| V-99663 | Medium | Office applications must not load XML expansion packs with Smart Documents. | This policy setting controls whether Office 365 ProPlus applications can load an XML expansion pack manifest file with a Smart Document. |
| V-99665 | Medium | The load of controls in Forms3 must be blocked. | This policy setting allows you to control how ActiveX controls in UserForms should be initialized based upon whether they are Safe for Initialization (SFI) or Unsafe for Initialization (UFI).
... |
| V-99667 | Medium | Add-on Management must be enabled for all Office 365 ProPlus programs. | Internet Explorer add-ons are pieces of code, run in Internet Explorer, to provide additional functionality. Rogue add-ons may contain viruses or other malicious code. Disabling or not configuring... |
| V-99669 | Medium | Consistent MIME handling must be enabled for all Office 365 ProPlus programs. | Encryption is only as good as the encryption modules utilized. Unapproved cryptographic module algorithms cannot be verified and cannot be relied on to provide confidentiality or integrity, and... |
| V-99683 | Medium | Protection from zone elevation must be enabled in all Office programs. | Internet Explorer places restrictions on each web page users can use the browser to open. Web pages on a user's local computer have the fewest security restrictions and reside in the Local Machine... |
| V-99709 | Medium | Open/save of Excel 2 worksheets must be blocked. | This policy setting allows you to determine whether users can open, view, edit, or save Excel files with the format specified by the title of this policy setting. If you enable this policy... |
| V-99707 | Medium | Open/save of Excel 2 macrosheets and add-in files must be blocked. | This policy setting allows you to determine whether users can open, view, edit, or save Excel files with the format specified by the title of this policy setting. If you enable this policy... |
| V-99705 | Medium | Open/save of Dif and Sylk format files must be blocked. | This policy setting allows you to determine whether users can open, view, edit, or save Excel files with the format specified by the title of this policy setting. If you enable this policy... |
| V-99703 | Medium | Open/save of dBase III / IV format files must be blocked. | This policy setting allows you to determine whether users can open, view, edit, or save Excel files with the format specified by the title of this policy setting.
If you enable this policy... |
| V-99701 | Medium | Dynamic Data Exchange (DDE) server lookup in Excel must be blocked. | This policy setting allows you to control whether Dynamic Data Exchange (DDE) server lookup is allowed.
By default, DDE server lookup is turned on, but users can turn off DDE server lookup by... |
| V-99787 | Medium | The minimum encryption key length in Outlook must be at least 168. | This policy setting allows you to set the minimum key length for an encrypted e-mail message.
If you enable this policy setting, you may set the minimum key length for an encrypted e-mail... |
| V-99785 | Medium | The Publish to Global Address List (GAL) button must be disabled in Outlook. | This policy setting controls whether Outlook users can publish e-mail certificates to the Global Address List (GAL).
If you enable this policy setting, the "Publish to GAL" button does not... |
| V-99783 | Medium | Internet must not be included in Safe Zone for picture download in Outlook. | This policy setting controls whether pictures and external content in HTML e-mail messages from untrusted senders on the Internet are downloaded without Outlook users explicitly choosing to do so.... |
| V-99781 | Medium | Outlook must be configured to prevent users overriding attachment security settings. | This policy setting prevents users from overriding the set of attachments blocked by Outlook.
If you enable this policy setting users will be prevented from overriding the set of attachments... |
| V-99869 | Medium | Visio 2000-2002 Binary Drawings, Templates and Stencils must be blocked. | This policy setting allows you to determine whether users can open or save Visio files with the format specified by the title of this policy setting.
If you enable this policy setting, you can... |
| V-99867 | Medium | Visio must automatically disable unsigned add-ins without informing users. | This policy setting controls whether the specified Office application notifies users when unsigned application add-ins are loaded or silently disable such add-ins without notification. This policy... |
| V-99865 | Medium | Trusted Locations on the network must be disabled in Visio. | This policy setting controls whether trusted locations on the network can be used.
If you enable this policy setting, users can specify trusted locations on network shares or in other remote... |
| V-99863 | Medium | VBA Macros not digitally signed must be blocked in Visio. | This policy setting controls how the specified applications warn users when Visual Basic for Applications (VBA) macros are present.
If you enable this policy setting, you can choose from four... |
| V-99789 | Medium | The warning about invalid digital signatures must be enabled to warn Outlook users. | This policy setting controls how Outlook warns users about messages with invalid digital signatures.
If you enable this policy setting, you can choose from three options for controlling how... |
| V-99861 | Medium | Publisher must disable all unsigned VBA macros. | This policy setting controls how the specified applications warn users when Visual Basic for Applications (VBA) macros are present.
If you enable this policy setting, you can choose from four... |
| V-99893 | Medium | Open/Save of Word 2000 binary documents and templates must be blocked. | This policy setting allows you to determine whether users can open, view, edit, or save Word files with the format specified by the title of this policy setting. If you enable this policy setting,... |
| V-99691 | Medium | Scripted Windows Security restrictions must be enabled in all Office programs. | Malicious websites often try to confuse or trick users into giving a site permission to perform an action allowing the site to take control of the users' computers in some manner. Disabling or not... |
| V-99891 | Medium | Open/Save of Word 2 and earlier binary documents and templates must be blocked. | This policy setting allows you to determine whether users can open, view, edit, or save Word files with the format specified by the title of this policy setting. If you enable this policy setting,... |
| V-99659 | Medium | Users must be prevented from creating new trusted locations in the Trust Center. | This policy setting controls whether trusted locations can be defined by users, the Office Customization Tool (OCT), and Group Policy, or if they must be defined by Group Policy alone.
If you... |
| V-99895 | Medium | Open/Save of Word 2003 binary documents and templates must be blocked. | This policy setting allows you to determine whether users can open, view, edit, or save Word files with the format specified by the title of this policy setting. If you enable this policy setting,... |
| V-99655 | Medium | Office applications must be configured to specify encryption type in password-protected Office 97-2003 files. | This policy setting enables you to specify an encryption type for password-protected Office 97-2003 files.
If you enable this policy setting, you can specify the type of encryption that Office... |
| V-99657 | Medium | Office applications must be configured to specify encryption type in password-protected Office Open XML files. | This policy setting allows you to specify an encryption type for Office Open XML files.
If you enable this policy setting, you can specify the type of encryption that Office applications use to... |
| V-99651 | Medium | Macros in all Office applications that are opened programmatically by another application must be opened based upon macro security level. | This policy setting controls whether macros can run in an Office 365 ProPlus application that is opened programmatically by another application. If this policy setting is enabled, the user can... |
| V-99693 | Medium | Flash player activation must be disabled in all Office programs. | This policy setting controls whether the Adobe Flash control can be activated by Office documents. Note that activation blocking applies only within Office processes.
If you enable this policy... |
| V-99653 | Medium | Trust Bar notifications must be configured to display information in the Message Bar about the content that has been automatically blocked. | This policy setting controls whether Office 365 ProPlus applications notify users when potentially unsafe features or content are detected, or whether such features or content are silently... |
| V-99719 | Medium | Open/save of Excel 4 worksheets must be blocked. | This policy setting allows you to determine whether users can open, view, edit, or save Excel files with the format specified by the title of this policy setting. If you enable this policy... |
| V-99715 | Medium | Open/save of Excel 4 macrosheets and add-in files must be blocked. | This policy setting allows you to determine whether users can open, view, edit, or save Excel files with the format specified by the title of this policy setting. If you enable this policy... |
| V-99717 | Medium | Open/save of Excel 4 workbooks must be blocked. | This policy setting allows you to determine whether users can open, view, edit, or save Excel files with the format specified by the title of this policy setting. If you enable this policy... |
| V-99711 | Medium | Open/save of Excel 3 macrosheets and add-in files must be blocked. | This policy setting allows you to determine whether users can open, view, edit, or save Excel files with the format specified by the title of this policy setting. If you enable this policy... |
| V-99713 | Medium | Open/save of Excel 3 worksheets must be blocked. | This policy setting allows you to determine whether users can open, view, edit, or save Excel files with the format specified by the title of this policy setting. If you enable this policy... |
| V-99795 | Medium | The ability to demote attachments from Level 2 to Level 1 must be disabled. | This policy setting controls whether Outlook users can demote attachments to Level 2 by using a registry key, which will allow them to save files to disk and open them from that location. Outlook... |
| V-99819 | Medium | Outlook must be configured to not allow hyperlinks in suspected phishing messages. | This policy setting controls whether hyperlinks in suspected phishing e-mail messages in Outlook are allowed. If you enable this policy setting, Outlook will allow hyperlinks in suspected phishing... |
| V-99797 | Medium | The display of Level 1 attachments must be disabled in Outlook. | This policy setting controls whether Outlook blocks potentially dangerous attachments designated Level 1. Outlook uses two levels of security to restrict users' access to files attached to e-mail... |
| V-99791 | Medium | Outlook must be configured to allow retrieving of Certificate Revocation Lists (CRLs) always when online. | This policy setting controls how Outlook retrieves Certificate Revocation Lists to verify the validity of certificates. Certificate revocation lists (CRLs) are lists of digital certificates that... |
| V-99793 | Medium | The Outlook Security Mode must be enabled to always use the Outlook Security Group Policy. | This policy setting controls which set of security settings are enforced in Outlook. If you enable this policy setting, you can choose from four options for enforcing Outlook security settings:
... |
| V-99813 | Medium | When an untrusted program attempts to gain access to a recipient field, such as the, To: field, using the Outlook object model, Outlook must automatically deny it. | This policy setting controls what happens when an untrusted program attempts to gain access to a recipient field, such as the ''To:'' field, using the Outlook object model.
If you enable this... |
| V-99811 | Medium | When an untrusted program attempts to use the Save As command to programmatically save an item, Outlook must automatically deny it. | This policy setting controls what happens when an untrusted program attempts to use the Save As command to programmatically save an item.
If you enable this policy setting, you can choose from... |
| V-99817 | Medium | When an untrusted program attempts to send e-mail programmatically using the Outlook object model, Outlook must automatically deny it. | This policy setting controls what happens when an untrusted program attempts to send e-mail programmatically using the Outlook object model.
If you enable this policy setting, you can choose... |
| V-99799 | Medium | Level 1 file attachments must be blocked from being delivered. | This policy setting controls whether Outlook users can demote attachments to Level 2 by using a registry key, which will allow them to save files to disk and open them from that location. Outlook... |
| V-99815 | Medium | When an untrusted program attempts to programmatically send e-mail in Outlook using the Response method of a task or meeting request, Outlook must automatically deny it. | This policy setting controls what happens when an untrusted program attempts to programmatically send e-mail in Outlook using the Response method of a task or meeting request.
If you enable this... |
| V-99881 | Medium | Files downloaded from the Internet must be opened in Protected view in Word. | This policy setting allows you to determine if files downloaded from the Internet zone open in Protected View.
If you enable this policy setting, files downloaded from the Internet zone do not... |
| V-99649 | Medium | ActiveX Controls must be initialized in Safe Mode. | This policy setting specifies the Microsoft ActiveX initialization security level for all Microsoft Office applications. ActiveX controls can adversely affect a computer directly. In addition,... |
| V-99885 | Medium | If file validation fails, files must be opened in Protected view in Word with ability to edit disabled. | This policy setting controls how Office handles documents when they fail file validation.
If you enable this policy setting, you can configure the following options for files that fail file... |
| V-99887 | Medium | Word attachments opened from Outlook must be in Protected View. | This policy setting allows you to determine if Word files in Outlook attachments open in Protected View.
If you enable this policy setting, Outlook attachments do not open in Protected View.
If... |
| V-99643 | Medium | Document metadata for rights managed Office Open XML files must be protected. | This policy setting determines whether metadata is encrypted in Office Open XML files that are protected by Information Rights Management (IRM). If you enable this policy setting, Excel,... |
| V-99641 | Medium | The Macro Runtime Scan Scope must be enabled for all documents. | This policy setting specifies for which documents the VBA Runtime Scan feature is enabled.
If the feature is disabled for all documents, no runtime scanning of enabled macros will be... |
| V-99647 | Medium | Custom user interface (UI) code must be blocked from loading in all Office applications. | This policy setting controls whether Office 365 ProPlus applications load any custom user interface (UI) code included with a document or template. Office 365 ProPlus allows developers to extend... |
| V-99645 | Medium | The Office client must be prevented from polling the SharePoint Server for published links. | This policy setting controls whether Office 365 ProPlus applications can poll Office servers to retrieve lists of published links.
If this policy setting is enabled, Office 365 ProPlus... |
| V-99729 | Medium | Extraction options must be blocked when opening corrupt Excel workbooks. | This policy setting controls whether Excel presents users with a list of data extraction options before beginning an Open and Repair operation when users choose to open a corrupt workbook in... |
| V-99721 | Medium | Open/save of Excel 95 workbooks must be blocked. | This policy setting allows you to determine whether users can open, view, edit, or save Excel files with the format specified by the title of this policy setting. If you enable this policy... |
| V-99723 | Medium | Open/save of Excel 95-97 workbooks and templates must be blocked. | This policy setting allows you to determine whether users can open, view, edit, or save Excel files with the format specified by the title of this policy setting. If you enable this policy... |
| V-99725 | Medium | The default file block behavior must be set to not open blocked files in Excel. | This policy setting allows you to determine whether users can open, view, edit, or save Excel files with the format specified by the title of this policy setting. If you enable this policy... |
| V-99727 | Medium | Open/save of Web pages and Excel 2003 XML spreadsheets must be blocked. | This policy setting allows you to determine whether users can open, view, edit, or save Excel files with the format specified by the title of this policy setting. If you enable this policy... |
| V-99809 | Medium | When a user designs a custom form in Outlook and attempts to bind an Address Information field to a combination or formula custom field, Outlook must automatically deny it. | This policy setting controls what happens when a user designs a custom form in Outlook and attempts to bind an Address Information field to a combination or formula custom field. If you enable... |
| V-99801 | Medium | Level 2 file attachments must be blocked from being delivered. | This policy setting controls which types of attachments (determined by file extension) must be saved to disk before users can open them. Files with specific extensions can be categorized as Level... |
| V-99803 | Medium | Outlook must be configured to not run scripts in forms in which the script and the layout are contained within the message. | This policy setting controls whether scripts can run in Outlook forms in which the script and layout are contained within the message. If you enable this policy setting, scripts can run in one-off... |
| V-99805 | Medium | When a custom action is executed that uses the Outlook object model, Outlook must automatically deny it. | This policy setting controls whether Outlook prompts users before executing a custom action. Custom actions add functionality to Outlook that can be triggered as part of a rule. Among other... |
| V-99807 | Medium | When an untrusted program attempts to programmatically access an Address Book using the Outlook object model, Outlook must automatically deny it. | This policy setting controls what happens when an untrusted program attempts to gain access to an Address Book using the Outlook object model.
If you enable this policy setting, you can choose... |
| V-99737 | Medium | AutoRepublish warning alert in Excel must be enabled. | This policy setting allows administrators to disable the AutoRepublish feature in Excel. If users choose to publish Excel data to a static Web page and enable the AutoRepublish feature, Excel... |
| V-99735 | Medium | AutoRepublish in Excel must be disabled. | This policy setting allows administrators to disable the AutoRepublish feature in Excel. If users choose to publish Excel data to a static Web page and enable the AutoRepublish feature, Excel... |
| V-99733 | Medium | Loading of pictures from Web pages not created in Excel must be disabled. | This policy setting controls whether Excel loads graphics when opening Web pages that were not created in Excel. It configures the "Load pictures from Web pages not created in Excel" option under... |
| V-99731 | Medium | Updating of links in Excel must be prompted and not automatic. | This policy setting controls whether Excel prompts users to update automatic links, or whether the updates occur in the background with no prompt.
If you enable or do not configure this policy... |
| V-99739 | Medium | File extensions must be enabled to match file types in Excel. | This policy setting controls how Excel loads file types that do not match their extension. Excel can load files with extensions that do not match the files' type. For example, if a comma-separated... |
| V-99835 | Medium | File validation in PowerPoint must be enabled. | This policy setting allows you to turn off the file validation feature. If you enable this policy setting, file validation will be turned off. If you disable or do not configure this policy... |
| V-99837 | Medium | Macros from the Internet must be blocked from running in PowerPoint. | This policy setting allows you to block macros from running in Office files that come from the Internet. If you enable this policy setting, macros are blocked from running, even if "Enable all... |
| V-99831 | Medium | The default file block behavior must be set to not open blocked files in PowerPoint. | This policy setting allows you to determine if users can open, view, or edit Word files. If you enable this policy setting, you can set one of these options:
- Blocked files are not opened.
-... |
| V-99833 | Medium | Encrypted macros in PowerPoint Open XML presentations must be scanned. | This policy setting controls whether encrypted macros in Open XML presentations are required to be scanned with anti-virus software before being opened. If you enable this policy setting, you may... |
| V-99637 | Medium | VBA Macros not digitally signed must be blocked in Access. | This policy setting controls how the specified applications warn users when Visual Basic for Applications (VBA) macros are present.
If you enable this policy setting, you can choose from four... |
| V-99635 | Medium | Trust Bar Notifications for unsigned application add-ins in Access must be disabled and blocked. | This policy setting controls whether the specified Office application notifies users when unsigned application add-ins are loaded or silently disable such add-ins without notification. This policy... |
| V-99633 | Medium | Macros must be blocked from running in Access files from the Internet. | This policy setting allows you to block macros from running in Office files that come from the Internet.
If you enable this policy setting, macros are blocked from running, even if “Enable all... |
| V-99695 | Medium | Trusted Locations on the network must be disabled in Excel. | This policy setting controls whether trusted locations on the network can be used.
If you enable this policy setting, users can specify trusted locations on network shares or in other remote... |
| V-100517 | Medium | File validation in Word must be enabled. | This policy setting allows the file validation feature to be turned off.
If this policy setting is enabled, file validation will be turned off.
If this policy setting is disabled or not... |
| V-99743 | Medium | File validation in Excel must be enabled. | This policy setting allows you turn off the file validation feature.
If you enable this policy setting, file validation will be turned off.
If you disable or do not configure this policy... |
| V-99741 | Medium | Scan of encrypted macros in Excel Open XML workbooks must be enabled. | This policy setting controls whether encrypted macros in Open XML workbooks be are required to be scanned with anti-virus software before being opened.
If you enable this policy setting, you may... |
| V-99747 | Medium | Macros must be blocked from running in Excel files from the Internet. | This policy setting allows you to block macros from running in Office files that come from the Internet.
If you enable this policy setting, macros are blocked from running, even if “Enable all... |
| V-99639 | Medium | Allowing Trusted Locations on the network must be disabled in Access. | This policy setting controls whether trusted locations on the network can be used.
If you enable this policy setting, users can specify trusted locations on network shares or in other remote... |
| V-99745 | Medium | WEBSERVICE Function Notification in Excel must be configured to disable all, with notifications. | This policy setting controls how Excel will warn users when WEBSERVICE functions are present.
If you enable this policy setting, you can choose from three options for determining how the... |
| V-99749 | Medium | Trust Bar notification must be enabled for unsigned application add-ins in Excel and blocked. | This policy setting controls whether the specified Office 2016 applications notify users when unsigned application add-ins are loaded or silently disable such add-ins without notification. This... |
| V-99821 | Medium | The Security Level for macros in Outlook must be configured to Warn for signed and disable unsigned. | This policy setting controls the security level for macros in Outlook.
If you enable this policy setting, you can choose from four options for handling macros in Outlook:
- Always warn. This... |
| V-99827 | Medium | The ability to run programs from PowerPoint must be disabled. | This policy setting controls the prompting and activation behavior for the "Run Programs" option for action buttons in PowerPoint.
If you enable this policy setting, you can choose from three... |
| V-99825 | Medium | VBA Macros not digitally signed must be blocked in PowerPoint. | This policy setting controls how the specified applications warn users when Visual Basic for Applications (VBA) macros are present.
If you enable this policy setting, you can choose from four... |
| V-99829 | Medium | Open/Save of PowerPoint 97-2003 presentations, shows, templates, and add-in files must be blocked. | This policy setting allows you to determine whether users can open, view, edit, or save PowerPoint files with the format specified by the title of this policy setting.
If you enable this policy... |
| V-99901 | Medium | Open/Save of Word 95 binary documents and templates must be blocked. | This policy setting allows you to determine whether users can open, view, edit, or save Word files with the format specified by the title of this policy setting. If you enable this policy setting,... |
| V-99903 | Medium | Open/Save of Word 97 binary documents and templates must be blocked. | This policy setting allows you to determine whether users can open, view, edit, or save Word files with the format specified by the title of this policy setting. If you enable this policy setting,... |
| V-99905 | Medium | Open/Save of Word XP binary documents and templates must be blocked. | This policy setting allows you to determine whether users can open, view, edit, or save Word files with the format specified by the title of this policy setting. If you enable this policy setting,... |
| V-99907 | Medium | In Word, macros must be blocked from running, even if Enable all macros is selected in the Macro Settings section of the Trust Center. | This policy setting allows you to block macros from running in Office files that come from the Internet. If you enable this policy setting, macros are blocked from running, even if "Enable all... |
| V-99909 | Medium | Trusted Locations on the network must be disabled in Word. | This policy setting controls whether trusted locations on the network can be used.
If you enable this policy setting, users can specify trusted locations on network shares or in other remote... |
| V-99839 | Medium | Unsigned add-ins in PowerPoint must be blocked with no Trust Bar Notification to the user. | This policy setting controls whether the specified Office application notifies users when unsigned application add-ins are loaded or silently disable such add-ins without notification. This policy... |
| V-99889 | Medium | The default file block behavior must be set to not open blocked files in Word. | This policy setting allows you to determine if users can open, view, or edit Word files.
If you enable this policy setting, you can set one of these options:
- Blocked files are not opened.
-... |
| V-99751 | Medium | Untrusted Microsoft Query files must be blocked from opening in Excel. | This policy setting controls whether Microsoft Query files (.iqy, oqy, .dqy, and .rqy) in an untrusted location are prevented from opening.
If you enable this policy setting, Microsoft Query... |
| V-99753 | Medium | Untrusted database files must be opened in Excel in Protected View mode. | This policy setting controls whether database files (.dbf) opened from an untrusted location are always opened in Protected View.
If you enable this policy setting, database files opened from an... |
| V-99755 | Medium | Files from Internet zone must be opened in Excel in Protected View mode. | This policy setting allows you to determine if files downloaded from the Internet zone open in Protected View.
If you enable this policy setting, files downloaded from the Internet zone do not... |
| V-99757 | Medium | Files from unsafe locations must be opened in Excel in Protected View mode. | This policy setting lets you determine if files located in unsafe locations will open in Protected View. If you have not specified unsafe locations, only the "Downloaded Program Files" and... |
| V-99759 | Medium | Files failing file validation must be opened in Excel in Protected view mode and disallow edits. | This policy setting controls how Office handles documents when they fail file validation.
If you enable this policy setting, you can configure the following options for files that fail file... |
| V-99857 | Medium | Publisher must be configured to prompt the user when another application programmatically opens a macro. | This policy setting controls whether the specified Office application notifies users when unsigned application add-ins are loaded or silently disable such add-ins without notification. This policy... |
| V-99855 | Medium | VBA Macros not digitally signed must be blocked in Project. | This policy setting controls how the specified applications warn users when Visual Basic for Applications (VBA) macros are present.
If you enable this policy setting, you can choose from four... |
| V-99853 | Medium | Project must automatically disable unsigned add-ins without informing users. | This policy setting controls whether the specified Office application notifies users when unsigned application add-ins are loaded or silently disable such add-ins without notification. This policy... |
| V-99697 | Medium | VBA Macros not digitally signed must be blocked in Excel. | This policy setting controls how the specified applications warn users when Visual Basic for Applications (VBA) macros are present.
If you enable this policy setting, you can choose from four... |
| V-99699 | Medium | Dynamic Data Exchange (DDE) server launch in Excel must be blocked. | This policy setting allows you to control whether Dynamic Data Exchange (DDE) server launch is allowed.
By default, DDE server launch is turned off, but users can turn on DDE server launch by... |
| V-99859 | Medium | Publisher must automatically disable unsigned add-ins without informing users. | This policy setting controls whether the specified Office application notifies users when unsigned application add-ins are loaded or silently disable such add-ins without notification. This policy... |
| V-99911 | Medium | VBA Macros not digitally signed must be blocked in Word. | This policy setting controls how the specified applications warn users when Visual Basic for Applications (VBA) macros are present.
If you enable this policy setting, you can choose from four... |
| V-99769 | Medium | Outlook must use remote procedure call (RPC) encryption to communicate with Microsoft Exchange servers. | This policy setting controls whether Outlook uses remote procedure call (RPC) encryption to communicate with Microsoft Exchange servers.
If you enable this policy setting, Outlook uses RPC... |
| V-99765 | Medium | The HTTP fallback for SIP connection in Lync must be disabled. | Prevents from HTTP being used for SIP connection in case TLS or TCP fail. |
| V-99767 | Medium | The Exchange client authentication with Exchange servers must be enabled to use Kerberos Password Authentication. | This policy setting controls which authentication method Outlook uses to authenticate with Microsoft Exchange Server. Note: Exchange Server supports the Kerberos authentication protocol and NTLM... |
| V-99761 | Medium | File attachments from Outlook must be opened in Excel in Protected mode. | This policy setting allows you to determine if Excel files in Outlook attachments open in Protected View.
If you enable this policy setting, Outlook attachments do not open in Protected View.
If... |
| V-99763 | Medium | The SIP security mode in Lync must be enabled. | When Lync connects to the server, it supports various authentication mechanisms. This policy allows the user to specify whether Digest and Basic authentication are supported. Disabled (default):... |
| V-99851 | Medium | Trusted Locations on the network must be disabled in Project. | This policy setting controls whether trusted locations on the network can be used.
If you enable this policy setting, users can specify trusted locations on network shares or in other remote... |
| V-99897 | Medium | Open/Save of Word 2007 and later binary documents and templates must be blocked. | This policy setting allows you to determine whether users can open, view, edit, or save Word files with the format specified by the title of this policy setting. If you enable this policy setting,... |
| V-99845 | Medium | Files in unsafe locations must be opened in Protected view in PowerPoint. | This policy setting determines whether files located in unsafe locations will open in Protected View. If unsafe locations have not been specified, only the "Downloaded Program Files" and... |
| V-99847 | Medium | If file validation fails, files must be opened in Protected view in PowerPoint with ability to edit disabled. | This policy setting controls how Office handles documents when they fail file validation. If you enable this policy setting, you can configure the following options for files that fail file... |
| V-99841 | Medium | Files downloaded from the Internet must be opened in Protected view in PowerPoint. | This policy setting allows you to determine if files downloaded from the Internet zone open in Protected View. If you enable this policy setting, files downloaded from the Internet zone do not... |
| V-99689 | Medium | The Save from URL feature must be enabled in all Office programs. | Typically, when Internet Explorer loads a web page from a Universal Naming Convention (UNC) share that contains a Mark of the Web (MOTW) comment, indicating the page was saved from a site on the... |
| V-99687 | Medium | File Download Restriction must be enabled in all Office programs. | Disabling this setting allows websites to present file download prompts via code without the user specifically initiating the download. User preferences may also allow the download to occur... |
| V-99685 | Medium | ActiveX installation restriction must be enabled in all Office programs. | Microsoft ActiveX controls allow unmanaged, unprotected code to run on the user computers. ActiveX controls do not run within a protected container in the browser like the other types of HTML or... |
| V-99849 | Medium | The use of network locations must be ignored in PowerPoint. | This policy setting controls whether trusted locations on the network can be used. If you enable this policy setting, users can specify trusted locations on network shares or in other remote... |
| V-99681 | Medium | Object Caching Protection must be enabled in all Office programs. | Encryption is only as good as the encryption modules utilized. Unapproved cryptographic module algorithms cannot be verified and cannot be relied upon to provide confidentiality or integrity, and... |
| V-99899 | Medium | Open/Save of Word 6.0 binary documents and templates must be blocked. | This policy setting allows you to determine whether users can open, view, edit, or save Word files with the format specified by the title of this policy setting. If you enable this policy setting,... |
| V-99673 | Medium | The Information Bar must be enabled in all Office programs. | This policy setting controls whether Office 365 ProPlus applications notify users when potentially unsafe features or content are detected, or whether such features or content are silently... |
| V-99671 | Medium | User name and password must be disabled in all Office programs. | The Uniform Resource Locator (URL) standard allows user authentication to be included in URL strings in the form http://username:password@example.com. A malicious user might use this URL syntax to... |
| V-99779 | Medium | Active X One-Off forms must only be enabled to load with Outlook Controls. | By default, third-party ActiveX controls are not allowed to run in one-off forms in Outlook. You can change this behavior so that Safe Controls (Microsoft Forms 2.0 controls and the Outlook... |
| V-99677 | Medium | The MIME Sniffing safety feature must be enabled in all Office programs. | Encryption is only as good as the encryption modules utilized. Unapproved cryptographic module algorithms cannot be verified and cannot be relied upon to provide confidentiality or integrity, and... |
| V-99675 | Medium | The Local Machine Zone Lockdown Security must be enabled in all Office programs. | Internet Explorer places restrictions on each web page users can use the browser to open. Web pages on a user's local computer have the fewest security restrictions and reside in the Local Machine... |
| V-99773 | Medium | Scripts associated with shared folders must be prevented from execution in Outlook. | This policy setting controls whether Outlook executes scripts associated with custom forms or folder home pages for shared folders. |
| V-99679 | Medium | Navigate URL must be enabled in all Office programs. | To protect users from attacks, Internet Explorer usually does not attempt to load malformed URLs. This functionality can be controlled separately for instances of Internet Explorer spawned by... |
| V-99771 | Medium | Scripts associated with public folders must be prevented from execution in Outlook. | This policy setting controls whether Outlook executes scripts that are associated with custom forms or folder home pages for public folders. |
| V-99777 | Medium | Junk e-mail level must be enabled at a setting of High. | This policy setting controls your Junk E-mail protection level. The Junk E-mail Filter in Outlook helps to prevent junk e-mail messages, also known as spam, from cluttering user's Inbox. The... |
| V-99775 | Medium | Files dragged from an Outlook e-mail to the file system must be created in ANSI format. | This policy setting controls whether e-mail messages dragged from Outlook to the file system are saved in Unicode or ANSI format. |
| V-99871 | Medium | Visio 2003-2010 Binary Drawings, Templates and Stencils must be blocked. | This policy setting allows you to determine whether users can open or save Visio files with the format specified by the title of this policy setting.
If you enable this policy setting, you can... |
| V-99873 | Medium | Visio 5.0 or earlier Binary Drawings, Templates and Stencils must be blocked. | This policy setting allows you to determine whether users can open or save Visio files with the format specified by the title of this policy setting.
If you enable this policy setting, you can... |
| V-99875 | Medium | Macros must be blocked from running in Visio files from the Internet. | This policy setting allows you to block macros from running in Office files that come from the Internet.
If you enable this policy setting, macros are blocked from running, even if “Enable all... |
| V-99877 | Medium | Word must automatically disable unsigned add-ins without informing users. | This policy setting controls whether the specified Office application notifies users when unsigned application add-ins are loaded or silently disable such add-ins without notification. This policy... |
| V-99879 | Medium | In Word, encrypted macros must be scanned. | This policy setting controls whether encrypted macros in Open XML documents be are required to be scanned with anti-virus software before being opened.
If you enable this policy setting, you may... |
| V-99843 | Medium | PowerPoint attachments opened from Outlook must be in Protected View. | This policy setting allows for determining whether PowerPoint files in Outlook attachments open in Protected View. If enabling this policy setting, Outlook attachments do not open in Protected... |
| V-99883 | Medium | Files located in unsafe locations must be opened in Protected view in Word. | This policy setting lets you determine if files located in unsafe locations will open in Protected View. If you have not specified unsafe locations, only the "Downloaded Program Files" and... |
