I recently wrote an article about implementing Attack Service Reduction (ASR) which you can read here:
Attack Surface Reduction for Windows 10
The next step was now to automate ASR policies with Microsoft EndPoint Manager via PowerShell. Luckily I found a great blog article by Ben Leader which you’ll find here:
Creating EndPoint Security policies with PowerShell
Ben’s article focused on BitLocker, while mine focused an ASR. It took a little time to reverse engineer things with ASR and I had my script working without error.
However, the problem was that the changes that the script made didn’t show up in the web interface as shown above? There were no errors reported. Strange? Maybe, it was a timing thing? Nope. what could it be?
Puzzled, I contacted Ben again and it turns out that the syntax with the Microsoft Graph is case sensitive!. A simple solution once you know but super frustrating until your do.
So the original code I have set the “value” to Enable as shown above. That is with a capital ‘E’, which is invalid.
As it turns out (thanks to Ben), I learned it should be a lower case ‘e’ as shown above.
As shown above, this works as expected in the web interface. Phew.
The moral or the story is that you need to be careful when it comes to setting values with the Graph. That hopefully, hopefully should accelerate my development of automating ASR across environments!
CIAOPS 