Detections
Analytics

CIS Microsoft Intune for Windows 10 v3.0.1 L1

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS Microsoft Intune for Windows 10 v3.0.1 L1

Updated: 6/25/2025

Authority: CIS

Plugin: Windows

Revision: 1.3

Estimated Item Count: 279

File Details

Filename: CIS_Microsoft_Intune_for_Windows_10_v3.0.1_L1.audit

Size: 540 kB

MD5: 1c667790a99ba208593ba596fc9dc2be
SHA256: 177cffb4d77ab6a5a6571b52be48be903b106e34850a90ef5db722f0112a41ab

Audit Items

DescriptionCategories
1.1 (L1) Ensure 'Allow Cortana Above Lock' is set to 'Block'
3.1.3.1 (L1) Ensure 'Enable screen saver (User)' is set to 'Enabled'
3.1.3.2 (L1) Ensure 'Prevent enabling lock screen camera' is set to 'Enabled'
3.1.3.3 (L1) Ensure 'Prevent enabling lock screen slide show' is set to 'Enabled'
3.4.1 (L1) Ensure 'Apply UAC restrictions to local accounts on network logons' is set to 'Enabled'
3.4.2 (L1) Ensure 'Configure SMB v1 client driver' is set to 'Enabled: Disable driver (recommended)'
3.4.3 (L1) Ensure 'Configure SMB v1 server' is set to 'Disabled'
3.4.4 (L1) Ensure 'Enable Structured Exception Handling Overwrite Protection (SEHOP)' is set to 'Enabled'
3.4.5 (L1) Ensure 'WDigest Authentication' is set to 'Disabled'
3.5.1 (L1) Ensure 'MSS: (AutoAdminLogon) Enable Automatic Logon (not recommended)' is set to 'Disabled'
3.5.2 (L1) Ensure 'MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)' is set to 'Enabled: Highest protection, source routing is completely disabled'
3.5.3 (L1) Ensure 'MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing)' is set to 'Enabled: Highest protection, source routing is completely disabled'
3.5.5 (L1) Ensure 'MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes' is set to 'Disabled'
3.5.7 (L1) Ensure 'MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers' is set to 'Enabled'
3.5.9 (L1) Ensure 'MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended)' is set to 'Enabled'
3.5.10 (L1) Ensure 'MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 recommended)' is set to 'Enabled: 5 or fewer seconds'
3.5.13 (L1) Ensure 'MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning' is set to 'Enabled: 90% or less'
3.6.4.1 (L1) Ensure 'Turn off multicast name resolution' is set to 'Enabled'
3.6.9.1 (L1) Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'
3.6.9.2 (L1) Ensure 'Prohibit use of Internet Connection Sharing on your DNS domain network' is set to 'Enabled'
3.6.9.3 (L1) Ensure 'Require domain users to elevate when setting a network's location' is set to 'Enabled'
3.6.11.1 (L1) Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares'
3.6.18.1 (L1) Ensure 'Minimize the number of simultaneous connections to the Internet or a Windows Domain' is set to 'Enabled: 3 = Prevent Wi-Fi when on Ethernet'
3.6.18.2 (L1) Ensure 'Prohibit connection to non-domain networks when connected to domain authenticated network' is set to 'Enabled'
3.6.19.1 (L1) Ensure 'Require PIN pairing' is set to 'Enabled'
3.7.1 (L1) Ensure 'Allow Print Spooler to accept client connections' is set to 'Disabled'
3.7.2 (L1) Ensure 'Point and Print Restrictions: When installing drivers for a new connection' is set to 'Enabled: Show warning and elevation prompt'
3.7.3 (L1) Ensure 'Point and Print Restrictions: When updating drivers for an existing connection' is set to 'Enabled: Show warning and elevation prompt'
3.9.1.1 (L1) Ensure 'Turn off toast notifications on the lock screen (User)' is set to 'Enabled'
3.10.4.1 (L1) Ensure 'Include command line in process creation events' is set to 'Enabled'
3.10.5.1 (L1) Ensure 'Encryption Oracle Remediation' is set to 'Enabled: Force Updated Clients'
3.10.5.2 (L1) Ensure 'Remote host allows delegation of non-exportable credentials' is set to 'Enabled'
3.10.9.2 (L1) Ensure 'Prevent device metadata retrieval from the Internet' is set to 'Enabled'
3.10.13.1 (L1) Ensure 'Boot-Start Driver Initialization Policy' is set to 'Enabled: Good, unknown and bad but critical'
3.10.19.1 (L1) Ensure 'Configure registry policy processing: Do not apply during periodic background processing' is set to 'Enabled: FALSE'
3.10.19.2 (L1) Ensure 'Configure registry policy processing: Process even if the Group Policy objects have not changed' is set to 'Enabled: TRUE'
3.10.19.3 (L1) Ensure 'Configure security policy processing: Do not apply during periodic background processing' is set to 'Enabled: FALSE'
3.10.19.4 (L1) Ensure 'Configure security policy processing: Process even if the Group Policy objects have not changed' is set to 'Enabled: TRUE'
3.10.19.5 (L1) Ensure 'Continue experiences on this device' is set to 'Disabled'
3.10.19.6 (L1) Ensure 'Turn off background refresh of Group Policy' is set to 'Disabled'
3.10.20.1.2 (L1) Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled'
3.10.20.1.5 (L1) Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'
3.10.25.1 (L1) Ensure 'Block user from showing account details on sign-in' is set to 'Enabled'
3.10.25.2 (L1) Ensure 'Do not display network selection UI' is set to 'Enabled'
3.10.25.3 (L1) Ensure 'Do not enumerate connected users on domain-joined computers' is set to 'Enabled'
3.10.25.4 (L1) Ensure 'Enumerate local users on domain-joined computers' is set to 'Disabled'
3.10.25.5 (L1) Ensure 'Turn off app notifications on the lock screen' is set to 'Enabled'
3.10.25.6 (L1) Ensure 'Turn off picture password sign-in' is set to 'Enabled'
3.10.25.7 (L1) Ensure 'Turn on convenience PIN sign-in' is set to 'Disabled'
3.10.28.5.1 (L1) Ensure 'Allow network connectivity during connected-standby (on battery)' is set to 'Disabled'