Skip to content

Microsoft Office 365 ProPlus Security Technical Implementation Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

  • SRG-APP-000516

    <GroupDescription></GroupDescription>
    Group
  • Files dragged from an Outlook e-mail to the file system must be created in ANSI format.

    &lt;VulnDiscussion&gt;This policy setting controls whether e-mail messages dragged from Outlook to the file system are saved in Unicode or ANSI for...
    Rule Medium Severity
  • SRG-APP-000516

    <GroupDescription></GroupDescription>
    Group
  • The junk email protection level must be set to No Automatic Filtering.

    &lt;VulnDiscussion&gt;This policy setting controls the Junk E-mail protection level. The Junk E-mail Filter in Outlook helps to prevent junk email ...
    Rule Medium Severity
  • SRG-APP-000210

    <GroupDescription></GroupDescription>
    Group
  • Active X One-Off forms must only be enabled to load with Outlook Controls.

    &lt;VulnDiscussion&gt;By default, third-party ActiveX controls are not allowed to run in one-off forms in Outlook. You can change this behavior so ...
    Rule Medium Severity
  • SRG-APP-000340

    <GroupDescription></GroupDescription>
    Group
  • Internet must not be included in Safe Zone for picture download in Outlook.

    &lt;VulnDiscussion&gt;This policy setting controls whether pictures and external content in HTML e-mail messages from untrusted senders on the Inte...
    Rule Medium Severity
  • SRG-APP-000516

    <GroupDescription></GroupDescription>
    Group
  • The Publish to Global Address List (GAL) button must be disabled in Outlook.

    &lt;VulnDiscussion&gt;This policy setting controls whether Outlook users can publish e-mail certificates to the Global Address List (GAL). If you...
    Rule Medium Severity
  • SRG-APP-000630

    <GroupDescription></GroupDescription>
    Group
  • The minimum encryption key length in Outlook must be at least 168.

    &lt;VulnDiscussion&gt;This policy setting allows you to set the minimum key length for an encrypted e-mail message. If you enable this policy sett...
    Rule Medium Severity
  • SRG-APP-000207

    <GroupDescription></GroupDescription>
    Group
  • The warning about invalid digital signatures must be enabled to warn Outlook users.

    &lt;VulnDiscussion&gt;This policy setting controls how Outlook warns users about messages with invalid digital signatures. If you enable this poli...
    Rule Medium Severity
  • SRG-APP-000605

    <GroupDescription></GroupDescription>
    Group
  • Outlook must be configured to allow retrieving of Certificate Revocation Lists (CRLs) always when online.

    &lt;VulnDiscussion&gt;This policy setting controls how Outlook retrieves Certificate Revocation Lists to verify the validity of certificates. Certi...
    Rule Medium Severity
  • SRG-APP-000516

    <GroupDescription></GroupDescription>
    Group
  • The Outlook Security Mode must be enabled to always use the Outlook Security Group Policy.

    &lt;VulnDiscussion&gt;This policy setting controls which set of security settings are enforced in Outlook. If you enable this policy setting, you c...
    Rule Medium Severity
  • SRG-APP-000207

    <GroupDescription></GroupDescription>
    Group
  • The ability to demote attachments from Level 2 to Level 1 must be disabled.

    &lt;VulnDiscussion&gt;This policy setting controls whether Outlook users can demote attachments to Level 2 by using a registry key, which will allo...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules