Hardening script update v2023.6.30

Updated Security Baseline for Microsoft 365 Apps

Version 2306 was released yesterday, updated the links in the script accordingly.

more info:
https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-for-m365-apps-for-enterprise-v2306/ba-p/3858702

Hardening script update v2023.6.29

First release of this repository 🥳

This is the first time I'm publishing a release and planning to do this for every new version of the hardening script or WDACConfig PowerShell module in the future.

It will send notifications to the users who are watching this repository letting them know there is a new version available.
It also allows me to offer proper change logs for each change.

The entire change log history of the hardening script is available in Excel online

Change log:

1. Added Exploit Protection/Process Mitigations for various apps such as Microsoft Edge (All channels), Quick Assist and some system processes. More apps and processes will be added to the list once they are properly validated and confirmed to be fully compatible.
   • Thanks to everyone participated in this issue
2. Added back the PrimaryPasswordSetting policy to Edge after confirming the bug related to it was fixed.
3. Added a new hardening measure that turns on Data Execution Prevention (DEP) for all applications, including 32-bit programs. By default, the output of BCDEdit /enum "{current}" (in PowerShell) for the NX bit is OptIn but this script sets it to AlwaysOn