| 1.1.5.1 Ensure 'Enable Automatic Updates' is set to 'Enabled' | CIS Microsoft Office Enterprise v1.2.0 L1 | Windows | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 1.1.5.2 Ensure 'Hide option to enable or disable updates' is set to 'Enabled' | CIS Microsoft Office Enterprise v1.2.0 L1 | Windows | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 1.2.6.1 (L1) Ensure 'Enable Automatic Updates' is set to 'Enabled' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 1.3.1 Ensure 'Enable Automatic Updates' is set to Enabled | CIS Microsoft Office 2016 v1.1.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 1.3.2 Ensure 'Hide Option to Enable or Disable Updates' is set to Enabled | CIS Microsoft Office 2016 v1.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 2.1.1 (L2) Ensure Safe Links for Office Applications is Enabled | CIS Microsoft 365 Foundations v5.0.0 L2 E5 | microsoft_azure | SYSTEM AND INFORMATION INTEGRITY |
| 2.2.4.7.2.1.1 (L1) Ensure 'Always prevent untrusted Microsoft Query files from opening' is set to 'Enabled' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.2.4.7.2.2.13 (L1) Ensure 'Set default file block behavior' is set to 'Enabled: Blocked files are not opened' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 2.2.4.7.2.2.13 Ensure 'Set default file block behavior' is set to 'Enabled: Blocked files are not opened' | CIS Microsoft Office Enterprise v1.2.0 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 2.2.4.7.2.3.1 (L1) Ensure 'Always open untrusted database files in Protected View' is set to 'Enabled' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.2.4.7.2.3.3 (L1) Ensure 'Do not open files in unsafe locations in Protected View' is set to 'Disabled' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.2.4.7.2.3.4 (L1) Ensure 'Set document behavior if file validation fails' is set to 'Enabled: Open in Protected View' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.2.4.7.2.3.5 (L1) Ensure 'Set document behavior if file validation fails' is set to 'Unchecked: Do not allow edit' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 2.2.4.7.2.3.6 (L1) Ensure 'Turn off Protected View for attachments opened from Outlook' is set to 'Disabled' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.2.4.7.2.4.1 (L1) Ensure 'Allow Trusted Locations on the network' is set to 'Disabled' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 2.3.18.3 Ensure 'Always require users to connect to verify permission' is set to 'Enabled' | CIS Microsoft Office Enterprise v1.2.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 2.3.25.1.2 Ensure 'Automatically receive small updates to improve reliability' is set to 'Disabled' | CIS Microsoft Office Enterprise v1.2.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 2.3.25.1.5 Ensure 'Send personal information' is set to 'Disabled' | CIS Microsoft Office Enterprise v1.2.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 2.3.27.5 (L1) Ensure 'Allow Basic Authentication prompts from network proxies' is set to 'Disabled' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 2.3.27.5 Ensure 'Allow Basic Authentication prompts from network proxies' is set to 'Disabled' | CIS Microsoft Office Enterprise v1.2.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 2.3.36.2.1 (L2) Ensure 'Online Content Options' is set to 'Enabled: Do not allow Office to connect to the Internet' | CIS Microsoft Intune for Office v1.1.0 L2 | Windows | CONFIGURATION MANAGEMENT |
| 2.3.36.2.1 Ensure 'Online Content Options' is set to 'Enabled: Do not allow Office to connect to the Internet' | CIS Microsoft Office Enterprise v1.2.0 L2 | Windows | CONFIGURATION MANAGEMENT |
| 2.3.39.2 (L1) Ensure 'Automatically receive small updates to improve reliability' is set to 'Disabled' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 2.11.8.7.2.7 Ensure 'Require that application add-ins are signed by Trusted Publisher' is set to 'Enabled' | CIS Microsoft Office Enterprise v1.2.0 L1 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 2.24.1.6 Ensure Set 'Automatically Receive Small Updates to Improve Reliability' is set to Disabled | CIS Microsoft Office 2016 v1.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 5.2.1 Set 'Automatically receive small updates to improve reliability' to 'Disabled' | CIS MS Office Outlook 2010 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 5.2.2 Set 'Disable Opt-in Wizard on first run' to 'Enabled' | CIS MS Office Outlook 2010 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 6.4 Set 'Always require users to connect to verify permission' to 'Enabled' | CIS MS Office Outlook 2010 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 6.7 Set 'Turn off all user customizations: Disallow in Outlook' to 'Enabled:True' | CIS MS Office Outlook 2010 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Automatically activate Office with federated organization credentials | MSCT Microsoft 365 Apps for Enterprise 2112 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Automatically activate Office with federated organization credentials | Microsoft 365 Apps for Enterprise 2306 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Automatically activate Office with federated organization credentials | MSCT M365 Apps for enterprise 2412 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Automatically activate Office with federated organization credentials | MSCT Microsoft 365 Apps for Enterprise 2206 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Automatically activate Office with federated organization credentials | MSCT M365 Apps for enterprise 2312 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Block Flash activation in Office documents | MSCT M365 Apps for enterprise 2312 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Default Protections for Recommended Software - Excel | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Default Protections for Recommended Software - Excel | MSCT Windows Server 2012 R2 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| DTOO169 - Disable dynamic caching of the form template in InfoPath eMail forms. | DISA STIG Microsoft InfoPath 2013 v1r6 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO190 - Office System - The encryption type for password protected Office 97 thru Office 2003 must be set. | DISA STIG Office System 2010 v1r13 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO293 - PowerPoint - Attachments opened from Outlook must be in Protected View. | DISA STIG Office 2010 PowerPoint v1r11 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO293 - Word - Attachments opened from Outlook must be in Protected View. | DISA STIG Office 2010 Word v1r12 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO307 - Office System - Office Live Workspace Integration must be off. | DISA STIG Office System 2010 v1r13 | Windows | CONFIGURATION MANAGEMENT |
| DTOO403 - The video informing a user about signing into Office365 must be disabled. | DISA STIG Microsoft Office System 2013 v2r2 | Windows | CONFIGURATION MANAGEMENT |
| DTOO404 - The first-run prompt to sign into Office365 must be disabled. | DISA STIG Microsoft Office System 2013 v2r2 | Windows | CONFIGURATION MANAGEMENT |
| DTOO405 - The ability to sign into Office365 must be disabled. | DISA STIG Microsoft Office System 2013 v2r2 | Windows | CONFIGURATION MANAGEMENT |
| DTOO413 - Users must be prevented from using or inserting apps that come from the Office Store. | DISA STIG Microsoft Office System 2013 v2r2 | Windows | CONFIGURATION MANAGEMENT |
| DTOO416 - The Office Telemetry Agent must be configured to obfuscate the file name, file path, and title of Office documents before uploading telemetry data to the shared folder. | DISA STIG Microsoft Office System 2013 v2r2 | Windows | CONFIGURATION MANAGEMENT |
| DTOO416 - The Office Telemetry Agent must be configured to obfuscate the file name, file path, and title of Office documents before uploading telemetry data to the shared folder. | DISA Microsoft Office System 2016 STIG v2r4 | Windows | CONFIGURATION MANAGEMENT |
| DTOO426 - Word must be configured to warn when opening a document with custom XML markup. | DISA STIG Microsoft Word 2013 v1r7 | Windows | CONFIGURATION MANAGEMENT |
| DTOO601 - The ability to send personal information to Office must be disabled. | DISA Microsoft Office System 2016 STIG v2r4 | Windows | CONFIGURATION MANAGEMENT |
