| 2.2.4.7.2.4.2 (L2) Ensure 'Disable all trusted locations' is set to 'Enabled' | CIS Microsoft Intune for Office v1.1.0 L2 | Windows | CONFIGURATION MANAGEMENT |
| 2.3.25.2 (L2) Ensure 'Remove Office Presentation Service from the list of online presentation services in PowerPoint and Word' is set to 'Enabled' | CIS Microsoft Intune for Office v1.1.0 L2 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.36.1.1 (L2) Ensure 'Conversion Service Options' is set to 'Enabled: Do not allow to use Microsoft Conversion Service' | CIS Microsoft Intune for Office v1.1.0 L2 | Windows | CONFIGURATION MANAGEMENT |
| 2.5.4.1 (L1) Ensure 'Do not allow Home Page URL to be set in folder Properties' is set to 'Enabled' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 2.5.9.2.1 (L1) Ensure 'PST Null Data on Delete' is set to 'Enabled' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | MEDIA PROTECTION |
| 2.5.10.8.3.2 (L2) Ensure 'Read signed e-mail as plain text' is set to 'Enabled' | CIS Microsoft Intune for Office v1.1.0 L2 | Windows | CONFIGURATION MANAGEMENT |
| 2.5.14.3.6 (L1) Ensure 'Allow hyperlinks in suspected phishing e-mail messages' is set to 'Disabled' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 2.5.14.3.22 (L1) Ensure 'Minimum encryption settings' is set to 'Enabled: 256' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.5.14.3.23 (L1) Ensure 'Outlook Security Policy' is set to 'Use Outlook Security Group Policy' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 2.5.14.3.28 (L1) Ensure 'Security setting for macros' is set to 'Enabled: Warn for signed, disable unsigned' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 2.5.14.3.29 (L1) Ensure 'Set Outlook object model custom actions execution prompt' is set to 'Enabled: Automatically Deny' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.5.14.3.31 (L1) Ensure 'Use Unicode format when dragging e-mail message to file system' is set to 'Disabled' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 2.6.6.6.3 (L1) Ensure 'Make hidden markup visible' is set to 'Enabled' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 2.8.4.1.1 (L1) Ensure 'Block macros from running in Office files from the internet' is set to 'Enabled' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 2.8.4.1.2 (L1) Ensure 'Require that application add-ins are signed by Trusted Publisher' to 'Enabled' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 18.10.43.6 (L1) Ensure 'Turn on Microsoft Defender Application Guard in Managed Mode' is set to 'Enabled: 1' | CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.44.6 (L1) Ensure 'Turn on Microsoft Defender Application Guard in Managed Mode' is set to 'Enabled: 1' | CIS Microsoft Windows 11 Enterprise v4.0.0 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.44.6 (L1) Ensure 'Turn on Microsoft Defender Application Guard in Managed Mode' is set to 'Enabled: 1' | CIS Microsoft Windows 11 Stand-alone v4.0.0 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.44.6 (L1) Ensure 'Turn on Microsoft Defender Application Guard in Managed Mode' is set to 'Enabled: 1' | CIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLocker | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Always prevent untrusted Microsoft Query files from opening | MSCT Office 365 ProPlus 1908 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Automatically activate Office with federated organization credentials | MSCT M365 Apps for enterprise 2312 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Automatically activate Office with federated organization credentials | MSCT Microsoft 365 Apps for Enterprise 2112 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Automatically activate Office with federated organization credentials | Microsoft 365 Apps for Enterprise 2306 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| CIS_Azure_Compute_Microsoft_Windows_Server_2022_Benchmark_v1.0.0_DC_NG.audit from CIS Azure Compute Microsoft Windows Server 2022 Benchmark | CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 DC NG | Windows | |
| CIS_DC_SERVER_2012_R2_Level_1_v3.0.0.audit from CIS Microsoft Windows Server 2012 R2 Benchmark | CIS Windows Server 2012 R2 DC L1 v3.0.0 | Windows | |
| CIS_DC_SERVER_2012_R2_Level_2_v3.0.0.audit from CIS Microsoft Windows Server 2012 R2 Benchmark | CIS Windows Server 2012 R2 DC L2 v3.0.0 | Windows | |
| CIS_Microsoft_Exchange_Server_2016_Level_1_CAS_v1.0.0.audit from CIS Microsoft Exchange Server 2016 v1.0.0 Benchmark | CIS Microsoft Exchange Server 2016 CAS v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| CIS_Microsoft_Exchange_Server_2016_Level_1_Mailbox_v1.0.0.audit from CIS Microsoft Exchange Server 2016 v1.0.0 Benchmark | CIS Microsoft Exchange Server 2016 Mailbox v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| CIS_Microsoft_Windows_11_Enterprise_v4.0.0_L2.audit from CIS Microsoft Windows 11 Enterprise Benchmark v4.0.0 | CIS Microsoft Windows 11 Enterprise v4.0.0 L2 | Windows | |
| CIS_Microsoft_Windows_Server_2016_STIG_v3.0.0_L1_DC.audit from CIS Microsoft Windows Server 2016 STIG Benchmark v3.0.0 | CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 Domain Controller | Windows | |
| CIS_Microsoft_Windows_Server_2016_STIG_v3.0.0_NG_DC.audit from CIS Microsoft Windows Server 2016 STIG Benchmark v3.0.0 | CIS Microsoft Windows Server 2016 STIG v3.0.0 NG DC | Windows | |
| CIS_Microsoft_Windows_Server_2016_STIG_v3.0.0_NG_MS.audit from CIS Microsoft Windows Server 2016 STIG Benchmark v3.0.0 | CIS Microsoft Windows Server 2016 STIG v3.0.0 NG MS | Windows | |
| CIS_Microsoft_Windows_Server_2016_STIG_v3.0.0_STIG_DC.audit from CIS Microsoft Windows Server 2016 STIG Benchmark v3.0.0 | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC | Windows | |
| CIS_Microsoft_Windows_Server_2016_STIG_v3.0.0_STIG_MS.audit from CIS Microsoft Windows Server 2016 STIG Benchmark v3.0.0 | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MS | Windows | |
| CIS_Microsoft_Windows_Server_2019_STIG_v3.0.0_STIG_Domain_Controller.audit from CIS Microsoft Windows Server 2019 STIG Benchmark v3.0.0 | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DC | Windows | |
| CIS_Microsoft_Windows_Server_2022_STIG_v2.0.0_L1_Domain_Controller.audit from CIS Microsoft Windows Server 2022 STIG Benchmark v2.0.0 | CIS Microsoft Windows Server 2022 STIG v2.0.0 L1 Domain Controller | Windows | |
| CIS_Microsoft_Windows_Server_2022_STIG_v2.0.0_L2_Domain_Controller.audit from CIS Microsoft Windows Server 2022 STIG Benchmark v2.0.0 | CIS Microsoft Windows Server 2022 STIG v2.0.0 L2 Domain Controller | Windows | |
| CIS_Microsoft_Windows_Server_2022_STIG_v2.0.0_STIG_Domain_Controller.audit from CIS Microsoft Windows Server 2022 STIG Benchmark v2.0.0 | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | |
| CIS_Microsoft_Windows_Server_2022_STIG_v2.0.0_STIG_Member_Server.audit from CIS Microsoft Windows Server 2022 STIG Benchmark v2.0.0 | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MS | Windows | |
| CIS_MS_SERVER_2012_R2_Level_1_v3.0.0.audit from CIS Microsoft Windows Server 2012 R2 Benchmark | CIS Windows Server 2012 R2 MS L1 v3.0.0 | Windows | |
| CIS_MS_SERVER_2012_R2_Level_2_v3.0.0.audit from CIS Microsoft Windows Server 2012 R2 Benchmark | CIS Windows Server 2012 R2 MS L2 v3.0.0 | Windows | |
| CIS_MS_Windows_8.1_v2.4.1_Level_2.audit from CIS Microsoft Windows 8.1 Workstation Benchmark v2.4.1 | CIS Microsoft Windows 8.1 v2.4.1 L2 | Windows | |
| DTOO134 - Disallowance of trusted locations on the network must be enforced. | DISA STIG Microsoft Word 2013 v1r7 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO134 - Disallowance of trusted locations on the network must be enforced. | DISA STIG Microsoft Excel 2013 v1r8 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO134 - Disallowance of Trusted Locations on the network must be enforced. | DISA STIG Microsoft PowerPoint 2013 v1r7 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO171 - Disabling email forms running in Restricted Security Level must be configured. | DISA STIG Microsoft InfoPath 2013 v1r6 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO185 - Office System - Automatic receiving of small updates to improve reliability must be disallowed. | DISA STIG Office System 2010 v1r13 | Windows | CONFIGURATION MANAGEMENT |
| DTOO236 - The Add-In Trust Level must be configured. | DISA STIG Microsoft Outlook 2013 v1r14 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO304 - Warning Bar settings for VBA macros must be configured. | DISA STIG Microsoft Excel 2016 v2r1 | Windows | CONFIGURATION MANAGEMENT |
| O365-EX-000029 - Untrusted Microsoft Query files must be blocked from opening in Excel. | DISA STIG Microsoft Office 365 ProPlus v3r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
