Detections
Analytics

CIS Microsoft Intune for Windows 11 v3.0.1 L2

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS Microsoft Intune for Windows 11 v3.0.1 L2

Updated: 6/11/2025

Authority: CIS

Plugin: Windows

Revision: 1.4

Estimated Item Count: 82

File Details

Filename: CIS_Microsoft_Intune_for_Windows_11_v3.0.1_L2.audit

Size: 135 kB

MD5: d11fee996236a90b2f45d197976f0340
SHA256: 52518b265778a0de4786551609db171a0e74226f6ead71de8d27ad42dbd4d2d6

Audit Items

DescriptionCategories
3.5.4 (L2) Ensure 'MSS: (DisableSavePassword) Prevent the dial-up password from being saved (recommended)' is set to 'Enabled'
3.5.6 (L2) Ensure 'MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds' is set to 'Enabled: 300,000 or 5 minutes (recommended)'
3.5.8 (L2) Ensure 'MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)' is set to 'Disabled'
3.5.11 (L2) Ensure 'MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3'
3.5.12 (L2) Ensure 'MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3'
3.6.8.1 (L2) Ensure 'Turn on Mapper I/O (LLTDIO) driver' is set to 'Disabled'
3.6.8.2 (L2) Ensure 'Turn on Responder (RSPNDR) driver' is set to 'Disabled'
3.6.17.1 (L2) Ensure 'Configuration of wireless settings using Windows Connect Now' is set to 'Disabled'
3.6.17.2 (L2) Ensure 'Prohibit access of the Windows Connect Now wizards' is set to 'Enabled'
3.10.20.1.1 (L2) Ensure 'Turn off access to the Store' is set to 'Enabled'
3.10.20.1.3 (L2) Ensure 'Turn off Help Experience Improvement Program (User)' is set to 'Enabled'
3.10.20.1.4 (L2) Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'
3.10.20.1.6 (L2) Ensure 'Turn off printing over HTTP' is set to 'Enabled'
3.10.20.1.7 (L2) Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'
3.10.20.1.8 (L2) Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'
3.10.20.1.9 (L2) Ensure 'Turn off the 'Order Prints' picture task' is set to 'Enabled'
3.10.20.1.10 (L2) Ensure 'Turn off the 'Publish to Web' task for files and folders' is set to 'Enabled'
3.10.20.1.11 (L2) Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'
3.10.20.1.12 (L2) Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'
3.10.20.1.13 (L2) Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'
3.10.23.1 (L2) Ensure 'Support device authentication using certificate' is set to 'Enabled: Automatic'
3.10.24.1 (L2) Ensure 'Disallow copying of user input methods to the system account for sign-in' is set to 'Enabled'
3.10.38.5.1 (L2) Ensure 'Microsoft Support Diagnostic Tool: Turn on MSDT interactive communication with support provider' is set to 'Disabled'
3.11.3.2 (L2) Ensure 'Block launching Universal Windows apps with Windows Runtime API access from hosted content.' is set to 'Enabled'
3.11.28.3.2 (L2) Ensure 'Join Microsoft MAPS' is set to 'Disabled'
3.11.28.10.1 (L2) Ensure 'Configure Watson events' is set to 'Disabled'
3.11.35.1 (L2) Ensure 'Turn off Push To Install service' is set to 'Enabled'
3.11.36.4.2.1 (L2) Ensure 'Allow users to connect remotely by using Remote Desktop Services' is set to 'Disabled'
3.11.36.4.3.1 (L2) Ensure 'Do not allow COM port redirection' is set to 'Enabled'
3.11.36.4.3.3 (L2) Ensure 'Do not allow LPT port redirection' is set to 'Enabled'
3.11.36.4.3.4 (L2) Ensure 'Do not allow supported Plug and Play device redirection' is set to 'Enabled'
3.11.36.4.10.1 (L2) Ensure 'Set time limit for active but idle Remote Desktop Services sessions' is set to 'Enabled: 15 minutes or less, but not Never (0)'
3.11.36.4.10.2 (L2) Ensure 'Set time limit for disconnected sessions' is set to 'Enabled: 1 minute'
3.11.42.2 (L2) Ensure 'Turn off the Store application' is set to 'Enabled'
3.11.49.1 (L2) Ensure 'Prevent Internet Explorer security prompt for Windows Installer scripts' is set to 'Disabled'
3.11.52.1.1 (L2) Ensure 'Prevent Codec Download (User)' is set to 'Enabled'
3.11.55.2.2 (L2) Ensure 'Allow remote server management through WinRM' is set to 'Disabled'
3.11.56.1 (L2) Ensure 'Allow Remote Shell Access' is set to 'Disabled'
11.1 (L2) Ensure 'Allow Camera' is set to 'Not allowed'
21.8 (L2) Ensure 'Enable File Hash Computation' is set to 'Enable'
30.3 (L2) Ensure 'Allow Windows Spotlight (User)' is set to 'Block'
43.1 (L2) Ensure 'Disallow KMS Client Online AVS Validation' is set to 'Allow'
45.6 (L2) Ensure 'Devices: Prevent users from installing printer drivers when connecting to shared printers' is set to 'Enable'
48.3 (L2) Ensure 'Disable Store Originated Apps' is set to 'Enabled'
58.1 (L2) Ensure 'Allow Cross Device Clipboard' is set to 'Block'
58.3 (L2) Ensure 'Disable Advertising ID' is set to 'Enabled'
58.5 (L2) Ensure 'Upload User Activities' is set to 'Disabled'
60.1 (L2) Ensure 'Allow Cloud Search' is set to 'Not allowed'
60.4 (L2) Ensure 'Allow search highlights' is set to '0'
62.1 (L2) Ensure 'Allow Online Tips' is set to 'Block'