Skip to main content
Version: 2.0.0

Test-MtMdeDisableLocalAdminMerge

SYNOPSIS

Checks if local admin merge is disabled to block local exclusions

SYNTAX

Test-MtMdeDisableLocalAdminMerge [[-ComplianceLogic] <String>] [[-PolicyFiltering] <String>]
 [-ProgressAction <ActionPreference>] [<CommonParameters>]

DESCRIPTION

Tests that all assigned Microsoft Defender Antivirus policies have the disable local admin merge setting enabled. Local admin policy override allows privilege escalation to bypass security controls on managed devices.

EXAMPLES

EXAMPLE 1

Test-MtMdeDisableLocalAdminMerge

Returns $true if all policies have local admin merge disabled.

PARAMETERS

-ComplianceLogic

Determines how policy compliance is evaluated. 'AllPolicies' requires every assigned policy to be compliant; 'AnyPolicy' requires at least one. Default: 'AllPolicies'.

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: 1
Default value: AllPolicies
Accept pipeline input: False
Accept wildcard characters: False

-PolicyFiltering

Determines which Defender Antivirus policies are evaluated. 'OnlyAssigned' (default) checks only assigned policies; 'IncludeUnassigned' includes unassigned policies; 'All' includes every policy.

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: 2
Default value: OnlyAssigned
Accept pipeline input: False
Accept wildcard characters: False

-ProgressAction

{{ Fill ProgressAction Description }}

Type: ActionPreference
Parameter Sets: (All)
Aliases: proga

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

INPUTS

OUTPUTS

System.Boolean

NOTES

https://maester.dev/docs/commands/Test-MtMdeDisableLocalAdminMerge