| 2.3.5.2 (L1) Ensure 'Domain controller: Allow vulnerable Netlogon secure channel connections' is set to 'Not Configured' (DC Only) | CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1 | Windows | CONFIGURATION MANAGEMENT |
| 2.3.15.2 (L1) Ensure 'System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links)' is set to 'Enabled' | CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1 | Windows | CONFIGURATION MANAGEMENT |
| 2.4 Ensure 'forms authentication' is set to use cookies | CIS IIS 8.0 v1.5.1 Level 2 | Windows | CONFIGURATION MANAGEMENT |
| 3.1 Ensure 'deployment method retail' is set | CIS IIS 8.0 v1.5.1 Level 1 | Windows | CONFIGURATION MANAGEMENT |
| Add-on Management - winproj.exe | MSCT M365 Apps for enterprise 2412 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Add-on Management - winword.exe | MSCT M365 Apps for enterprise 2412 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow Trusted Locations on the network - powerpoint | MSCT M365 Apps for enterprise 2412 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Configure Outlook object model prompt when sending mail | MSCT M365 Apps for enterprise 2412 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Consistent Mime Handling - excel.exe | MSCT M365 Apps for enterprise 2412 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Consistent Mime Handling - winword.exe | MSCT M365 Apps for enterprise 2412 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Control how Office handles form-based sign-in prompts | MSCT M365 Apps for enterprise 2412 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Disable user name and password - pptview.exe | MSCT M365 Apps for enterprise 2412 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Disable user name and password - winproj.exe | MSCT M365 Apps for enterprise 2412 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Disable user name and password - winword.exe | MSCT M365 Apps for enterprise 2412 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Information Bar - excel.exe | MSCT M365 Apps for enterprise 2412 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Information Bar - msaccess.exe | MSCT M365 Apps for enterprise 2412 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Information Bar - winword.exe | MSCT M365 Apps for enterprise 2412 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Local Machine Zone Lockdown Security - excel.exe | MSCT M365 Apps for enterprise 2412 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Local Machine Zone Lockdown Security - powerpnt.exe | MSCT M365 Apps for enterprise 2412 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Local Machine Zone Lockdown Security - visio.exe | MSCT M365 Apps for enterprise 2412 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Mime Sniffing Safety Feature - groove.exe | MSCT M365 Apps for enterprise 2412 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Mime Sniffing Safety Feature - msaccess.exe | MSCT M365 Apps for enterprise 2412 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Mime Sniffing Safety Feature - onenote.exe | MSCT M365 Apps for enterprise 2412 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Mime Sniffing Safety Feature - outlook.exe | MSCT M365 Apps for enterprise 2412 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Mime Sniffing Safety Feature - powerpnt.exe | MSCT M365 Apps for enterprise 2412 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Mime Sniffing Safety Feature - winword.exe | MSCT M365 Apps for enterprise 2412 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| MS.AAD.7.5v1 - Provisioning users to highly privileged roles SHALL NOT occur outside of a PAM system. | CISA SCuBA Microsoft 365 Entra ID v1.5.0 | microsoft_azure | CONFIGURATION MANAGEMENT |
| MS.POWERPLATFORM.1.2v1 - The ability to create trial environments SHALL be restricted to admins. | CISA SCuBA Microsoft 365 Power Platform v1.5.0 | microsoft_azure | CONFIGURATION MANAGEMENT |
| MS.TEAMS.1.1v1 - External meeting participants SHOULD NOT be enabled to request control of shared desktops or windows. | CISA SCuBA Microsoft 365 Teams v1.5.0 | microsoft_azure | CONFIGURATION MANAGEMENT |
| Navigate URL - mspub.exe | MSCT M365 Apps for enterprise 2412 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Navigate URL - onenote.exe | MSCT M365 Apps for enterprise 2412 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Navigate URL - outlook.exe | MSCT M365 Apps for enterprise 2412 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Navigate URL - winword.exe | MSCT M365 Apps for enterprise 2412 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Object Caching Protection - onenote.exe | MSCT M365 Apps for enterprise 2412 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Object Caching Protection - winword.exe | MSCT M365 Apps for enterprise 2412 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Protection From Zone Elevation - excel.exe | MSCT M365 Apps for enterprise 2412 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Protection From Zone Elevation - exprwd.exe | MSCT M365 Apps for enterprise 2412 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Protection From Zone Elevation - groove.exe | MSCT M365 Apps for enterprise 2412 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Protection From Zone Elevation - powerpnt.exe | MSCT M365 Apps for enterprise 2412 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Restrict File Download - groove.exe | MSCT M365 Apps for enterprise 2412 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Restrict File Download - mspub.exe | MSCT M365 Apps for enterprise 2412 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Restrict File Download - pptview.exe | MSCT M365 Apps for enterprise 2412 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Restrict File Download - spdesign.exe | MSCT M365 Apps for enterprise 2412 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Restrict File Download - winword.exe | MSCT M365 Apps for enterprise 2412 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Saved from URL - exprwd.exe | MSCT M365 Apps for enterprise 2412 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Scripted Window Security Restrictions - onenote.exe | MSCT M365 Apps for enterprise 2412 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Scripted Window Security Restrictions - outlook.exe | MSCT M365 Apps for enterprise 2412 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Scripted Window Security Restrictions - winword.exe | MSCT M365 Apps for enterprise 2412 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Set document behavior if file validation fails - powerpoint | MSCT M365 Apps for enterprise 2412 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Set document behavior if file validation fails - word | MSCT M365 Apps for enterprise 2412 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
