Skip to content
Log In

Microsoft Office 365 ProPlus Security Technical Implementation Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

  • SRG-APP-000219

    Group
    Show

  • The HTTP fallback for SIP connection in Lync must be disabled.

    Prevents from HTTP being used for SIP connection in case TLS or TCP fail.
    Rule Medium Severity
    Show

  • SRG-APP-000575

    Group
    Show

  • SRG-APP-000575

    Group
    Show

  • SRG-APP-000210

    Group
    Show

  • Scripts associated with public folders must be prevented from execution in Outlook.

    This policy setting controls whether Outlook executes scripts that are associated with custom forms or folder home pages for public folders.
    Rule Medium Severity
    Show

  • SRG-APP-000210

    Group
    Show

  • Scripts associated with shared folders must be prevented from execution in Outlook.

    This policy setting controls whether Outlook executes scripts associated with custom forms or folder home pages for shared folders.
    Rule Medium Severity
    Show

  • SRG-APP-000516

    Group
    Show

  • Files dragged from an Outlook e-mail to the file system must be created in ANSI format.

    This policy setting controls whether e-mail messages dragged from Outlook to the file system are saved in Unicode or ANSI format.
    Rule Medium Severity
    Show

  • SRG-APP-000516

    Group
    Show

  • SRG-APP-000210

    Group
    Show

  • Active X One-Off forms must only be enabled to load with Outlook Controls.

    By default, third-party ActiveX controls are not allowed to run in one-off forms in Outlook. You can change this behavior so that Safe Controls (Microsoft Forms 2.0 controls and the Outlook Recipie...
    Rule Medium Severity
    Show

  • SRG-APP-000340

    Group
    Show

  • SRG-APP-000516

    Group
    Show

  • Internet must not be included in Safe Zone for picture download in Outlook.

    This policy setting controls whether pictures and external content in HTML e-mail messages from untrusted senders on the Internet are downloaded without Outlook users explicitly choosing to do so. ...
    Rule Medium Severity
    Show

  • SRG-APP-000516

    Group
    Show

  • The Publish to Global Address List (GAL) button must be disabled in Outlook.

    This policy setting controls whether Outlook users can publish e-mail certificates to the Global Address List (GAL). If you enable this policy setting, the "Publish to GAL" button does not displa...
    Rule Medium Severity
    Show

  • SRG-APP-000630

    Group
    Show

  • SRG-APP-000207

    Group
    Show

  • The warning about invalid digital signatures must be enabled to warn Outlook users.

    This policy setting controls how Outlook warns users about messages with invalid digital signatures. If you enable this policy setting, you can choose from three options for controlling how Outloo...
    Rule Medium Severity
    Show

  • SRG-APP-000605

    Group
    Show

  • SRG-APP-000516

    Group
    Show

  • The Outlook Security Mode must be enabled to always use the Outlook Security Group Policy.

    This policy setting controls which set of security settings are enforced in Outlook. If you enable this policy setting, you can choose from four options for enforcing Outlook security settings: ...
    Rule Medium Severity
    Show

  • SRG-APP-000207

    Group
    Show

  • The ability to demote attachments from Level 2 to Level 1 must be disabled.

    This policy setting controls whether Outlook users can demote attachments to Level 2 by using a registry key, which will allow them to save files to disk and open them from that location. Outlook u...
    Rule Medium Severity
    Show

  • SRG-APP-000207

    Group
    Show

  • The display of Level 1 attachments must be disabled in Outlook.

    This policy setting controls whether Outlook blocks potentially dangerous attachments designated Level 1. Outlook uses two levels of security to restrict users' access to files attached to e-mail m...
    Rule Medium Severity
    Show

  • SRG-APP-000207

    Group
    Show

  • SRG-APP-000207

    Group
    Show

  • Level 2 file attachments must be blocked from being delivered.

    This policy setting controls which types of attachments (determined by file extension) must be saved to disk before users can open them. Files with specific extensions can be categorized as Level 1...
    Rule Medium Severity
    Show

  • SRG-APP-000210

    Group
    Show

  • Outlook must be configured to not run scripts in forms in which the script and the layout are contained within the message.

    This policy setting controls whether scripts can run in Outlook forms in which the script and layout are contained within the message. If you enable this policy setting, scripts can run in one-off ...
    Rule Medium Severity
    Show

  • SRG-APP-000488

    Group
    Show

  • SRG-APP-000488

    Group
    Show

  • When an untrusted program attempts to programmatically access an Address Book using the Outlook object model, Outlook must automatically deny it.

    This policy setting controls what happens when an untrusted program attempts to gain access to an Address Book using the Outlook object model. If you enable this policy setting, you can choose fr...
    Rule Medium Severity
    Show

  • SRG-APP-000488

    Group
    Show

  • When a user designs a custom form in Outlook and attempts to bind an Address Information field to a combination or formula custom field, Outlook must automatically deny it.

    This policy setting controls what happens when a user designs a custom form in Outlook and attempts to bind an Address Information field to a combination or formula custom field. If you enable this...
    Rule Medium Severity
    Show

  • SRG-APP-000488

    Group
    Show

  • SRG-APP-000488

    Group
    Show

  • SRG-APP-000488

    Group
    Show

  • SRG-APP-000488

    Group
    Show

  • When an untrusted program attempts to send e-mail programmatically using the Outlook object model, Outlook must automatically deny it.

    This policy setting controls what happens when an untrusted program attempts to send e-mail programmatically using the Outlook object model. If you enable this policy setting, you can choose from...
    Rule Medium Severity
    Show

  • SRG-APP-000516

    Group
    Show

  • Outlook must be configured to not allow hyperlinks in suspected phishing messages.

    This policy setting controls whether hyperlinks in suspected phishing e-mail messages in Outlook are allowed. If you enable this policy setting, Outlook will allow hyperlinks in suspected phishing ...
    Rule Medium Severity
    Show

  • SRG-APP-000207

    Group
    Show

  • SRG-APP-000210

    Group
    Show

  • Trusted Locations on the network must be disabled in Project.

    This policy setting controls whether trusted locations on the network can be used. If you enable this policy setting, users can specify trusted locations on network shares or in other remote locat...
    Rule Medium Severity
    Show

  • SRG-APP-000131

    Group
    Show

  • SRG-APP-000141

    Group
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules