| 2.3.27.19 (L1) Ensure 'Suppress hyperlink warnings' is set to 'Disabled' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 2.8.4.1.4 Ensure 'VBA Macro Notification Settings' is set to 'Enabled: Disable all except digitally signed macros' | CIS Microsoft Office Enterprise v1.2.0 L1 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 2.11.8.7.2.10 Ensure 'VBA Macro Notification Settings' is set to 'Enabled: Disable all except digitally signed macros' | CIS Microsoft Office Enterprise v1.2.0 L1 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 2.11.8.7.2.11 Ensure 'VBA Macro Notification Settings' is set to 'Require macros to be signed by a trusted publisher' | CIS Microsoft Office Enterprise v1.2.0 L1 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 18.10.43.6 (NG) Ensure 'Turn on Microsoft Defender Application Guard in Managed Mode' is set to 'Enabled: 1' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NG | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.44.6 (NG) Ensure 'Turn on Microsoft Defender Application Guard in Managed Mode' is set to 'Enabled: 1' | CIS Microsoft Windows 10 Enterprise v4.0.0 NG | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.76.1.4 (L1) Ensure 'Notify Unsafe App' is set to 'Enabled' | CIS Microsoft Windows 11 Stand-alone v4.0.0 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.76.1.4 (L1) Ensure 'Notify Unsafe App' is set to 'Enabled' | CIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLocker | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.76.1.4 (L1) Ensure 'Notify Unsafe App' is set to 'Enabled' | CIS Microsoft Windows 11 Stand-alone v4.0.0 L1 BL | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Always prevent untrusted Microsoft Query files from opening | MSCT Office 365 ProPlus 1908 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Authentication Failure | CIS Microsoft Exchange Server 2013 CAS v1.1.0 | Windows | |
| Automatically activate Office with federated organization credentials | MSCT M365 Apps for enterprise 2312 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| CIS_Azure_Compute_Microsoft_Windows_Server_2022_Benchmark_v1.0.0_L1_MS.audit from CIS Azure Compute Microsoft Windows Server 2022 Benchmark | CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 MS | Windows | |
| CIS_Azure_Compute_Microsoft_Windows_Server_2022_Benchmark_v1.0.0_MS_NG.audit from CIS Azure Compute Microsoft Windows Server 2022 Benchmark | CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 MS NG | Windows | |
| CIS_Microsoft_Exchange_Server_2016_Level_1_Hub_v1.0.0.audit from CIS Microsoft Exchange Server 2016 v1.0.0 Benchmark | CIS Microsoft Exchange Server 2016 Hub v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| CIS_Microsoft_Intune_for_Windows_10_v4.0.0_BL.audit from CIS Microsoft Intune for Windows 10 Benchmark v4.0.0 | CIS Microsoft Intune for Windows 10 v4.0.0 BL | Windows | |
| CIS_Microsoft_Intune_for_Windows_11_v4.0.0_BL.audit from CIS Microsoft Intune for Windows 11 Benchmark v4.0.0 | CIS Microsoft Intune for Windows 11 v4.0.0 BL | Windows | |
| CIS_Microsoft_Windows_Server_2019_STIG_v3.0.0_L2_Domain_Controller.audit from CIS Microsoft Windows Server 2019 STIG Benchmark v3.0.0 | CIS Microsoft Windows Server 2019 STIG v3.0.0 L2 DC | Windows | |
| CIS_Microsoft_Windows_Server_2019_STIG_v3.0.0_STIG_Member_Server.audit from CIS Microsoft Windows Server 2019 STIG Benchmark v3.0.0 | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS | Windows | |
| CIS_Microsoft_Windows_Server_2022_STIG_v2.0.0_L1_Member_Server.audit from CIS Microsoft Windows Server 2022 STIG Benchmark v2.0.0 | CIS Microsoft Windows Server 2022 STIG v2.0.0 L1 Member Server | Windows | |
| CIS_MS_Windows_8.1_v2.4.1_Level_1.audit from CIS Microsoft Windows 8.1 Workstation Benchmark v2.4.1 | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | |
| DTOO131 - Trust Bar Notifications for unsigned application add-ins must be blocked. | DISA STIG Microsoft Publisher 2013 v1r6 | Windows | CONFIGURATION MANAGEMENT |
| DTOO133 - All automatic loading from trusted locations must be disabled. | DISA STIG Microsoft Word 2013 v1r7 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO138 - Internet links and Network UNCs created as embedded hyperlinks must be prevented. | DISA STIG Microsoft Excel 2013 v1r8 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO141 - The AutoRepublish warning alert must be provided. | DISA STIG Microsoft Excel 2013 v1r8 | Windows | CONFIGURATION MANAGEMENT |
| DTOO142 - The scanning of encrypted macros in open XML documents must be enforced. | DISA STIG Microsoft Excel 2013 v1r8 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO143 - File types must be configured to provide mismatch warnings | DISA STIG Microsoft Excel 2013 v1r8 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| DTOO158 - Disabling the opening of solutions from the Internet Security Zone must be configured. | DISA STIG Microsoft InfoPath 2013 v1r6 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO164 - Beaconing UI shown for opened forms must be configured. | DISA STIG Microsoft InfoPath 2013 v1r6 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO172 - Disabling email forms from the Internet Security Zone must be configured. | DISA STIG Microsoft InfoPath 2013 v1r6 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO185 - Office System - Automatic receiving of small updates to improve reliability must be disallowed. | DISA STIG Office System 2010 v1r13 | Windows | CONFIGURATION MANAGEMENT |
| DTOO215 - Read signed email as plain text must be enforced. | DISA STIG Microsoft Outlook 2013 v1r14 | Windows | CONFIGURATION MANAGEMENT |
| DTOO216 - Publishing calendars to Office Online must be prevented. | DISA STIG Microsoft Outlook 2013 v1r14 | Windows | CONFIGURATION MANAGEMENT |
| DTOO224 - Recipients of sent email must be unable to be added to the safe senders list. | DISA STIG Microsoft Outlook 2013 v1r14 | Windows | CONFIGURATION MANAGEMENT |
| DTOO234 - ActiveX One-Off forms must be configured. | DISA STIG Microsoft Outlook 2013 v1r14 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO237 - The remember password for internet e-mail accounts must be disabled. | DISA STIG Microsoft Outlook 2013 v1r14 | Windows | IDENTIFICATION AND AUTHENTICATION |
| DTOO245 - Level 2 file extensions must be blocked and not removed. | DISA STIG Microsoft Outlook 2013 v1r14 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO257 - S/Mime interoperability with external clients for message handling must be configured. | DISA STIG Microsoft Outlook 2013 v1r14 | Windows | IDENTIFICATION AND AUTHENTICATION |
| DTOO264 - Send all signed messages as clear signed messages must be configured. | DISA STIG Microsoft Outlook 2013 v1r14 | Windows | CONFIGURATION MANAGEMENT |
| DTOO266 - Automatic sending s/Mime receipt requests must be disallowed. | DISA STIG Microsoft Outlook 2013 v1r14 | Windows | CONFIGURATION MANAGEMENT |
| DTOO268 - Missing Root Certificates warning must be enforced. | DISA STIG Microsoft Outlook 2013 v1r14 | Windows | IDENTIFICATION AND AUTHENTICATION |
| DTOO295 - InfoPath email forms in Outlook must be disallowed. | DISA STIG Microsoft InfoPath 2013 v1r6 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO296 - Disabling opening forms with managed code from the Internet security zone must be configured. | DISA STIG Microsoft InfoPath 2013 v1r6 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO297 - A form that is digitally signed must be displayed with a warning. | DISA STIG Microsoft InfoPath 2013 v1r6 | Windows | CONFIGURATION MANAGEMENT |
| DTOO304 - Warning Bar settings for VBA macros must be configured. | DISA STIG Microsoft Visio 2013 v1r5 | Windows | CONFIGURATION MANAGEMENT |
| DTOO304 - Warning Bar settings for VBA macros must be configured. | DISA STIG Microsoft Excel 2013 v1r8 | Windows | CONFIGURATION MANAGEMENT |
| DTOO315 - Outlook must be configured not to prompt users to choose security settings if default settings fail. | DISA STIG Microsoft Outlook 2013 v1r14 | Windows | CONFIGURATION MANAGEMENT |
| DTOO346 - Untrusted intranet zone access to Project servers must not be allowed. | DISA STIG Microsoft Project 2013 v1r5 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO419 - Corrupt workbook options must be disallowed. | DISA STIG Microsoft Excel 2013 v1r8 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX13-EG-000275 - Exchange must have antispam filtering configured. | DISA Microsoft Exchange 2013 Edge Transport Server STIG v1r6 | Windows | SYSTEM AND INFORMATION INTEGRITY |
