Set-MDIConfiguration

Sets the configuration for various Defender for Identity post-deployment required settings.

Syntax

Set-MDIConfiguration
   [-Mode] <String>
   [-Configuration] <String[]>
   [-GpoNamePrefix <String>][-Server <String>]
   [-CreateGpoDisabled]
   [-SkipGpoLink]
   [-Force]
   [-WhatIf]
   [-Confirm][<CommonParameters>]

Description

The Set-MDIConfiguration function sets the configuration for various Defender for Identity post-deployment required settings.

Examples

EXAMPLE 1

Set-MDIConfiguration -Mode LocalMachine -Configuration NTLMAuditing

This example sets the NTLMAuditing configuration for the local machine.

EXAMPLE 2

Set-MDIConfiguration -Mode Domain -Configuration All -Identity mdisvc01

This example sets all configurations for the domain, creating the GPOs and linking them.

EXAMPLE 3

Set-MDIConfiguration -Mode Domain -Configuration All -GpoNamePrefix 'CONTOSO' -SkipGpoLink
-Identity mdisvc01

This example sets all configurations for the domain, creating the GPOs with a CONTOSO prefix in their name, without linking the GPOs

Parameters

-Configuration

Specifies the configuration to set. You can specify one or more of the following values:

  • All (all configurations)
  • AdfsAuditing
  • AdvancedAuditPolicyCAs
  • AdvancedAuditPolicyDCs
  • CAAuditing
  • ConfigurationContainerAuditing
  • EntraConnectAuditing
  • RemoteSAM
  • DomainObjectAuditing
  • NTLMAuditing
  • ProcessorPerformance
Type:System.String[]
Position:2
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-Confirm

Prompts you for confirmation before running the cmdlet.

Type:System.Management.Automation.SwitchParameter
Aliases:cf
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-CreateGpoDisabled

If specified, the GPOs are created and kept as disabled. This parameter is valid only in Domain mode.

Type:System.Management.Automation.SwitchParameter
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Force

If specified, set the configuration or create GPOs without validating the current state.

Type:System.Management.Automation.SwitchParameter
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-GpoNamePrefix

Specifies a prefix for the Group Policy Objects (GPO) names to be created. Use this parameter for GPO naming convention. Note: Because the GPO's display name may not be unique, an error is returned if another GPO in the domain has the same display name.

Type:System.String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Identity

Specifies the name of the service account to use for the EntraConnectAuditing or RemoteSAM configuration. This parameter is mandatory.

Type:System.String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Mode

Specifies the mode to use. You must specify one of the following values:

  • Domain: Collect settings from the Group Policy objects
  • LocalMachine: Collect settings from the local machine
Type:System.String
Position:1
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-Server

Specifies the name of the server to run the command against. This parameter is optional and defaults to the PDC Emulator in the domain.

Type:System.String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

If specified, don't create GPO links. This parameter is valid only in Domain mode.

Type:System.Management.Automation.SwitchParameter
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet isn't run.

Type:System.Management.Automation.SwitchParameter
Aliases:wi
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False