| 2.2.4.7.2.1.2 Ensure 'Don't allow Dynamic Data Exchange (DDE) server launch in Excel' is set to 'Enabled' | CIS Microsoft Office Enterprise v1.2.0 L1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.2.4.7.2.3.2 (L1) Ensure 'Do not open files from the internet zone in Protected View' is set to 'Disabled' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.2.4.7.2.3.3 (L1) Ensure 'Do not open files in unsafe locations in Protected View' is set to 'Disabled' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.2.4.7.2.3.3 Ensure 'Do not open files in unsafe locations in Protected View' is set to 'Disabled' | CIS Microsoft Office Enterprise v1.2.0 L1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.2.4.7.2.3.4 Ensure 'Set document behavior if file validation fails' is set to 'Enabled: Open in Protected View' | CIS Microsoft Office Enterprise v1.2.0 L1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.5.14.1.1 (L1) Ensure 'Automatically download content for e-mail from people in Safe Senders and Safe Recipients Lists' is set to 'Disabled' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.6.6.6.2.2.3 (L1) Ensure 'Set document behavior if file validation fails' is set to 'Enabled: Open in Protected View' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.6.6.6.2.8 (L1) Ensure 'VBA Macro Notification Settings' is set to 'Enabled: Disable all except digitally signed macros' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.6.6.6.2.8 Ensure 'VBA Macro Notification Settings' is set to 'Enabled: Disable all except digitally signed macros' | CIS Microsoft Office Enterprise v1.2.0 L1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.11.8.1.2 (L1) Ensure 'Update automatic links at Open' is set to 'Disabled' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.11.8.7.2.2.1 (L1) Ensure 'Do not open files from the internet zone in Protected View' is set to 'Disabled' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.11.8.7.2.2.2 (L1) Ensure 'Do not open files in unsafe locations in Protected View' is set to 'Disabled' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 19.7.46.2.1 (L2) Ensure 'Prevent Codec Download' is set to 'Enabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 L2 BL | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Access data sources across domains - Internet Zone | MSCT Windows 11 v22H2 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Access data sources across domains - Restricted Sites Zone | MSCT Windows Server 2025 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Allow active scripting | MSCT Windows Server 2025 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Allow loading of XAML files - Internet Zone | MSCT Windows 11 v22H2 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Allow loading of XAML files - Restricted Sites Zone | MSCT Windows Server 2025 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Allow only approved domains to use ActiveX controls without prompt - Restricted Sites Zone | MSCT Windows Server 2025 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Allow only approved domains to use ActiveX controls without prompt - Restricted Sites Zone | MSCT Windows Server 2025 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Allow VBScript to run in Internet Explorer - Restricted Sites Zone | MSCT Windows Server 2025 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Do not allow ActiveX controls to run in Protected Mode when Enhanced Protected Mode is enabled | MSCT Windows Server 2025 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Don't run antimalware programs against ActiveX controls - Intranet Zone | MSCT Windows Server 2025 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Don't run antimalware programs against ActiveX controls - Local Machine Zone | MSCT Windows 11 v22H2 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Don't run antimalware programs against ActiveX controls - Trusted Sites Zone | MSCT Windows Server 2025 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Download signed ActiveX controls - Restricted Sites Zone | MSCT Windows Server 2025 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Download signed ActiveX controls - Restricted Sites Zone | MSCT Windows 11 v22H2 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Enable dragging of content from different domains across windows - Internet Zone | MSCT Windows 11 v22H2 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Enable dragging of content from different domains within a window - Internet Zone | MSCT Windows 11 v22H2 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Initialize and script ActiveX controls not marked as safe - Internet Zone | MSCT Windows 11 v22H2 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Initialize and script ActiveX controls not marked as safe - Intranet Zone | MSCT Windows Server 2025 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Initialize and script ActiveX controls not marked as safe - Restricted Sites Zone | MSCT Windows Server 2025 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Initialize and script ActiveX controls not marked as safe - Trusted Sites Zone | MSCT Windows Server 2025 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Internet Explorer Processes - FEATURE_MIME_HANDLING - (Reserved) | MSCT Windows Server 2025 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Internet Explorer Processes - FEATURE_MIME_HANDLING - (Reserved) | MSCT Windows 11 v22H2 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Internet Explorer Processes - FEATURE_MIME_HANDLING - iexplore.exe | MSCT Windows Server 2025 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Internet Explorer Processes - FEATURE_MIME_HANDLING - iexplore.exe | MSCT Windows 11 v22H2 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Internet Explorer Processes - FEATURE_MIME_SNIFFING - iexplore.exe | MSCT Windows 11 v22H2 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Internet Explorer Processes - FEATURE_RESTRICT_ACTIVEXINSTALL - (Reserved) | MSCT Windows Server 2025 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Internet Explorer Processes - FEATURE_RESTRICT_ACTIVEXINSTALL - explorer.exe | MSCT Windows Server 2025 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Prevent bypassing SmartScreen Filter warnings about files that are not commonly downloaded from the Internet | MSCT Windows Server 2025 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Prevent managing SmartScreen Filter | MSCT Windows Server 2025 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Prevent per-user installation of ActiveX controls | MSCT Windows Server 2025 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Restrict ActiveX Install - visio.exe | MSCT M365 Apps for enterprise 2412 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Restrict legacy JScript execution for Office - mspub.exe | MSCT M365 Apps for enterprise 2412 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Restrict legacy JScript execution for Office - outlook.exe | MSCT M365 Apps for enterprise 2412 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Run .NET Framework-reliant components signed with Authenticode - Internet Zone | MSCT Windows Server 2025 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Run ActiveX controls and plugins | MSCT Windows Server 2025 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Run ActiveX controls and plugins | MSCT Windows Server 2025 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| VBA Macro Notification Settings - vbawarnings word | MSCT M365 Apps for enterprise 2412 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
