DISA STIG Microsoft Office 365 ProPlus v2r5

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: DISA STIG Microsoft Office 365 ProPlus v2r5

Updated: 5/31/2023

Authority: DISA STIG

Plugin: Windows

Revision: 1.4

Estimated Item Count: 317

Audit Changelog

 
Revision 1.4

May 31, 2023

Miscellaneous
  • Audit deprecated.
  • Metadata updated.
  • References updated.
Revision 1.3

Mar 21, 2023

Functional Update
  • DISA_STIG_Microsoft_Office_365_ProPlus_v2r5.audit from DISA Microsoft Office 365 ProPlus v2r5 STIG
  • O365-AC-000001 - Macros must be blocked from running in Access files from the Internet.
  • O365-AC-000002 - Trust Bar Notifications for unsigned application add-ins in Access must be disabled and blocked.
  • O365-AC-000003 - VBA Macros not digitally signed must be blocked in Access.
  • O365-AC-000004 - Allowing Trusted Locations on the network must be disabled in Access.
  • O365-CO-000001 - The Macro Runtime Scan Scope must be enabled for all documents.
  • O365-CO-000002 - Document metadata for rights managed Office Open XML files must be protected.
  • O365-CO-000003 - The Office client must be prevented from polling the SharePoint Server for published links.
  • O365-CO-000004 - Custom user interface (UI) code must be blocked from loading in all Office applications - access
  • O365-CO-000004 - Custom user interface (UI) code must be blocked from loading in all Office applications - excel
  • O365-CO-000004 - Custom user interface (UI) code must be blocked from loading in all Office applications - infopath
  • O365-CO-000004 - Custom user interface (UI) code must be blocked from loading in all Office applications - outlook
  • O365-CO-000004 - Custom user interface (UI) code must be blocked from loading in all Office applications - powerpoint
  • O365-CO-000004 - Custom user interface (UI) code must be blocked from loading in all Office applications - project
  • O365-CO-000004 - Custom user interface (UI) code must be blocked from loading in all Office applications - publisher
  • O365-CO-000004 - Custom user interface (UI) code must be blocked from loading in all Office applications - visio
  • O365-CO-000004 - Custom user interface (UI) code must be blocked from loading in all Office applications - word
  • O365-CO-000005 - ActiveX Controls must be initialized in Safe Mode.
  • O365-CO-000006 - Macros in all Office applications that are opened programmatically by another application must be opened based upon macro security level.
  • O365-CO-000007 - Trust Bar notifications must be configured to display information in the Message Bar about the content that has been automatically blocked.
  • O365-CO-000008 - Office applications must be configured to specify encryption type in password-protected Office 97-2003 files.
  • O365-CO-000009 - Office applications must be configured to specify encryption type in password-protected Office Open XML files.
  • O365-CO-000010 - Users must be prevented from creating new trusted locations in the Trust Center.
  • O365-CO-000012 - Office applications must not load XML expansion packs with Smart Documents.
  • O365-CO-000013 - The load of controls in Forms3 must be blocked.
  • O365-CO-000014 - Add-on Management must be enabled for all Office 365 ProPlus programs - excel.exe
  • O365-CO-000014 - Add-on Management must be enabled for all Office 365 ProPlus programs - exprwd.exe
  • O365-CO-000014 - Add-on Management must be enabled for all Office 365 ProPlus programs - groove.exe
  • O365-CO-000014 - Add-on Management must be enabled for all Office 365 ProPlus programs - msaccess.exe
  • O365-CO-000014 - Add-on Management must be enabled for all Office 365 ProPlus programs - mse7.exe
  • O365-CO-000014 - Add-on Management must be enabled for all Office 365 ProPlus programs - mspub.exe
  • O365-CO-000014 - Add-on Management must be enabled for all Office 365 ProPlus programs - onenote.exe
  • O365-CO-000014 - Add-on Management must be enabled for all Office 365 ProPlus programs - outlook.exe
  • O365-CO-000014 - Add-on Management must be enabled for all Office 365 ProPlus programs - powerpnt.exe
  • O365-CO-000014 - Add-on Management must be enabled for all Office 365 ProPlus programs - pptview.exe
  • O365-CO-000014 - Add-on Management must be enabled for all Office 365 ProPlus programs - spdesign.exe
  • O365-CO-000014 - Add-on Management must be enabled for all Office 365 ProPlus programs - visio.exe
  • O365-CO-000014 - Add-on Management must be enabled for all Office 365 ProPlus programs - winproj.exe
  • O365-CO-000014 - Add-on Management must be enabled for all Office 365 ProPlus programs - winword.exe
  • O365-CO-000015 - Consistent MIME handling must be enabled for all Office 365 ProPlus programs - excel.exe
  • O365-CO-000015 - Consistent MIME handling must be enabled for all Office 365 ProPlus programs - exprwd.exe
  • O365-CO-000015 - Consistent MIME handling must be enabled for all Office 365 ProPlus programs - groove.exe
  • O365-CO-000015 - Consistent MIME handling must be enabled for all Office 365 ProPlus programs - msaccess.exe
  • O365-CO-000015 - Consistent MIME handling must be enabled for all Office 365 ProPlus programs - mse7.exe
  • O365-CO-000015 - Consistent MIME handling must be enabled for all Office 365 ProPlus programs - mspub.exe
  • O365-CO-000015 - Consistent MIME handling must be enabled for all Office 365 ProPlus programs - onenote.exe
  • O365-CO-000015 - Consistent MIME handling must be enabled for all Office 365 ProPlus programs - outlook.exe
  • O365-CO-000015 - Consistent MIME handling must be enabled for all Office 365 ProPlus programs - powerpnt.exe
  • O365-CO-000015 - Consistent MIME handling must be enabled for all Office 365 ProPlus programs - pptview.exe
  • O365-CO-000015 - Consistent MIME handling must be enabled for all Office 365 ProPlus programs - spdesign.exe
  • O365-CO-000015 - Consistent MIME handling must be enabled for all Office 365 ProPlus programs - visio.exe
  • O365-CO-000015 - Consistent MIME handling must be enabled for all Office 365 ProPlus programs - winproj.exe
  • O365-CO-000015 - Consistent MIME handling must be enabled for all Office 365 ProPlus programs - winword.exe
  • O365-CO-000016 - User name and password must be disabled in all Office programs - excel.exe
  • O365-CO-000016 - User name and password must be disabled in all Office programs - exprwd.exe
  • O365-CO-000016 - User name and password must be disabled in all Office programs - groove.exe
  • O365-CO-000016 - User name and password must be disabled in all Office programs - msaccess.exe
  • O365-CO-000016 - User name and password must be disabled in all Office programs - mse7.exe
  • O365-CO-000016 - User name and password must be disabled in all Office programs - mspub.exe
  • O365-CO-000016 - User name and password must be disabled in all Office programs - onenote.exe
  • O365-CO-000016 - User name and password must be disabled in all Office programs - outlook.exe
  • O365-CO-000016 - User name and password must be disabled in all Office programs - powerpnt.exe
  • O365-CO-000016 - User name and password must be disabled in all Office programs - pptview.exe
  • O365-CO-000016 - User name and password must be disabled in all Office programs - spdesign.exe
  • O365-CO-000016 - User name and password must be disabled in all Office programs - visio.exe
  • O365-CO-000016 - User name and password must be disabled in all Office programs - winproj.exe
  • O365-CO-000016 - User name and password must be disabled in all Office programs - winword.exe
  • O365-CO-000017 - The Information Bar must be enabled in all Office programs - excel.exe
  • O365-CO-000017 - The Information Bar must be enabled in all Office programs - exprwd.exe
  • O365-CO-000017 - The Information Bar must be enabled in all Office programs - groove.exe
  • O365-CO-000017 - The Information Bar must be enabled in all Office programs - msaccess.exe
  • O365-CO-000017 - The Information Bar must be enabled in all Office programs - mse7.exe
  • O365-CO-000017 - The Information Bar must be enabled in all Office programs - mspub.exe
  • O365-CO-000017 - The Information Bar must be enabled in all Office programs - onenote.exe
  • O365-CO-000017 - The Information Bar must be enabled in all Office programs - outlook.exe
  • O365-CO-000017 - The Information Bar must be enabled in all Office programs - powerpnt.exe
  • O365-CO-000017 - The Information Bar must be enabled in all Office programs - pptview.exe
  • O365-CO-000017 - The Information Bar must be enabled in all Office programs - spdesign.exe
  • O365-CO-000017 - The Information Bar must be enabled in all Office programs - visio.exe
  • O365-CO-000017 - The Information Bar must be enabled in all Office programs - winproj.exe
  • O365-CO-000017 - The Information Bar must be enabled in all Office programs - winword.exe
  • O365-CO-000018 - The Local Machine Zone Lockdown Security must be enabled in all Office programs - excel.exe
  • O365-CO-000018 - The Local Machine Zone Lockdown Security must be enabled in all Office programs - exprwd.exe
  • O365-CO-000018 - The Local Machine Zone Lockdown Security must be enabled in all Office programs - groove.exe
  • O365-CO-000018 - The Local Machine Zone Lockdown Security must be enabled in all Office programs - msaccess.exe
  • O365-CO-000018 - The Local Machine Zone Lockdown Security must be enabled in all Office programs - mse7.exe
  • O365-CO-000018 - The Local Machine Zone Lockdown Security must be enabled in all Office programs - mspub.exe
  • O365-CO-000018 - The Local Machine Zone Lockdown Security must be enabled in all Office programs - onenote.exe
  • O365-CO-000018 - The Local Machine Zone Lockdown Security must be enabled in all Office programs - outlook.exe
  • O365-CO-000018 - The Local Machine Zone Lockdown Security must be enabled in all Office programs - powerpnt.exe
  • O365-CO-000018 - The Local Machine Zone Lockdown Security must be enabled in all Office programs - pptview.exe
  • O365-CO-000018 - The Local Machine Zone Lockdown Security must be enabled in all Office programs - spdesign.exe
  • O365-CO-000018 - The Local Machine Zone Lockdown Security must be enabled in all Office programs - visio.exe
  • O365-CO-000018 - The Local Machine Zone Lockdown Security must be enabled in all Office programs - winproj.exe
  • O365-CO-000018 - The Local Machine Zone Lockdown Security must be enabled in all Office programs - winword.exe
  • O365-CO-000019 - The MIME Sniffing safety feature must be enabled in all Office programs - excel.exe
  • O365-CO-000019 - The MIME Sniffing safety feature must be enabled in all Office programs - exprwd.exe
  • O365-CO-000019 - The MIME Sniffing safety feature must be enabled in all Office programs - groove.exe
  • O365-CO-000019 - The MIME Sniffing safety feature must be enabled in all Office programs - msaccess.exe
  • O365-CO-000019 - The MIME Sniffing safety feature must be enabled in all Office programs - mse7.exe
  • O365-CO-000019 - The MIME Sniffing safety feature must be enabled in all Office programs - mspub.exe
  • O365-CO-000019 - The MIME Sniffing safety feature must be enabled in all Office programs - onenote.exe
  • O365-CO-000019 - The MIME Sniffing safety feature must be enabled in all Office programs - outlook.exe
  • O365-CO-000019 - The MIME Sniffing safety feature must be enabled in all Office programs - powerpnt.exe
  • O365-CO-000019 - The MIME Sniffing safety feature must be enabled in all Office programs - pptview.exe
  • O365-CO-000019 - The MIME Sniffing safety feature must be enabled in all Office programs - spdesign.exe
  • O365-CO-000019 - The MIME Sniffing safety feature must be enabled in all Office programs - visio.exe
  • O365-CO-000019 - The MIME Sniffing safety feature must be enabled in all Office programs - winproj.exe
  • O365-CO-000019 - The MIME Sniffing safety feature must be enabled in all Office programs - winword.exe
  • O365-CO-000020 - Navigate URL must be enabled in all Office programs - excel.exe
  • O365-CO-000020 - Navigate URL must be enabled in all Office programs - exprwd.exe
  • O365-CO-000020 - Navigate URL must be enabled in all Office programs - groove.exe
  • O365-CO-000020 - Navigate URL must be enabled in all Office programs - msaccess.exe
  • O365-CO-000020 - Navigate URL must be enabled in all Office programs - mse7.exe
  • O365-CO-000020 - Navigate URL must be enabled in all Office programs - mspub.exe
  • O365-CO-000020 - Navigate URL must be enabled in all Office programs - onenote.exe
  • O365-CO-000020 - Navigate URL must be enabled in all Office programs - outlook.exe
  • O365-CO-000020 - Navigate URL must be enabled in all Office programs - powerpnt.exe
  • O365-CO-000020 - Navigate URL must be enabled in all Office programs - pptview.exe
  • O365-CO-000020 - Navigate URL must be enabled in all Office programs - spdesign.exe
  • O365-CO-000020 - Navigate URL must be enabled in all Office programs - visio.exe
  • O365-CO-000020 - Navigate URL must be enabled in all Office programs - winproj.exe
  • O365-CO-000020 - Navigate URL must be enabled in all Office programs - winword.exe
  • O365-CO-000021 - Object Caching Protection must be enabled in all Office programs - excel.exe
  • O365-CO-000021 - Object Caching Protection must be enabled in all Office programs - exprwd.exe
  • O365-CO-000021 - Object Caching Protection must be enabled in all Office programs - groove.exe
  • O365-CO-000021 - Object Caching Protection must be enabled in all Office programs - msaccess.exe
  • O365-CO-000021 - Object Caching Protection must be enabled in all Office programs - mse7.exe
  • O365-CO-000021 - Object Caching Protection must be enabled in all Office programs - mspub.exe
  • O365-CO-000021 - Object Caching Protection must be enabled in all Office programs - onenote.exe
  • O365-CO-000021 - Object Caching Protection must be enabled in all Office programs - outlook.exe
  • O365-CO-000021 - Object Caching Protection must be enabled in all Office programs - powerpnt.exe
  • O365-CO-000021 - Object Caching Protection must be enabled in all Office programs - pptview.exe
  • O365-CO-000021 - Object Caching Protection must be enabled in all Office programs - spdesign.exe
  • O365-CO-000021 - Object Caching Protection must be enabled in all Office programs - visio.exe
  • O365-CO-000021 - Object Caching Protection must be enabled in all Office programs - winproj.exe
  • O365-CO-000021 - Object Caching Protection must be enabled in all Office programs - winword.exe
  • O365-CO-000022 - Protection from zone elevation must be enabled in all Office programs - excel.exe
  • O365-CO-000022 - Protection from zone elevation must be enabled in all Office programs - exprwd.exe
  • O365-CO-000022 - Protection from zone elevation must be enabled in all Office programs - groove.exe
  • O365-CO-000022 - Protection from zone elevation must be enabled in all Office programs - msaccess.exe
  • O365-CO-000022 - Protection from zone elevation must be enabled in all Office programs - mse7.exe
  • O365-CO-000022 - Protection from zone elevation must be enabled in all Office programs - mspub.exe
  • O365-CO-000022 - Protection from zone elevation must be enabled in all Office programs - onenote.exe
  • O365-CO-000022 - Protection from zone elevation must be enabled in all Office programs - outlook.exe
  • O365-CO-000022 - Protection from zone elevation must be enabled in all Office programs - powerpnt.exe
  • O365-CO-000022 - Protection from zone elevation must be enabled in all Office programs - pptview.exe
  • O365-CO-000022 - Protection from zone elevation must be enabled in all Office programs - spdesign.exe
  • O365-CO-000022 - Protection from zone elevation must be enabled in all Office programs - visio.exe
  • O365-CO-000022 - Protection from zone elevation must be enabled in all Office programs - winproj.exe
  • O365-CO-000022 - Protection from zone elevation must be enabled in all Office programs - winword.exe
  • O365-CO-000023 - ActiveX installation restriction must be enabled in all Office programs - excel.exe
  • O365-CO-000023 - ActiveX installation restriction must be enabled in all Office programs - exprwd.exe
  • O365-CO-000023 - ActiveX installation restriction must be enabled in all Office programs - groove.exe
  • O365-CO-000023 - ActiveX installation restriction must be enabled in all Office programs - msaccess.exe
  • O365-CO-000023 - ActiveX installation restriction must be enabled in all Office programs - mse7.exe
  • O365-CO-000023 - ActiveX installation restriction must be enabled in all Office programs - mspub.exe
  • O365-CO-000023 - ActiveX installation restriction must be enabled in all Office programs - onenote.exe
  • O365-CO-000023 - ActiveX installation restriction must be enabled in all Office programs - outlook.exe
  • O365-CO-000023 - ActiveX installation restriction must be enabled in all Office programs - powerpnt.exe
  • O365-CO-000023 - ActiveX installation restriction must be enabled in all Office programs - pptview.exe
  • O365-CO-000023 - ActiveX installation restriction must be enabled in all Office programs - spdesign.exe
  • O365-CO-000023 - ActiveX installation restriction must be enabled in all Office programs - visio.exe
  • O365-CO-000023 - ActiveX installation restriction must be enabled in all Office programs - winproj.exe
  • O365-CO-000023 - ActiveX installation restriction must be enabled in all Office programs - winword.exe
  • O365-CO-000024 - File Download Restriction must be enabled in all Office programs - excel.exe
  • O365-CO-000024 - File Download Restriction must be enabled in all Office programs - exprwd.exe
  • O365-CO-000024 - File Download Restriction must be enabled in all Office programs - groove.exe
  • O365-CO-000024 - File Download Restriction must be enabled in all Office programs - msaccess.exe
  • O365-CO-000024 - File Download Restriction must be enabled in all Office programs - mse7.exe
  • O365-CO-000024 - File Download Restriction must be enabled in all Office programs - mspub.exe
  • O365-CO-000024 - File Download Restriction must be enabled in all Office programs - onenote.exe
  • O365-CO-000024 - File Download Restriction must be enabled in all Office programs - outlook.exe
  • O365-CO-000024 - File Download Restriction must be enabled in all Office programs - powerpnt.exe
  • O365-CO-000024 - File Download Restriction must be enabled in all Office programs - pptview.exe
  • O365-CO-000024 - File Download Restriction must be enabled in all Office programs - spdesign.exe
  • O365-CO-000024 - File Download Restriction must be enabled in all Office programs - visio.exe
  • O365-CO-000024 - File Download Restriction must be enabled in all Office programs - winproj.exe
  • O365-CO-000024 - File Download Restriction must be enabled in all Office programs - winword.exe
  • O365-CO-000025 - The Save from URL feature must be enabled in all Office programs - excel.exe
  • O365-CO-000025 - The Save from URL feature must be enabled in all Office programs - exprwd.exe
  • O365-CO-000025 - The Save from URL feature must be enabled in all Office programs - groove.exe
  • O365-CO-000025 - The Save from URL feature must be enabled in all Office programs - msaccess.exe
  • O365-CO-000025 - The Save from URL feature must be enabled in all Office programs - mse7.exe
  • O365-CO-000025 - The Save from URL feature must be enabled in all Office programs - mspub.exe
  • O365-CO-000025 - The Save from URL feature must be enabled in all Office programs - onenote.exe
  • O365-CO-000025 - The Save from URL feature must be enabled in all Office programs - outlook.exe
  • O365-CO-000025 - The Save from URL feature must be enabled in all Office programs - powerpnt.exe
  • O365-CO-000025 - The Save from URL feature must be enabled in all Office programs - pptview.exe
  • O365-CO-000025 - The Save from URL feature must be enabled in all Office programs - spdesign.exe
  • O365-CO-000025 - The Save from URL feature must be enabled in all Office programs - visio.exe
  • O365-CO-000025 - The Save from URL feature must be enabled in all Office programs - winproj.exe
  • O365-CO-000025 - The Save from URL feature must be enabled in all Office programs - winword.exe
  • O365-CO-000026 - Scripted Windows Security restrictions must be enabled in all Office programs - excel.exe
  • O365-CO-000026 - Scripted Windows Security restrictions must be enabled in all Office programs - exprwd.exe
  • O365-CO-000026 - Scripted Windows Security restrictions must be enabled in all Office programs - groove.exe
  • O365-CO-000026 - Scripted Windows Security restrictions must be enabled in all Office programs - msaccess.exe
  • O365-CO-000026 - Scripted Windows Security restrictions must be enabled in all Office programs - mse7.exe
  • O365-CO-000026 - Scripted Windows Security restrictions must be enabled in all Office programs - mspub.exe
  • O365-CO-000026 - Scripted Windows Security restrictions must be enabled in all Office programs - onenote.exe
  • O365-CO-000026 - Scripted Windows Security restrictions must be enabled in all Office programs - outlook.exe
  • O365-CO-000026 - Scripted Windows Security restrictions must be enabled in all Office programs - powerpnt.exe
  • O365-CO-000026 - Scripted Windows Security restrictions must be enabled in all Office programs - pptview.exe
  • O365-CO-000026 - Scripted Windows Security restrictions must be enabled in all Office programs - spdesign.exe
  • O365-CO-000026 - Scripted Windows Security restrictions must be enabled in all Office programs - visio.exe
  • O365-CO-000026 - Scripted Windows Security restrictions must be enabled in all Office programs - winproj.exe
  • O365-CO-000026 - Scripted Windows Security restrictions must be enabled in all Office programs - winword.exe
  • O365-CO-000027 - Flash player activation must be disabled in all Office programs.
  • O365-EX-000001 - Trusted Locations on the network must be disabled in Excel.
  • O365-EX-000002 - VBA Macros not digitally signed must be blocked in Excel.
  • O365-EX-000003 - Dynamic Data Exchange (DDE) server launch in Excel must be blocked.
  • O365-EX-000004 - Dynamic Data Exchange (DDE) server lookup in Excel must be blocked.
  • O365-EX-000005 - Open/save of dBase III / IV format files must be blocked.
  • O365-EX-000006 - Open/save of Dif and Sylk format files must be blocked.
  • O365-EX-000007 - Open/save of Excel 2 macrosheets and add-in files must be blocked.
  • O365-EX-000008 - Open/save of Excel 2 worksheets must be blocked.
  • O365-EX-000009 - Open/save of Excel 3 macrosheets and add-in files must be blocked.
  • O365-EX-000010 - Open/save of Excel 3 worksheets must be blocked.
  • O365-EX-000011 - Open/save of Excel 4 macrosheets and add-in files must be blocked.
  • O365-EX-000012 - Open/save of Excel 4 workbooks must be blocked.
  • O365-EX-000013 - Open/save of Excel 4 worksheets must be blocked.
  • O365-EX-000014 - Open/save of Excel 95 workbooks must be blocked.
  • O365-EX-000015 - Open/save of Excel 95-97 workbooks and templates must be blocked.
  • O365-EX-000016 - The default file block behavior must be set to not open blocked files in Excel.
  • O365-EX-000017 - Open/save of Web pages and Excel 2003 XML spreadsheets must be blocked.
  • O365-EX-000018 - Extraction options must be blocked when opening corrupt Excel workbooks.
  • O365-EX-000019 - Updating of links in Excel must be prompted and not automatic.
  • O365-EX-000020 - Loading of pictures from Web pages not created in Excel must be disabled.
  • O365-EX-000021 - AutoRepublish in Excel must be disabled.
  • O365-EX-000022 - AutoRepublish warning alert in Excel must be enabled.
  • O365-EX-000023 - File extensions must be enabled to match file types in Excel.
  • O365-EX-000024 - Scan of encrypted macros in Excel Open XML workbooks must be enabled.
  • O365-EX-000025 - File validation in Excel must be enabled.
  • O365-EX-000026 - WEBSERVICE Function Notification in Excel must be configured to disable all, with notifications.
  • O365-EX-000027 - Macros must be blocked from running in Excel files from the Internet.
  • O365-EX-000028 - Trust Bar notification must be enabled for unsigned application add-ins in Excel and blocked.
  • O365-EX-000029 - Untrusted Microsoft Query files must be blocked from opening in Excel.
  • O365-EX-000030 - Untrusted database files must be opened in Excel in Protected View mode.
  • O365-EX-000031 - Files from Internet zone must be opened in Excel in Protected View mode.
  • O365-EX-000032 - Files from unsafe locations must be opened in Excel in Protected View mode.
  • O365-EX-000033 - Files failing file validation must be opened in Excel in Protected view mode and disallow edits.
  • O365-EX-000034 - File attachments from Outlook must be opened in Excel in Protected mode.
  • O365-LY-000001 - The SIP security mode in Lync must be enabled.
  • O365-LY-000002 - The HTTP fallback for SIP connection in Lync must be disabled.
  • O365-OU-000001 - The Exchange client authentication with Exchange servers must be enabled to use Kerberos Password Authentication.
  • O365-OU-000002 - Outlook must use remote procedure call (RPC) encryption to communicate with Microsoft Exchange servers.
  • O365-OU-000003 - Scripts associated with public folders must be prevented from execution in Outlook.
  • O365-OU-000004 - Scripts associated with shared folders must be prevented from execution in Outlook.
  • O365-OU-000005 - Files dragged from an Outlook e-mail to the file system must be created in ANSI format.
  • O365-OU-000006 - Junk email level must be enabled at a setting of High.
  • O365-OU-000007 - Active X One-Off forms must only be enabled to load with Outlook Controls.
  • O365-OU-000008 - Outlook must be configured to prevent users overriding attachment security settings.
  • O365-OU-000009 - Internet must not be included in Safe Zone for picture download in Outlook.
  • O365-OU-000010 - The Publish to Global Address List (GAL) button must be disabled in Outlook.
  • O365-OU-000011 - The minimum encryption key length in Outlook must be at least 168.
  • O365-OU-000012 - The warning about invalid digital signatures must be enabled to warn Outlook users.
  • O365-OU-000013 - Outlook must be configured to allow retrieving of Certificate Revocation Lists (CRLs) always when online.
  • O365-OU-000014 - The Outlook Security Mode must be enabled to always use the Outlook Security Group Policy.
  • O365-OU-000015 - The ability to demote attachments from Level 2 to Level 1 must be disabled.
  • O365-OU-000016 - The display of Level 1 attachments must be disabled in Outlook.
  • O365-OU-000017 - Level 1 file attachments must be blocked from being delivered.
  • O365-OU-000018 - Level 2 file attachments must be blocked from being delivered.
  • O365-OU-000019 - Outlook must be configured to not run scripts in forms in which the script and the layout are contained within the message.
  • O365-OU-000020 - When a custom action is executed that uses the Outlook object model, Outlook must automatically deny it.
  • O365-OU-000021 - When an untrusted program attempts to programmatically access an Address Book using the Outlook object model, Outlook must automatically deny it.
  • O365-OU-000022 - When a user designs a custom form in Outlook and attempts to bind an Address Information field to a combination or formula custom field, Outlook must automatically deny it.
  • O365-OU-000023 - When an untrusted program attempts to use the Save As command to programmatically save an item, Outlook must automatically deny it.
  • O365-OU-000024 - When an untrusted program attempts to gain access to a recipient field, such as the, To: field, using the Outlook object model, Outlook must automatically deny it.
  • O365-OU-000025 - When an untrusted program attempts to programmatically send e-mail in Outlook using the Response method of a task or meeting request, Outlook must automatically deny it.
  • O365-OU-000026 - When an untrusted program attempts to send e-mail programmatically using the Outlook object model, Outlook must automatically deny it.
  • O365-OU-000027 - Outlook must be configured to not allow hyperlinks in suspected phishing messages.
  • O365-OU-000028 - The Security Level for macros in Outlook must be configured to Warn for signed and disable unsigned.
  • O365-PR-000001 - Trusted Locations on the network must be disabled in Project.
  • O365-PR-000002 - Project must automatically disable unsigned add-ins without informing users.
  • O365-PR-000003 - VBA Macros not digitally signed must be blocked in Project.
  • O365-PT-000001 - VBA Macros not digitally signed must be blocked in PowerPoint.
  • O365-PT-000002 - The ability to run programs from PowerPoint must be disabled.
  • O365-PT-000003 - Open/Save of PowerPoint 97-2003 presentations, shows, templates, and add-in files must be blocked.
  • O365-PT-000004 - The default file block behavior must be set to not open blocked files in PowerPoint.
  • O365-PT-000005 - Encrypted macros in PowerPoint Open XML presentations must be scanned.
  • O365-PT-000006 - File validation in PowerPoint must be enabled.
  • O365-PT-000007 - Macros from the Internet must be blocked from running in PowerPoint.
  • O365-PT-000008 - Unsigned add-ins in PowerPoint must be blocked with no Trust Bar Notification to the user.
  • O365-PT-000009 - Files downloaded from the Internet must be opened in Protected view in PowerPoint.
  • O365-PT-000010 - PowerPoint attachments opened from Outlook must be in Protected View.
  • O365-PT-000011 - Files in unsafe locations must be opened in Protected view in PowerPoint.
  • O365-PT-000012 - If file validation fails, files must be opened in Protected view in PowerPoint with ability to edit disabled.
  • O365-PT-000013 - The use of network locations must be ignored in PowerPoint.
  • O365-PU-000001 - Publisher must be configured to prompt the user when another application programmatically opens a macro.
  • O365-PU-000002 - Publisher must automatically disable unsigned add-ins without informing users.
  • O365-PU-000003 - Publisher must disable all unsigned VBA macros.
  • O365-VI-000001 - VBA Macros not digitally signed must be blocked in Visio.
  • O365-VI-000002 - Trusted Locations on the network must be disabled in Visio.
  • O365-VI-000003 - Visio must automatically disable unsigned add-ins without informing users.
  • O365-VI-000004 - Visio 2000-2002 Binary Drawings, Templates and Stencils must be blocked.
  • O365-VI-000005 - Visio 2003-2010 Binary Drawings, Templates and Stencils must be blocked.
  • O365-VI-000006 - Visio 5.0 or earlier Binary Drawings, Templates and Stencils must be blocked.
  • O365-VI-000007 - Macros must be blocked from running in Visio files from the Internet.
  • O365-WD-000001 - Word must automatically disable unsigned add-ins without informing users.
  • O365-WD-000002 - In Word, encrypted macros must be scanned.
  • O365-WD-000003 - Files downloaded from the Internet must be opened in Protected view in Word.
  • O365-WD-000004 - Files located in unsafe locations must be opened in Protected view in Word.
  • O365-WD-000005 - If file validation fails, files must be opened in Protected view in Word with ability to edit disabled.
  • O365-WD-000006 - Word attachments opened from Outlook must be in Protected View.
  • O365-WD-000007 - The default file block behavior must be set to not open blocked files in Word.
  • O365-WD-000008 - Open/Save of Word 2 and earlier binary documents and templates must be blocked.
  • O365-WD-000009 - Open/Save of Word 2000 binary documents and templates must be blocked.
  • O365-WD-000010 - Open/Save of Word 2003 binary documents and templates must be blocked.
  • O365-WD-000011 - Open/Save of Word 2007 and later binary documents and templates must be blocked.
  • O365-WD-000012 - Open/Save of Word 6.0 binary documents and templates must be blocked.
  • O365-WD-000013 - Open/Save of Word 95 binary documents and templates must be blocked.
  • O365-WD-000014 - Open/Save of Word 97 binary documents and templates must be blocked.
  • O365-WD-000015 - Open/Save of Word XP binary documents and templates must be blocked.
  • O365-WD-000016 - In Word, macros must be blocked from running, even if Enable all macros is selected in the Macro Settings section of the Trust Center.
  • O365-WD-000017 - Trusted Locations on the network must be disabled in Word.
  • O365-WD-000018 - VBA Macros not digitally signed must be blocked in Word.
  • O365-WD-000019 - File validation in Word must be enabled.
Miscellaneous
  • Metadata updated.
  • Variables updated.
Revision 1.2

Mar 8, 2023

Functional Update
  • O365-CO-000018 - The Local Machine Zone Lockdown Security must be enabled in all Office programs - mse7.exe
  • O365-CO-000019 - The MIME Sniffing safety feature must be enabled in all Office programs - exprwd.exe
  • O365-CO-000020 - Navigate URL must be enabled in all Office programs - groove.exe
Revision 1.1

Mar 7, 2023

Miscellaneous
  • Metadata updated.
  • References updated.
Revision 1.0

May 27, 2022

Miscellaneous
  • Metadata updated.