Set-MDIConfiguration
Sets the configuration for various Defender for Identity post-deployment required settings.
Syntax
Set-MDIConfiguration
[-Mode] <String>
[-Configuration] <String[]>
[-GpoNamePrefix <String>][-Server <String>]
[-CreateGpoDisabled]
[-SkipGpoLink]
[-Force]
[-WhatIf]
[-Confirm][<CommonParameters>]
Description
The Set-MDIConfiguration
function sets the configuration for various Defender for Identity
post-deployment required settings.
Examples
EXAMPLE 1
Set-MDIConfiguration -Mode LocalMachine -Configuration NTLMAuditing
This example sets the NTLMAuditing
configuration for the local machine.
EXAMPLE 2
Set-MDIConfiguration -Mode Domain -Configuration All -Identity mdisvc01
This example sets all configurations for the domain, creating the GPOs and linking them.
EXAMPLE 3
Set-MDIConfiguration -Mode Domain -Configuration All -GpoNamePrefix 'CONTOSO' -SkipGpoLink
-Identity mdisvc01
This example sets all configurations for the domain, creating the GPOs with a CONTOSO
prefix
in their name, without linking the GPOs
Parameters
-Configuration
Specifies the configuration to set. You can specify one or more of the following values:
All
(all configurations)AdfsAuditing
AdvancedAuditPolicyCAs
AdvancedAuditPolicyDCs
CAAuditing
ConfigurationContainerAuditing
EntraConnectAuditing
RemoteSAM
DomainObjectAuditing
NTLMAuditing
ProcessorPerformance
Type: | System.String[] |
Position: | 2 |
Default value: | None |
Required: | True |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-Confirm
Prompts you for confirmation before running the cmdlet.
Type: | System.Management.Automation.SwitchParameter |
Aliases: | cf |
Position: | Named |
Default value: | False |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-CreateGpoDisabled
If specified, the GPOs are created and kept as disabled. This parameter is valid only in Domain
mode.
Type: | System.Management.Automation.SwitchParameter |
Position: | Named |
Default value: | False |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Force
If specified, set the configuration or create GPOs without validating the current state.
Type: | System.Management.Automation.SwitchParameter |
Position: | Named |
Default value: | False |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-GpoNamePrefix
Specifies a prefix for the Group Policy Objects (GPO) names to be created. Use this parameter for GPO naming convention. Note: Because the GPO's display name may not be unique, an error is returned if another GPO in the domain has the same display name.
Type: | System.String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Identity
Specifies the name of the service account to use for the EntraConnectAuditing or RemoteSAM configuration. This parameter is mandatory.
Type: | System.String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Mode
Specifies the mode to use. You must specify one of the following values:
Domain
: Collect settings from the Group Policy objectsLocalMachine
: Collect settings from the local machine
Type: | System.String |
Position: | 1 |
Default value: | None |
Required: | True |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-Server
Specifies the name of the server to run the command against. This parameter is optional and defaults to the PDC Emulator in the domain.
Type: | System.String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-SkipGpoLink
If specified, don't create GPO links. This parameter is valid only in Domain
mode.
Type: | System.Management.Automation.SwitchParameter |
Position: | Named |
Default value: | False |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet isn't run.
Type: | System.Management.Automation.SwitchParameter |
Aliases: | wi |
Position: | Named |
Default value: | False |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |