# Master Configuration Options

howto

Begin generating placeholder functions and pseudocode in the appropriate modules, following all agreed standards, logging, and structure.## Table of Contents

Intune/MDM
Active Directory
Device Configuration
Device Security
Applications
Cloud Services
Windows Update
Network & Connectivity
Miscellaneous

# Intune/MDM

Option Name	Description	When Run	How to Configure / Notes	Script	Advanced	Mutually Exclusive
Intune Autopilot Enrolment	Registers device with Intune Autopilot using classic or automated method.	Pre	Provide app ID, secret, tenant, and permissions in config.	Register-IntuneAutopilot.psm1	No
Intune Device Sync Status Check	Checks if the device has successfully synchronised with Intune.	Post	No additional config needed.	Test-IntuneDeviceSync.psm1	No

# Active Directory

Option Name	Description	When Run	How to Configure / Notes	Script	Advanced
Azure/Entra AD Join Check	Checks if the device is joined to Azure/Entra Active Directory (cloud or hybrid).	Pre	No additional config needed.	Test-AzureADJoin.psm1	No
gpupdate /force Check	Ensures gpupdate /force is performed the configured number of times.	Post	Specify repeat count in config.	Invoke-GPUpdateForce.psm1	No
Group Membership Check	Checks if the user/device is a member of required security groups.	Post	Define group list in config.	Test-GroupMembership.psm1	No
Local Admin Accounts Check (LAPS)	Checks for presence of LAPSadmin account and password rotation.	Post	No additional config needed.	Test-LAPSAdminAccount.psm1	No
On-Premises AD Join Check	Checks if the device is joined to On-Premises Active Directory.	Pre	No additional config needed.	Test-OnPremADJoin.psm1	No
User Account Type Check	Checks for non-compliant local user accounts.	Post	No remediation, logs for later action.	Test-UserAccountType.psm1	No

# Device Configuration

Option Name	Description	When Run	How to Configure / Notes	Script	Advanced	Mutually Exclusive
Device Naming Convention Check	Checks if the device name matches the company naming convention.	Post	Set naming schema in user config.	Test-DeviceNamingConvention.psm1	No

# Device Security

Option Name	Description	When Run	How to Configure / Notes	Script	Advanced
Antivirus/EDR Status Check (Defender)	Checks for presence and status of Microsoft Defender Antivirus.	Post	No additional config needed.	Test-DefenderStatus.psm1	No
BitLocker Enabled and Reporting	Checks that BitLocker is enabled, reporting healthy, and recovery key is escrowed if possible.	Post	No additional config needed.	Test-BitLockerStatus.psm1	No
Credential Guard Enabled Check	Checks if Credential Guard is enabled and running.	Post	No additional config needed.	Test-CredentialGuard.psm1	No
PCR7 Configuration State Check	Checks if PCR7 Configuration State is Bound.	Post	No additional config needed.	Test-PCR7State.psm1	No

# Applications

Option Name	Description	When Run	How to Configure / Notes	Script	Advanced
Company Portal Installed and Signed In Check	Checks if Company Portal is installed and user is signed in. Prompts user to install from Store and sign in if not present.	Post	Installs from Store if missing, prompts user to sign in, then verifies.	Test-CompanyPortal.psm1	No
Microsoft Edge Signed-In Profile Check	Checks if Microsoft Edge has a signed-in profile. Prompts user to open Edge and sign in, then verifies.	Post	Prompts user to open Edge and sign in, then checks for signed-in profile.	Test-EdgeSignedIn.psm1	No
Required Applications Installed and Version Check	Checks that all required applications are installed and meet minimum version requirements.	Post	Define required apps and minimum versions in applications list.	Test-RequiredApplications.psm1	No
Teams (New) Compliance Check	Ensures Microsoft Teams (new) is installed via approved method and removes legacy versions.	Post	No additional config needed.	Test-TeamsCompliance.psm1	No

# Cloud Services

Option Name	Description	When Run	How to Configure / Notes	Script	Advanced	Mutually Exclusive
Office 365 Activation and Channel Check	Checks that Office is installed, activated, and on the correct build/channel/version.	Post	Set required channel/version in config.	Test-Office365Activation.psm1	No
OneDrive for Business Configured Check	Checks that OneDrive is installed, user is signed in, and device is synchronising.	Post	Attempts to launch/setup, waits for user confirmation.	Test-OneDriveConfigured.psm1	No

# Windows Update

Option Name	Description	When Run	How to Configure / Notes	Script	Advanced	Mutually Exclusive
Windows Update Compliance Check	Checks for pending updates, feature version, and reboot status; installs updates and prompts for reboot as needed.	Post	No additional config needed.	Test-WindowsUpdateCompliance.psm1	No

# Network & Connectivity

Option Name	Description	When Run	How to Configure / Notes	Script	Advanced	Mutually Exclusive
Wi-Fi Profile Compliance Check	Checks for presence of required Wi-Fi profiles and adds if needed.	Post	Define Wi-Fi profiles in config.	Test-WiFiProfileCompliance.psm1	No

# Miscellaneous

Option Name	Description	When Run	How to Configure / Notes	Script	Advanced
Custom Script Execution Check	Allows user to specify and run custom scripts for compliance.	Post	Define scripts and actions in config.	Test-CustomScriptExecution.psm1	Yes
Language Pack Compliance Check	Checks and sets language packs as per configuration.	Post	Set required language packs in config.	Test-LanguagePackCompliance.psm1	No
Regional Settings Compliance Check	Checks and sets regional settings as per configuration.	Post	Set required region in config.	Test-RegionalSettingsCompliance.psm1	No
Time Zone Compliance Check	Checks and sets time zone as per configuration.	Post	Set required time zone in config.	Test-TimeZoneCompliance.psm1	No

How to Configure / Notes:

For options requiring lists (apps, groups, Wi-Fi, etc.), see the relevant section in the user config or documentation for expected structure.
Advanced options are hidden unless advanced mode is enabled in the CLI.
Mutually exclusive options will prompt or auto-disable conflicting settings as per configuration.

For detailed configuration examples, see the user config sample and CLI help.