoft-365/security/office-365-security/recommended-settings-for-eop-and-office365-atp",
            "resource": "malwareFilterPolicy",
            "tenantFilter": [], 
            "type": "data"
        },
        {
            "expectedValue": "true",
            "id": "EnableTargetedUserProtection",
            "info": "https://docs.microsoft.com/microsoft-365/security/office-365-security/recommended-settings-for-eop-and-office365-atp",
            "resource": "antiPhishPolicy",
            "tenantFilter": [], 
            "type": "data"
        },
        {
            "expectedValue": "true",
            "id": "UnifiedAuditLogIngestionEnabled",
            "info": "https://docs.microsoft.com/microsoft-365/compliance/turn-audit-log-search-on-or-off",
            "resource": "adminAuditLogConfig",
            "tenantFilter": [], 
            "type": "data"
        },
        {
            "expectedValue": "true",
            "id": "Windows10CompliancePolicy.SecureBootEnabled",
            "info": "https://docs.microsoft.com/mem/intune/protect/device-compliance-get-started",
            "resource": "deviceCompliancePolicy",
            "tenantFilter": [], 
            "type": "deviceManagement"
        },
        {
            "expectedValue": "true",
            "id": "Windows10CompliancePolicy.StorageRequireEncryption",
            "info": "https://docs.microsoft.com/mem/intune/protect/device-compliance-get-started",
            "resource": "deviceCompliancePolicy",
            "tenantFilter": [], 
            "type": "deviceManagement"
        },
        {
            "expectedValue": "true",
            "id": "Windows10EndpointProtectionConfiguration.BitLockerEncryptDevice",
            "info": "https://docs.microsoft.com/mem/intune/configuration/device-profile-create",
            "resource": "deviceConfigurationPolicy",
            "tenantFilter": [], 
            "type": "deviceManagement"
        },
        {
            "expectedValue": "2",
            "id": "Windows10EndpointProtectionConfiguration.DefenderGuardMyFoldersType",
            "info": "https://docs.microsoft.com/mem/intune/configuration/device-profile-create",
            "resource": "deviceConfigurationPolicy",
            "tenantFilter": [], 
            "type": "deviceManagement"
        },
        {
            "expectedValue": "2",
            "id": "Windows10EndpointProtectionConfiguration.DefenderNetworkProtectionType",
            "info": "https://docs.microsoft.com/mem/intune/configuration/device-profile-create",
            "resource": "deviceConfigurationPolicy",
            "tenantFilter": [], 
            "type": "deviceManagement"
        },
        {
            "expectedValue": "2",
            "id": "Windows10GeneralConfiguration.DefenderPromptForSampleSubmission",
            "info": "https://docs.microsoft.com/mem/intune/configuration/device-profile-create",
            "resource": "deviceConfigurationPolicy",
            "tenantFilter": [], 
            "type": "deviceManagement"
        },
        {
            "expectedValue": "true",
            "id": "Windows10GeneralConfiguration.DefenderRequireCloudProtection",
            "info": "https://docs.microsoft.com/mem/intune/configuration/device-profile-create",
            "resource": "deviceConfigurationPolicy",
            "tenantFilter": [], 
            "type": "deviceManagement"
        },        
        {
            "expectedValue": "true",
            "id": "Windows10GeneralConfiguration.DefenderRequireRealTimeMonitoring",
            "info": "https://docs.microsoft.com/mem/intune/configuration/device-profile-create",
            "resource": "deviceConfigurationPolicy",
            "tenantFilter": [], 
            "type": "deviceManagement"
        },
        {
            "expectedValue": "true",
            "id": "Windows10GeneralConfiguration.EdgeRequireSmartScreen",
            "info": "https://docs.microsoft.com/mem/intune/configuration/device-profile-create",
            "resource": "deviceConfigurationPolicy",
            "tenantFilter": [], 
            "type": "deviceManagement"
        },
        {
            "expectedValue": "5",
            "id": "Windows10GeneralConfiguration.PasswordMinutesOfInactivityBeforeScreenTimeout",
            "info": "https://docs.microsoft.com/mem/intune/configuration/device-profile-create",
            "resource": "deviceConfigurationPolicy",
            "tenantFilter": [], 
            "type": "deviceManagement"
        }        
    ]
}