| 1.4.1 Ensure 'Enable EDR in block mode' is set to 'Enabled' | SYSTEM AND INFORMATION INTEGRITY |
| 1.5.1 Ensure 'Configure local setting override for reporting to Microsoft MAPS' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
| 1.5.2 Ensure 'Configure the 'Block at First Sight' feature' is set to 'Enabled' | SYSTEM AND INFORMATION INTEGRITY |
| 1.5.3 Ensure 'Join Microsoft MAPS' is set to 'Enabled: Advanced' | CONFIGURATION MANAGEMENT |
| 1.5.4 Ensure 'Send file samples when further analysis is required' is set to 'Enabled: Send safe samples automatically' or higher | SYSTEM AND INFORMATION INTEGRITY |
| 1.6.1.1 Ensure 'Configure Attack Surface Reduction rules' is set to 'Enabled' | SYSTEM AND INFORMATION INTEGRITY |
| 1.6.1.2 Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is set to '56a863a9-875e-4185-98a7-b882c64b5ce5:1' | SYSTEM AND INFORMATION INTEGRITY |
| 1.6.1.3 Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is set to '7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c:1' | SYSTEM AND INFORMATION INTEGRITY |
| 1.6.1.4 Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is set to 'd4f940ab-401b-4efc-aadc-ad5f3c50688a:2' or higher | SYSTEM AND INFORMATION INTEGRITY |
| 1.6.1.5 Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is set to '9e6c4e1f-7d60-472f-ba1a-a39ef669e4b2:1' | SYSTEM AND INFORMATION INTEGRITY |
| 1.6.1.6 Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is set to 'be9ba2d9-53ea-4cdc-84e5-9b1eeee46550:1' | SYSTEM AND INFORMATION INTEGRITY |
| 1.6.1.7 Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is set to '01443614-cd74-433a-b99e-2ecdc07bfc25:2' or higher | SYSTEM AND INFORMATION INTEGRITY |
| 1.6.1.8 Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is set to '5beb7efe-fd9a-4556-801d-275e5ffc04cc:2' or higher | SYSTEM AND INFORMATION INTEGRITY |
| 1.6.1.9 Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is set to 'd3e037e1-3eb8-44c8-a917-57927947596d:1' | SYSTEM AND INFORMATION INTEGRITY |
| 1.6.1.10 Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is set to '3b576869-a4ec-4529-8536-b80a7769e899:1' | SYSTEM AND INFORMATION INTEGRITY |
| 1.6.1.11 Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is set to '75668c1f-73b5-4cf0-bb93-3ecf5cb7cc84:1' | SYSTEM AND INFORMATION INTEGRITY |
| 1.6.1.12 Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is set to '26190899-1602-49e8-8b27-eb1d0a1ce869:2' or higher | SYSTEM AND INFORMATION INTEGRITY |
| 1.6.1.13 Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is set to 'e6db77e5-3df2-4cf1-b95a-636979351e5b:1' | SYSTEM AND INFORMATION INTEGRITY |
| 1.6.1.14 Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is set to '33ddedf1-c6e0-47cb-833e-de6133960387:1' | SYSTEM AND INFORMATION INTEGRITY |
| 1.6.1.15 Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is set to 'b2b3f03d-6a65-4f7b-a9c7-1c7ef74a9ba4:1' | SYSTEM AND INFORMATION INTEGRITY |
| 1.6.1.17 Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is set to 'c1db55ab-c21a-4637-bb3f-a12568109d35:2' or higher | SYSTEM AND INFORMATION INTEGRITY |
| 1.7.1 Ensure 'Enable file hash computation feature' is set to 'Enabled' | SYSTEM AND INFORMATION INTEGRITY |
| 1.7.2 Ensure 'Select cloud protection level' is set to Enabled: Moderate blocking level' or higher | SYSTEM AND INFORMATION INTEGRITY |
| 1.10.1 Ensure 'Configure monitoring for incoming and outgoing file and program activity' is set to 'Enabled: bi-directional (full on access)' | SYSTEM AND INFORMATION INTEGRITY |
| 1.10.2 Ensure 'Configure real-time protection and Security Intelligence Updates during OOBE' is set to 'Enabled' | SYSTEM AND INFORMATION INTEGRITY |
| 1.10.3 Ensure 'Monitor file and program activity on your computer' is set to 'Enabled' | SYSTEM AND INFORMATION INTEGRITY |
| 1.10.4 Ensure 'Scan all downloaded files and attachments' is set to 'Enabled' | SYSTEM AND INFORMATION INTEGRITY |
| 1.10.5 Ensure 'Turn off real-time protection' is set to 'Disabled' | SYSTEM AND INFORMATION INTEGRITY |
| 1.10.6 Ensure 'Turn on behavior monitoring' is set to 'Enabled' | SYSTEM AND INFORMATION INTEGRITY |
| 1.10.7 Ensure 'Turn on process scanning whenever real-time protection is enabled' is set to 'Enabled' | SYSTEM AND INFORMATION INTEGRITY |
| 1.10.8 Ensure 'Turn on script scanning' is set to 'Enabled' | SYSTEM AND INFORMATION INTEGRITY |
| 1.11.1.1.2 Ensure 'Configure Remote Encryption Protection Mode' is set to 'Enabled: Audit' or higher | SYSTEM AND INFORMATION INTEGRITY |
| 1.11.1.2.2 Ensure 'Configure Remote Encryption Protection Mode' is set to 'Enabled: Audit' or higher | SYSTEM AND INFORMATION INTEGRITY |
| 1.12.2 Ensure 'Configure whether to report Dynamic Signature dropped events' is set to 'Enabled' | AUDIT AND ACCOUNTABILITY |
| 1.13.1 Ensure 'Check for the latest virus and spyware security intelligence before running a scheduled scan' is set to 'Enabled' | SYSTEM AND INFORMATION INTEGRITY |
| 1.13.2 Ensure 'Scan archive files' is set to 'Enabled' | SYSTEM AND INFORMATION INTEGRITY |
| 1.13.3 Ensure 'Scan excluded files and directories during quick scans' is set to 'Enabled: 1' | SYSTEM AND INFORMATION INTEGRITY |
| 1.13.4 Ensure 'Scan packed executables' is set to 'Enabled' | MEDIA PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 1.13.5 Ensure 'Scan removable drives' is set to 'Enabled' | MEDIA PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 1.13.6 Ensure 'Specify the day of the week to run a scheduled scan' is set to 'Enabled: 0' or higher, but not '8' | SYSTEM AND INFORMATION INTEGRITY |
| 1.13.7 Ensure 'Specify the scan type to use for a scheduled scan' is set to 'Enabled: Quick Scan (default)' or higher | SYSTEM AND INFORMATION INTEGRITY |
| 1.13.8 Ensure 'Specify the time for a daily quick scan' is set to 'Enabled: 1' or higher | SYSTEM AND INFORMATION INTEGRITY |
| 1.13.9 Ensure 'Specify the time of day to run a scheduled scan' is set to 'Enabled: 1' or higher | SYSTEM AND INFORMATION INTEGRITY |
| 1.13.10 Ensure 'Trigger a quick scan after X days without any scans' is set to 'Enabled: 7' | SYSTEM AND INFORMATION INTEGRITY |
| 1.13.11 Ensure 'Turn on e-mail scanning' is set to 'Enabled' | SYSTEM AND INFORMATION INTEGRITY |
| 1.14.1 Ensure 'Specify the interval to check for security intelligence updates' is set to 'Enabled: 4' or fewer, but not '0' | SYSTEM AND INFORMATION INTEGRITY |
| 1.15.1 Ensure 'Specify threat alert levels at which default action should not be taken when detected' is set to 'Enabled' | SYSTEM AND INFORMATION INTEGRITY |
| 1.15.2 Ensure 'Specify threat alert levels at which default action should not be taken when detected' is set to 'Enabled: Medium: 2 or 3' | SYSTEM AND INFORMATION INTEGRITY |
| 1.15.3 Ensure 'Specify threat alert levels at which default action should not be taken when detected' is set to 'Enabled: High: 2 or 3' | SYSTEM AND INFORMATION INTEGRITY |
| 1.15.4 Ensure 'Specify threat alert levels at which default action should not be taken when detected' is set to 'Enabled: Severe: 2 or 3' | SYSTEM AND INFORMATION INTEGRITY |
