Detections
Analytics
6.5 Set 'Disable Microsoft Passport service for content with restricted permission' to 'Enabled'
Information
This policy setting controls whether users can open protected content created with aWindows Live ID (formerly Microsoft .NET Passport) authenticated account. If you enable
this policy setting, users cannot open protected content created with a Windows Live ID
account. If you disable or do not configure this policy setting, when a user opens a rights-
managed file created with a Windows Live ID, the application connects to a licensing server
to verify the user's credentials and to download a license that defines the level of access the
user has to the file. If your organization has policies that govern access to external services
such as Windows Live ID, this capability could allow users to violate those policies. The
recommended state for this setting is- Enabled.
*Rationale*
The Information Rights Management feature of the Microsoft Office 2010 release allows
individuals and administrators to specify access permissions to Word 2010 documents,
Excel 2010 workbooks, PowerPoint 2010 presentations, and Outlook 2010 e-mail
messages. This capability helps prevent sensitive information from being printed,
forwarded, or copied by unauthorized people. Users protect content using digital
certificates obtained through Windows Rights Management Services (RMS) or by using a
Windows Live ID (formerly Microsoft .NET Passport) account. By default, when a user
opens a rights-managed file created with a Windows Live ID, the application connects to a
licensing server to verify the user's credentials and to download a license that defines the
level of access the user has to the file. If your organization has policies that govern access to
external services such as Windows Live ID, this capability could allow users to violate those
policies.
Solution
To implement the recommended configuration state, set the following Group Policy settingto Enabled.
User Configuration\Administrative Templates\Microsoft Office 2010\Manage Restricted
Permissions\Disable Microsoft Passport service for content with restricted permission
Impact-Enabling this setting prevents users from opening protected content that was created with
a Windows Live ID account. If your users have a business-critical need to work with
protected content of this nature, it might not be possible to enable this setting without
causing significant disruptions. Users who do not work with protected content will not be
affected by this setting.
See Also
Item Details
Audit Name: CIS MS Office Outlook 2010 v1.0.0
Category: CONFIGURATION MANAGEMENT
References: 800-53|CM-7b.
Plugin: Windows
Control ID: 6a3098f070743a5495a7c263f2a85c0de4bcfa31a70de2cf807784864f91402d