Microsoft Office 365 ProPlus Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Untrusted Microsoft Query files must be blocked from opening in Excel.
This policy setting controls whether Microsoft Query files (.iqy, oqy, .dqy, and .rqy) in an untrusted location are prevented from opening. If you enable this policy setting, Microsoft Query files...Rule Medium Severity -
Files from unsafe locations must be opened in Excel in Protected View mode.
This policy setting lets you determine if files located in unsafe locations will open in Protected View. If you have not specified unsafe locations, only the "Downloaded Program Files" and "Tempora...Rule Medium Severity -
File attachments from Outlook must be opened in Excel in Protected mode.
This policy setting allows you to determine if Excel files in Outlook attachments open in Protected View. If you enable this policy setting, Outlook attachments do not open in Protected View. If ...Rule Medium Severity -
The Exchange client authentication with Exchange servers must be enabled to use Kerberos Password Authentication.
This policy setting controls which authentication method Outlook uses to authenticate with Microsoft Exchange Server. Note: Exchange Server supports the Kerberos authentication protocol and NTLM fo...Rule Medium Severity -
Outlook must use remote procedure call (RPC) encryption to communicate with Microsoft Exchange servers.
This policy setting controls whether Outlook uses remote procedure call (RPC) encryption to communicate with Microsoft Exchange servers. If you enable this policy setting, Outlook uses RPC encryp...Rule Medium Severity -
The junk email protection level must be set to No Automatic Filtering.
This policy setting controls the Junk E-mail protection level. The Junk E-mail Filter in Outlook helps to prevent junk email messages, also known as spam, from cluttering a user's Inbox. The filter...Rule Medium Severity -
Outlook must be configured to prevent users overriding attachment security settings.
This policy setting prevents users from overriding the set of attachments blocked by Outlook. If you enable this policy setting users will be prevented from overriding the set of attachments block...Rule Medium Severity -
The minimum encryption key length in Outlook must be at least 168.
This policy setting allows you to set the minimum key length for an encrypted e-mail message. If you enable this policy setting, you may set the minimum key length for an encrypted e-mail message....Rule Medium Severity -
Outlook must be configured to allow retrieving of Certificate Revocation Lists (CRLs) always when online.
This policy setting controls how Outlook retrieves Certificate Revocation Lists to verify the validity of certificates. Certificate revocation lists (CRLs) are lists of digital certificates that ha...Rule Medium Severity -
Level 1 file attachments must be blocked from being delivered.
This policy setting controls whether Outlook users can demote attachments to Level 2 by using a registry key, which will allow them to save files to disk and open them from that location. Outlook u...Rule Medium Severity -
When a custom action is executed that uses the Outlook object model, Outlook must automatically deny it.
This policy setting controls whether Outlook prompts users before executing a custom action. Custom actions add functionality to Outlook that can be triggered as part of a rule. Among other possibl...Rule Medium Severity -
When an untrusted program attempts to use the Save As command to programmatically save an item, Outlook must automatically deny it.
This policy setting controls what happens when an untrusted program attempts to use the Save As command to programmatically save an item. If you enable this policy setting, you can choose from fo...Rule Medium Severity -
When an untrusted program attempts to gain access to a recipient field, such as the, To: field, using the Outlook object model, Outlook must automatically deny it.
This policy setting controls what happens when an untrusted program attempts to gain access to a recipient field, such as the ''To:'' field, using the Outlook object model. If you enable this poli...Rule Medium Severity -
When an untrusted program attempts to programmatically send e-mail in Outlook using the Response method of a task or meeting request, Outlook must automatically deny it.
This policy setting controls what happens when an untrusted program attempts to programmatically send e-mail in Outlook using the Response method of a task or meeting request. If you enable this ...Rule Medium Severity -
The Security Level for macros in Outlook must be configured to Warn for signed and disable unsigned.
This policy setting controls the security level for macros in Outlook. If you enable this policy setting, you can choose from four options for handling macros in Outlook: - Always warn. This opt...Rule Medium Severity -
Project must automatically disable unsigned add-ins without informing users.
This policy setting controls whether the specified Office application notifies users when unsigned application add-ins are loaded or silently disable such add-ins without notification. This policy ...Rule Medium Severity -
The ability to run programs from PowerPoint must be disabled.
This policy setting controls the prompting and activation behavior for the "Run Programs" option for action buttons in PowerPoint. If you enable this policy setting, you can choose from three opti...Rule Medium Severity -
Open/Save of PowerPoint 97-2003 presentations, shows, templates, and add-in files must be blocked.
This policy setting allows you to determine whether users can open, view, edit, or save PowerPoint files with the format specified by the title of this policy setting. If you enable this policy se...Rule Medium Severity -
Macros from the Internet must be blocked from running in PowerPoint.
This policy setting allows you to block macros from running in Office files that come from the Internet. If you enable this policy setting, macros are blocked from running, even if "Enable all macr...Rule Medium Severity -
If file validation fails, files must be opened in Protected view in PowerPoint with ability to edit disabled.
This policy setting controls how Office handles documents when they fail file validation. If you enable this policy setting, you can configure the following options for files that fail file validat...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.