2.5.14.1.4 (L1) Ensure 'Do not permit download of content from safe zones' is set to 'Disabled'

Information

This policy setting controls whether Outlook automatically downloads content from safe zones when displaying messages.

Note: This policy setting is

backwards

. Despite the name,

disabling

this policy setting prevents the download of content from safe zones and enabling the policy setting allows it.

The recommended state for this setting is: Disabled

By default, Outlook automatically downloads content from sites that are considered 'safe,' as defined in the Security tab of the Internet Options dialog box in Internet Explorer. This configuration could allow users to inadvertently download Web beacons that reveal their identity to spammers and other malicious people.

Solution

To establish the recommended state via configuration profiles, set the following Settings Catalog path to Disabled :

Microsoft Outlook 2016\Security\Automatic Picture Download Settings\Do not permit download of content from safe zones

Impact:

Users with e-mail messages that include content from safe zones will be required to download content for each message individually.

See Also

https://workbench.cisecurity.org/benchmarks/15808

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-18(4)

Plugin: Windows

Control ID: 673b4641d1aab4b1ed58d89e54fe62d662113877dff45de9da856cd51a872867