| Configure Attack Surface Reduction rules - 75668c1f-73b5-4cf0-bb93-3ecf5cb7cc84 | MSCT Windows Server v20H2 MS v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Configure Attack Surface Reduction rules - d4f940ab-401b-4efc-aadc-ad5f3c50688a | MSCT Windows Server v20H2 MS v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Configure Attack Surface Reduction rules - e6db77e5-3df2-4cf1-b95a-636979351e5b | MSCT Windows Server v20H2 MS v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Configure detection for potentially unwanted applications | MSCT Windows Server v20H2 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Configure Windows Defender SmartScreen - EnableSmartScreen | MSCT Windows Server v20H2 MS v1.0.0 | Windows | ACCESS CONTROL |
| Configure Windows Defender SmartScreen - ShellSmartScreenLevel | MSCT Windows Server v20H2 MS v1.0.0 | Windows | ACCESS CONTROL |
| Create a token object | MSCT Windows Server v20H2 MS v1.0.0 | Windows | ACCESS CONTROL |
| Don't run antimalware programs against ActiveX controls - Restricted Sites Zone | MSCT Windows Server v20H2 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Don't run antimalware programs against ActiveX controls - Trusted Sites Zone | MSCT Windows Server v20H2 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Enable dragging of content from different domains across windows - Internet Zone | MSCT Windows Server v20H2 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Enable insecure guest logons | MSCT Windows Server v20H2 MS v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Enumerate local users on domain-joined computers | MSCT Windows Server v20H2 MS v1.0.0 | Windows | ACCESS CONTROL |
| Hardened UNC Paths - \\*\SYSVOL | MSCT Windows Server v20H2 MS v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Internet Explorer Processes - FEATURE_DISABLE_MK_PROTOCOL - (Reserved) | MSCT Windows Server v20H2 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Internet Explorer Processes - FEATURE_DISABLE_MK_PROTOCOL - explorer.exe | MSCT Windows Server v20H2 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Internet Explorer Processes - FEATURE_MIME_HANDLING - iexplore.exe | MSCT Windows Server v20H2 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Internet Explorer Processes - FEATURE_ZONE_ELEVATION - iexplore.exe | MSCT Windows Server v20H2 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Java permissions - Internet Zone | MSCT Windows Server v20H2 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Java permissions - Local Machine Zone | MSCT Windows Server v20H2 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Java permissions - Locked-Down Trusted Sites Zone | MSCT Windows Server v20H2 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Launching applications and files in an IFRAME - Restricted Sites Zone | MSCT Windows Server v20H2 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Load and unload device drivers | MSCT Windows Server v20H2 MS v1.0.0 | Windows | ACCESS CONTROL |
| Manage auditing and security log | MSCT Windows 10 v20H2 v1.0.0 | Windows | ACCESS CONTROL |
| Microsoft network client: Send unencrypted password to third-party SMB servers - EnablePlainTextPassword | MSCT Windows Server v20H2 MS v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing) | MSCT Windows 10 v20H2 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Network access: Do not allow anonymous enumeration of SAM accounts | MSCT Windows 10 v20H2 v1.0.0 | Windows | ACCESS CONTROL |
| Network access: Restrict anonymous access to Named Pipes and Shares | MSCT Windows Server v20H2 MS v1.0.0 | Windows | ACCESS CONTROL |
| Network security: Minimum session security for NTLM SSP based (including secure RPC) clients | MSCT Windows 10 v20H2 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Prevent bypassing SmartScreen Filter warnings | MSCT Windows 10 v20H2 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Prevent bypassing SmartScreen Filter warnings about files that are not commonly downloaded from the Internet | MSCT Windows Server v20H2 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Prevent enabling lock screen camera | MSCT Windows 10 v20H2 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Prevent installation of devices using drivers that match these device setup classes - DenyDeviceClasses | MSCT Windows 10 v20H2 v1.0.0 | Windows | MEDIA PROTECTION |
| Prevent installation of devices using drivers that match these device setup classes - DenyDeviceClassesRetroactive | MSCT Windows 10 v20H2 v1.0.0 | Windows | MEDIA PROTECTION |
| Prevent managing SmartScreen Filter | MSCT Windows Server v20H2 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Prevent per-user installation of ActiveX controls | MSCT Windows 10 v20H2 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Prevent users and apps from accessing dangerous websites | MSCT Windows Server v20H2 MS v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Remove 'Run this time' button for outdated ActiveX controls in Internet Explorer | MSCT Windows Server v20H2 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Run .NET Framework-reliant components not signed with Authenticode - Internet Zone | MSCT Windows Server v20H2 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Run .NET Framework-reliant components not signed with Authenticode - Internet Zone | MSCT Windows 10 v20H2 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Run .NET Framework-reliant components signed with Authenticode - Restricted Sites Zone | MSCT Windows 10 v20H2 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Scan all downloaded files and attachments | MSCT Windows Server v20H2 MS v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Security Zones: Do not allow users to change policies | MSCT Windows Server v20H2 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Specify the maximum log file size (KB) - Application | MSCT Windows 10 v20H2 v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Specify the maximum log file size (KB) - System | MSCT Windows Server v20H2 MS v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Specify use of ActiveX Installer Service for installation of ActiveX controls | MSCT Windows Server v20H2 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Turn off real-time protection | MSCT Windows Server v20H2 MS v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Turn on certificate address mismatch warning | MSCT Windows Server v20H2 MS v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Turn on SmartScreen Filter scan - Restricted Sites Zone | MSCT Windows Server v20H2 MS v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Turn on the auto-complete feature for user names and passwords on forms - FormSuggest PW Ask | MSCT Windows Server v20H2 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| User Account Control: Admin Approval Mode for the Built-in Administrator account | MSCT Windows Server v20H2 MS v1.0.0 | Windows | ACCESS CONTROL |
