| 1.1 Set 'Maximum send size - connector level' to '10240' | CIS Microsoft Exchange Server 2013 Edge v1.1.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2 Set 'Maximum receive size - organization level' to '10240' | CIS Microsoft Exchange Server 2013 Hub v1.1.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.3 Set 'Enable Sender ID agent' to 'True' | CIS Microsoft Exchange Server 2013 Edge v1.1.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 1.4 Set 'External send connector authentication: DNS Routing' to 'True' | CIS Microsoft Exchange Server 2013 Edge v1.1.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.5 Set 'Configure Sender Filtering' to 'Enabled' | CIS Microsoft Exchange Server 2013 Hub v1.1.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 1.6 Set 'Enable Sender reputation' to 'True' - OpenProxyDetectionEnabled | CIS Microsoft Exchange Server 2013 Edge v1.1.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 1.6 Set 'Enable Sender reputation' to 'True' - SenderBlockingEnabled | CIS Microsoft Exchange Server 2013 Edge v1.1.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 1.7 Set 'Maximum number of recipients - organization level' to '5000' | CIS Microsoft Exchange Server 2013 Hub v1.1.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.8 Set 'External send connector authentication: Ignore Start TLS' to 'False' | CIS Microsoft Exchange Server 2013 Edge v1.1.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.9 Set 'Configure login authentication for POP3' to 'SecureLogin' | CIS Microsoft Exchange Server 2013 CAS v1.1.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 1.10 Set receive connector 'Configure Protocol logging' to 'Verbose' | CIS Microsoft Exchange Server 2013 Edge v1.1.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 1.11 Set send connector 'Configure Protocol logging' to 'Verbose' | CIS Microsoft Exchange Server 2013 Edge v1.1.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 1.12 Set 'External send connector authentication: Domain Security' to 'True' | CIS Microsoft Exchange Server 2013 Edge v1.1.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.13 Set 'Message tracking logging - Transport' to 'True' | CIS Microsoft Exchange Server 2013 Hub v1.1.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 1.14 Set 'Message tracking logging - Mailbox' to 'True' | CIS Microsoft Exchange Server 2013 Mailbox v1.1.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 1.15 Set 'Configure login authentication for IMAP4' to 'SecureLogin' | CIS Microsoft Exchange Server 2013 CAS v1.1.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 1.16 Set 'Turn on Connectivity logging' to 'True' | CIS Microsoft Exchange Server 2013 Edge v1.1.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 1.17 Set 'Maximum send size - organization level' to '10240' | CIS Microsoft Exchange Server 2013 Hub v1.1.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.18 Set 'Maximum receive size - connector level' to '10240' | CIS Microsoft Exchange Server 2013 Hub v1.1.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.1 Set 'Mailbox quotas: Issue warning at' to '1991680' | CIS Microsoft Exchange Server 2013 Mailbox v1.1.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.2 Set 'Mailbox quotas: Prohibit send and receive at' to '2411520' | CIS Microsoft Exchange Server 2013 Mailbox v1.1.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3 Set 'Mailbox quotas: Prohibit send at' to '2097152' | CIS Microsoft Exchange Server 2013 Mailbox v1.1.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.28.2 Ensure 'Disable the Office client from polling the SharePoint Server for published links' is set to 'Enabled' | CIS Microsoft Office Enterprise v1.2.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 2.4 Set 'Keep deleted mailboxes for the specified number of days' to '30' | CIS Microsoft Exchange Server 2013 Mailbox v1.1.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 2.5 Set 'Do not permanently delete items until the database has been backed up' to 'True' | CIS Microsoft Exchange Server 2013 Mailbox v1.1.0 | Windows | CONTINGENCY PLANNING |
| 2.8.4.1.4 (L1) Ensure 'VBA Macro Notification Settings' is set to 'Enabled: Disable all except digitally signed macros' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 2.9 Set 'Minimum password length' to '4' or greater | CIS Microsoft Exchange Server 2013 CAS v1.1.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 2.11.1.2 Ensure 'Disable UI Extending from Documents and Templates' is set to Enabled - InfoPath | CIS Microsoft Office 2016 v1.1.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.11.8.7.2.10 (L1) Ensure 'VBA Macro Notification Settings' is set to 'Enabled: Disable all except digitally signed macros' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 2.12 Set 'Configure dial plan security' to 'Secured' | CIS Microsoft Exchange Server 2013 UM v1.1.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.13 Set 'Allow access to voicemail without requiring a PIN' to 'False' | CIS Microsoft Exchange Server 2013 UM v1.1.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 2.14 Set 'Retain deleted items for the specified number of days' to '14' | CIS Microsoft Exchange Server 2013 Mailbox v1.1.0 | Windows | CONTINGENCY PLANNING |
| 2.15 Set 'Allow unmanaged devices' to 'False' | CIS Microsoft Exchange Server 2013 CAS v1.1.0 | Windows | ACCESS CONTROL |
| 2.16 Set 'Require encryption on device' to 'True' | CIS Microsoft Exchange Server 2013 CAS v1.1.0 | Windows | ACCESS CONTROL |
| 2.17 Set 'Time without user input before password must be re-entered' to '15' | CIS Microsoft Exchange Server 2013 CAS v1.1.0 | Windows | ACCESS CONTROL |
| 2.17.2 Ensure 'Never Allow Users to Specify Groups When Restricting Permission for Documents' is set to Enabled | CIS Microsoft Office 2016 v1.1.0 | Windows | ACCESS CONTROL |
| 2.19 Set 'Require client MAPI encryption' to 'True' | CIS Microsoft Exchange Server 2013 CAS v1.1.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.20 Set 'Number of attempts allowed' to '10' | CIS Microsoft Exchange Server 2013 CAS v1.1.0 | Windows | ACCESS CONTROL |
| 2.24.1.5 Ensure 'Send personal information' is set to Disabled | CIS Microsoft Office 2016 v1.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 2.25.8 Ensure 'Encryption Type for Password Protected Office Open XML Files' is set to Enabled | CIS Microsoft Office 2016 v1.1.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.25.12 Ensure 'Automation Security' is set to Enabled (Disable Macros by Default) | CIS Microsoft Office 2016 v1.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 2.26.2 Ensure 'Disable The Office Client From Polling The SharePoint Server For Published Links' is set to Enabled | CIS Microsoft Office 2016 v1.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 3.1 Set cmdlets 'Turn on Administrator Audit Logging' to 'True' | CIS Microsoft Exchange Server 2013 UM v1.1.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 3.2 Set 'Require Client Certificates' to 'Required' | CIS Microsoft Exchange Server 2013 CAS v1.1.0 | Windows | |
| 3.3 Set 'Turn on script execution' to 'RemoteSigned' | CIS Microsoft Exchange Server 2013 Hub v1.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 3.5 Set 'Enable automatic replies to remote domains' to 'False' | CIS Microsoft Exchange Server 2013 Hub v1.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 3.6 Set 'Allow basic authentication' to 'False' | CIS Microsoft Exchange Server 2013 CAS v1.1.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 3.7 Set 'Enable non-delivery reports to remote domains' to 'False' | CIS Microsoft Exchange Server 2013 Hub v1.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 3.8 Set 'Enable OOF messages to remote domains' to 'None' | CIS Microsoft Exchange Server 2013 Hub v1.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 3.9 Set 'Enable automatic forwards to remote domains' to 'False' | CIS Microsoft Exchange Server 2013 Hub v1.1.0 | Windows | CONFIGURATION MANAGEMENT |
