| 9.1.6.1 Ensure That Microsoft Defender for App Services Is Set To 'On' | CIS Microsoft Azure Foundations v4.0.0 L2 | microsoft_azure | RISK ASSESSMENT, SYSTEM AND SERVICES ACQUISITION |
| Access data sources across domains - Restricted Sites Zone | MSCT Windows Server v2004 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Allow Basic authentication - Client - AllowBasic | MSCT Windows Server v2004 DC v1.0.0 | Windows | ACCESS CONTROL |
| Allow Basic authentication - Service - AllowBasic | MSCT Windows Server v2004 DC v1.0.0 | Windows | ACCESS CONTROL |
| Allow log on through Remote Desktop Services | MSCT Windows Server v2004 DC v1.0.0 | Windows | ACCESS CONTROL |
| Allow META REFRESH | MSCT Windows Server v2004 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow only approved domains to use the TDC ActiveX control - Internet Zone | MSCT Windows Server v2004 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow only approved domains to use the TDC ActiveX control - Restricted Sites Zone | MSCT Windows Server v2004 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow script-initiated windows without size or position constraints - Internet Zone | MSCT Windows Server v2004 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow script-initiated windows without size or position constraints - Restricted Sites Zone | MSCT Windows Server v2004 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow scripting of Internet Explorer WebBrowser controls - Restricted Sites Zone | MSCT Windows Server v2004 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow VBScript to run in Internet Explorer - Restricted Sites Zone | MSCT Windows Server v2004 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Allow Windows Ink Workspace | MSCT Windows Server v2004 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Always prompt for password upon connection | MSCT Windows Server v2004 DC v1.0.0 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| Audit Account Lockout | MSCT Windows Server v2004 DC v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit Directory Service Access | MSCT Windows Server v2004 DC v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit Group Membership | MSCT Windows Server v2004 DC v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit Kerberos Service Ticket Operations | MSCT Windows Server v2004 DC v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit Logon | MSCT Windows Server v2004 DC v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit Other Account Management Events | MSCT Windows Server v2004 DC v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit Other Logon/Logoff Events | MSCT Windows Server v2004 DC v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Automatic prompting for file downloads - Internet Zone | MSCT Windows Server v2004 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Automatic prompting for file downloads - Restricted Sites Zone | MSCT Windows Server v2004 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Configure registry policy processing - NoBackgroundPolicy | MSCT Windows Server v2004 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Create global objects | MSCT Windows Server v2004 DC v1.0.0 | Windows | ACCESS CONTROL |
| Create permanent shared objects | MSCT Windows Server v2004 DC v1.0.0 | Windows | ACCESS CONTROL |
| Disallow Autoplay for non-volume devices | MSCT Windows Server v2004 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Disallow Digest authentication | MSCT Windows Server v2004 DC v1.0.0 | Windows | ACCESS CONTROL |
| Download unsigned ActiveX controls - Internet Zone | MSCT Windows Server v2004 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Enable dragging of content from different domains across windows - Restricted Sites Zone | MSCT Windows Server v2004 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Enable insecure guest logons | MSCT Windows Server v2004 DC v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Include local path when user is uploading files to a server - Internet Zone | MSCT Windows Server v2004 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Include local path when user is uploading files to a server - Restricted Sites Zone | MSCT Windows Server v20H2 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Internet Explorer Processes - FEATURE_MIME_HANDLING - (Reserved) | MSCT Windows Server v20H2 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Internet Explorer Processes - FEATURE_MIME_SNIFFING - explorer.exe | MSCT Windows Server v20H2 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Internet Explorer Processes - FEATURE_RESTRICT_ACTIVEXINSTALL - (Reserved) | MSCT Windows Server v20H2 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Internet Explorer Processes - FEATURE_WINDOW_RESTRICTIONS - explorer.exe | MSCT Windows Server v20H2 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Internet Explorer Processes - FEATURE_ZONE_ELEVATION - explorer.exe | MSCT Windows Server v20H2 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Internet Explorer Processes - FEATURE_ZONE_ELEVATION - iexplore.exe | MSCT Windows Server v20H2 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Logon options - Internet Zone | MSCT Windows Server v20H2 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Logon options - Restricted Sites Zone | MSCT Windows Server v20H2 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Microsoft network client: Send unencrypted password to third-party SMB servers - EnablePlainTextPassword | MSCT Windows Server v20H2 DC v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing) | MSCT Windows Server v20H2 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes | MSCT Windows Server v20H2 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Navigate windows and frames across different domains - Restricted Sites Zone | MSCT Windows Server v20H2 DC v1.0.0 | Windows | ACCESS CONTROL |
| Network security: LAN Manager authentication level | MSCT Windows Server v20H2 DC v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Require secure RPC communication | MSCT Windows Server v20H2 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Restore files and directories | MSCT Windows Server v20H2 DC v1.0.0 | Windows | ACCESS CONTROL |
| Run .NET Framework-reliant components signed with Authenticode - Restricted Sites Zone | MSCT Windows Server v20H2 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Scripting of Java applets | MSCT Windows Server v20H2 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
