Microsoft Office 365 ProPlus Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
When a custom action is executed that uses the Outlook object model, Outlook must automatically deny it.
This policy setting controls whether Outlook prompts users before executing a custom action. Custom actions add functionality to Outlook that can be triggered as part of a rule. Among other possibl...Rule Medium Severity -
When an untrusted program attempts to use the Save As command to programmatically save an item, Outlook must automatically deny it.
This policy setting controls what happens when an untrusted program attempts to use the Save As command to programmatically save an item. If you enable this policy setting, you can choose from fo...Rule Medium Severity -
When an untrusted program attempts to gain access to a recipient field, such as the, To: field, using the Outlook object model, Outlook must automatically deny it.
This policy setting controls what happens when an untrusted program attempts to gain access to a recipient field, such as the ''To:'' field, using the Outlook object model. If you enable this poli...Rule Medium Severity -
When an untrusted program attempts to programmatically send e-mail in Outlook using the Response method of a task or meeting request, Outlook must automatically deny it.
This policy setting controls what happens when an untrusted program attempts to programmatically send e-mail in Outlook using the Response method of a task or meeting request. If you enable this ...Rule Medium Severity -
The Security Level for macros in Outlook must be configured to Warn for signed and disable unsigned.
This policy setting controls the security level for macros in Outlook. If you enable this policy setting, you can choose from four options for handling macros in Outlook: - Always warn. This opt...Rule Medium Severity -
Project must automatically disable unsigned add-ins without informing users.
This policy setting controls whether the specified Office application notifies users when unsigned application add-ins are loaded or silently disable such add-ins without notification. This policy ...Rule Medium Severity -
The ability to run programs from PowerPoint must be disabled.
This policy setting controls the prompting and activation behavior for the "Run Programs" option for action buttons in PowerPoint. If you enable this policy setting, you can choose from three opti...Rule Medium Severity -
Open/Save of PowerPoint 97-2003 presentations, shows, templates, and add-in files must be blocked.
This policy setting allows you to determine whether users can open, view, edit, or save PowerPoint files with the format specified by the title of this policy setting. If you enable this policy se...Rule Medium Severity -
Macros from the Internet must be blocked from running in PowerPoint.
This policy setting allows you to block macros from running in Office files that come from the Internet. If you enable this policy setting, macros are blocked from running, even if "Enable all macr...Rule Medium Severity -
If file validation fails, files must be opened in Protected view in PowerPoint with ability to edit disabled.
This policy setting controls how Office handles documents when they fail file validation. If you enable this policy setting, you can configure the following options for files that fail file validat...Rule Medium Severity -
Publisher must be configured to prompt the user when another application programmatically opens a macro.
This policy setting controls whether the specified Office application notifies users when unsigned application add-ins are loaded or silently disable such add-ins without notification. This policy ...Rule Medium Severity -
Publisher must disable all unsigned VBA macros.
This policy setting controls how the specified applications warn users when Visual Basic for Applications (VBA) macros are present. If this policy setting is enabled, users can choose from four op...Rule Medium Severity -
Visio must automatically disable unsigned add-ins without informing users.
This policy setting controls whether the specified Office application notifies users when unsigned application add-ins are loaded or silently disable such add-ins without notification. This policy ...Rule Medium Severity -
Visio 2003-2010 Binary Drawings, Templates and Stencils must be blocked.
This policy setting allows you to determine whether users can open or save Visio files with the format specified by the title of this policy setting. If you enable this policy setting, you can spe...Rule Medium Severity -
Visio 5.0 or earlier Binary Drawings, Templates and Stencils must be blocked.
This policy setting allows you to determine whether users can open or save Visio files with the format specified by the title of this policy setting. If you enable this policy setting, you can spe...Rule Medium Severity -
Macros must be blocked from running in Visio files from the Internet.
This policy setting allows you to block macros from running in Office files that come from the Internet. If you enable this policy setting, macros are blocked from running, even if “Enable all mac...Rule Medium Severity -
In Word, encrypted macros must be scanned.
This policy setting controls whether encrypted macros in Open XML documents be are required to be scanned with anti-virus software before being opened. If you enable this policy setting, you may c...Rule Medium Severity -
Files located in unsafe locations must be opened in Protected view in Word.
This policy setting lets you determine if files located in unsafe locations will open in Protected View. If you have not specified unsafe locations, only the "Downloaded Program Files" and "Tempora...Rule Medium Severity -
If file validation fails, files must be opened in Protected view in Word with ability to edit disabled.
This policy setting controls how Office handles documents when they fail file validation. If you enable this policy setting, you can configure the following options for files that fail file valid...Rule Medium Severity -
Open/Save of Word 2000 binary documents and templates must be blocked.
This policy setting allows you to determine whether users can open, view, edit, or save Word files with the format specified by the title of this policy setting. If you enable this policy setting, ...Rule Medium Severity -
Open/Save of Word 2007 and later binary documents and templates must be blocked.
This policy setting allows you to determine whether users can open, view, edit, or save Word files with the format specified by the title of this policy setting. If you enable this policy setting, ...Rule Medium Severity -
Open/Save of Word 6.0 binary documents and templates must be blocked.
This policy setting allows you to determine whether users can open, view, edit, or save Word files with the format specified by the title of this policy setting. If you enable this policy setting, ...Rule Medium Severity -
Open/Save of Word 95 binary documents and templates must be blocked.
This policy setting allows you to determine whether users can open, view, edit, or save Word files with the format specified by the title of this policy setting. If you enable this policy setting, ...Rule Medium Severity -
Open/Save of Word XP binary documents and templates must be blocked.
This policy setting allows you to determine whether users can open, view, edit, or save Word files with the format specified by the title of this policy setting. If you enable this policy setting, ...Rule Medium Severity -
Trusted Locations on the network must be disabled in Word.
This policy setting controls whether trusted locations on the network can be used. If you enable this policy setting, users can specify trusted locations on network shares or in other remote locat...Rule Medium Severity -
File validation in Word must be enabled.
This policy setting allows the file validation feature to be turned off. If this policy setting is enabled, file validation will be turned off. If this policy setting is disabled or not configure...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.