Additional Script Updates

intune/Externally Sourced Remediations/DeviceCompliance/Get-CredentialGuard/Detect_CredentialGuard.ps1

@@ -0,0 +1,12 @@
+# Detection Script: Detect_CredentialGuard.ps1
+ 
+# Check if Credential Guard is enabled
+$credentialGuardStatus = Get-CimInstance -ClassName Win32_DeviceGuard -Namespace root\Microsoft\Windows\DeviceGuard
+ 
+if ($credentialGuardStatus.SecurityServicesConfigured -contains 1 -and $credentialGuardStatus.SecurityServicesRunning -contains 1) {
+    Write-Output "Credential Guard is enabled."
+    exit 0
+} else {
+    Write-Output "Credential Guard is not enabled."
+    exit 1
+}

intune/Externally Sourced Remediations/DeviceCompliance/Get-CredentialGuard/Remediate_CredentialGuard.ps1

@@ -0,0 +1,11 @@
+# Remediation Script: Remediate_CredentialGuard.ps1
+ 
+# Enable Credential Guard
+$regKey = "HKLM:\SYSTEM\CurrentControlSet\Control\DeviceGuard"
+Set-ItemProperty -Path $regKey -Name "EnableVirtualizationBasedSecurity" -Value 1
+Set-ItemProperty -Path $regKey -Name "RequirePlatformSecurityFeatures" -Value 1
+ 
+$regKey = "HKLM:\SYSTEM\CurrentControlSet\Control\LSA"
+Set-ItemProperty -Path $regKey -Name "LsaCfgFlags" -Value 1
+ 
+Write-Output "Credential Guard has been enabled."