| V-71169 | Medium | Object Model Prompt for programmatic email send behavior must be configured.
| This policy setting controls what happens when an untrusted program attempts to send e-mail programmatically using the Outlook object model. If you enable this policy setting, you can choose from... |
| V-71193 | Medium | Trusted add-ins behavior for email must be configured.
| This policy setting can be used to specify a list of trusted add-ins that can be run without being restricted by the security measures in Outlook. If you enable this policy setting, a list of... |
| V-71239 | Medium | Automatic download content for email in Safe Senders list must be disallowed.
| This policy setting controls whether Outlook automatically downloads external content in e-mail from senders in the Safe Senders List or Safe Recipients List. If you enable this policy setting,... |
| V-71195 | Medium | S/Mime interoperability with external clients for message handling must be configured.
| This policy setting controls whether Outlook decodes encrypted messages itself or passes them to an external program for processing. If you enable this policy setting, you can choose from three... |
| V-71235 | Medium | Retrieving of CRL data must be set for online action.
| This policy setting controls how Outlook retrieves Certificate Revocation Lists to verify the validity of certificates.Certificate revocation lists (CRLs) are lists of digital certificates that... |
| V-71237 | Medium | External content and pictures in HTML email must be displayed.
| This policy setting setting controls whether Outlook downloads untrusted pictures and external content located in HTML e-mail messages without users explicitly choosing to download them. If you... |
| V-71231 | Medium | Send all signed messages as clear signed messages must be configured.
| This policy setting controls whether Outlook sends signed messages as clear text signed messages. If you enable this policy setting, the "Send clear text signed message when sending signed... |
| V-71233 | Medium | Automatic sending s/Mime receipt requests must be disallowed.
| This policy setting controls how Outlook handles S/MIME receipt requests. If you enable this policy setting, you can choose from four options for handling S/MIME receipt requests in Outlook:- Open... |
| V-71115 | Medium | Navigation to URLs embedded in Office products must be blocked.
| To protect users from attacks, Internet Explorer usually does not attempt to load malformed URLs. This functionality can be controlled separately for instances of Internet Explorer spawned by... |
| V-71133 | Medium | Level of calendar details that a user can publish must be restricted.
| This policy setting controls the level of calendar details that Outlook users can publish to the Microsoft Outlook Calendar Sharing Service. If you enable this policy setting, you can choose from... |
| V-71131 | Medium | Publishing to a Web Distributed and Authoring (DAV) server must be prevented.
| This policy setting controls whether Outlook users can publish their calendars to a DAV server. If you enable this policy setting, Outlook users cannot publish their calendars to a DAV server. If... |
| V-71259 | Medium | Disabling download full text of articles as HTML must be configured.
| This policy setting controls whether Outlook automatically makes an offline copy of the RSS items as HTML attachments. If you enable this policy setting, Outlook automatically makes an offline... |
| V-71135 | Medium | Access restriction settings for published calendars must be configured.
| This policy setting determines what restrictions apply to users who publish their calendars on Office.com or third-party World Wide Web Distributed Authoring and Versioning (WebDAV) servers. If... |
| V-71271 | Medium | Outlook must be configured not to prompt users to choose security settings if default settings fail.
| Check to prompt the user to choose security settings if default settings fail; uncheck to automatically select.
|
| V-71255 | Medium | Outlook must be configured to force authentication when connecting to an Exchange server.
| This policy setting controls which authentication method Outlook uses to authenticate with Microsoft Exchange Server. Note - Exchange Server supports the Kerberos authentication protocol and NTLM... |
| V-71117 | Medium | Scripted Window Security must be enforced.
| Malicious websites often try to confuse or trick users into giving a site permission to perform an action allowing the site to take control of the users' computers in some manner. Disabling or not... |
| V-71253 | Medium | RPC encryption between Outlook and Exchange server must be enforced.
| This policy setting controls whether Outlook uses remote procedure call (RPC) encryption to communicate with Microsoft Exchange servers. If you enable this policy setting, Outlook uses RPC... |
| V-71273 | Medium | Outlook minimum encryption key length settings must be set.
| This policy setting allows you to set the minimum key length for an encrypted e-mail message. If you enable this policy setting, you may set the minimum key length for an encrypted e-mail message.... |
| V-71251 | Medium | Hyperlinks in suspected phishing email messages must be disallowed.
| This policy setting controls whether hyperlinks in suspected phishing e-mail messages in Outlook are allowed. If you enable this policy setting, Outlook will allow hyperlinks in suspected phishing... |
| V-71119 | Medium | Add-on Management functionality must be allowed.
| Internet Explorer add-ons are pieces of code, run in Internet Explorer, to provide additional functionality. Rogue add-ons may contain viruses or other malicious code. Disabling or not configuring... |
| V-71157 | Medium | Outlook Security Mode must be configured to use Group Policy settings.
| This policy setting controls which set of security settings are enforced in Outlook. If you enable this policy setting, you can choose from four options for enforcing Outlook security settings: *... |
| V-71151 | Medium | The Add-In Trust Level must be configured.
| All installed trusted COM addins can be trusted. Exchange Settings for the addins still override if present and this option is selected.
|
| V-71153 | Medium | The remember password for internet e-mail accounts must be disabled.
| Use this option to hide your user's ability to cache passwords locally in the computer's registry. When configured, this policy will hide the 'Remember Password' checkbox and not allow users to... |
| V-71111 | Medium | Enabling IE Bind to Object functionality must be present.
| Internet Explorer performs a number of safety checks before initializing an ActiveX control. It will not initialize a control if the kill bit for the control is set in the registry, or if the... |
| V-71175 | Medium | Object Model Prompt behavior for Meeting and Task Responses must be configured.
| This policy setting controls what happens when an untrusted program attempts to programmatically send e-mail in Outlook using the Response method of a task or meeting request. If you enable this... |
| V-71173 | Medium | Object Model Prompt behavior for programmatic access of user address data must be configured.
| This policy setting controls what happens when an untrusted program attempts to gain access to a recipient field, such as the 'To:' field, using the Outlook object model. If you enable this policy... |
| V-71171 | Medium | Object Model Prompt behavior for programmatic address books must be configured.
| This policy setting controls what happens when an untrusted program attempts to gain access to an Address Book using the Outlook object model. If you enable this policy setting, you can choose... |
| V-71277 | Medium | Check e-mail addresses against addresses of certificates being used must be disallowed.
| This policy setting controls whether Outlook verifies the user's e-mail address with the address associated with the certificate used for signing. If you enable this policy setting, users can send... |
| V-71113 | Medium | Saved from URL mark to assure Internet zone processing must be enforced.
| Typically, when Internet Explorer loads a web page from a Universal Naming Convention (UNC) share that contains a Mark of the Web (MOTW) comment, indicating the page was saved from a site on the... |
| V-71159 | Medium | The ability to display level 1 attachments must be disallowed.
| This policy setting controls whether Outlook blocks potentially dangerous attachments designated Level 1. Outlook uses two levels of security to restrict users' access to files attached to e-mail... |
| V-71267 | Medium | Automatically downloading enclosures on RSS must be disallowed.
| This policy setting allows you to control whether Outlook automatically downloads enclosures on RSS items. If you enable this policy setting, Outlook will automatically download enclosures on RSS... |
| V-71265 | Medium | User Entries to Server List must be disallowed.
| This policy setting controls whether Outlook users can add entries to the list of SharePoint servers when establishing a meeting workspace. If you enable this policy setting, you can choose... |
| V-71263 | Medium | Internet calendar integration in Outlook must be disabled.
| This policy setting allows you to determine whether or not you want to include Internet Calendar integration in Outlook. The Internet Calendar feature in Outlook enables users to publish calendars... |
| V-71155 | Medium | Users customizing attachment security settings must be prevented.
| This policy setting prevents users from overriding the set of attachments blocked by Outlook. If you enable this policy setting users will be prevented from overriding the set of attachments... |
| V-71275 | Medium | Replies or forwards to signed/encrypted messages must be signed/encrypted.
| This policy setting controls whether replies and forwards to signed/encrypted mail should also be signed/encrypted. If you enable this policy setting, signing/encryption will be turned on when... |
| V-71227 | Medium | Message formats must be set to use SMime.
| This policy setting controls which message encryption formats Outlook can use. Outlook supports three formats for encrypting and signing messages: S/MIME, Exchange, and Fortezza. If you enable... |
| V-71125 | Medium | Protection from zone elevation must be enforced.
| Internet Explorer places restrictions on each web page users can use the browser to open. Web pages on a user's local computer have the fewest security restrictions and reside in the Local Machine... |
| V-71127 | Medium | ActiveX Installs must be configured for proper restriction.
| Microsoft ActiveX controls allow unmanaged, unprotected code to run on the user computers. ActiveX controls do not run within a protected container in the browser like the other types of HTML or... |
| V-71121 | Medium | Links that invoke instances of Internet Explorer from within an Office product must be blocked.
| The Pop-up Blocker feature in Internet Explorer can be used to block most unwanted pop-up and pop-under windows from appearing. This functionality can be controlled separately for instances of... |
| V-71249 | Medium | Always warn on untrusted macros must be enforced.
| This policy setting controls the security level for macros in Outlook. If you enable this policy setting, you can choose from four options for handling macros in Outlook: - Always warn. This... |
| V-71123 | Medium | File Downloads must be configured for proper restrictions.
| Disabling this setting allows websites to present file download prompts via code without the user specifically initiating the download. User preferences may also allow the download to occur... |
| V-71245 | Medium | Internet with Safe Zones for Picture Download must be disabled.
| This policy setting controls whether pictures and external content in HTML e-mail messages from untrusted senders on the Internet are downloaded without Outlook users explicitly choosing to do so.... |
| V-71247 | Medium | Intranet with Safe Zones for automatic picture downloads must be configured.
| This policy setting controls whether pictures and external content in HTML e-mail messages from untrusted senders on the local intranet are downloaded without Outlook users explictly choosing to... |
| V-71129 | Medium | Publishing calendars to Office Online must be prevented. | This policy setting controls whether Outlook users can publish their calendars to the Office.com Calendar Sharing Service. If you enable this policy setting, Outlook users cannot publish their... |
| V-71241 | Medium | Permit download of content from safe zones must be configured.
| This policy setting controls whether Outlook automatically downloads content from safe zones when displaying messages. If you enable this policy setting content from safe zones will be downloaded... |
| V-71243 | Medium | IE Trusted Zones assumed trusted must be blocked.
| This policy setting controls whether pictures from sites in the Trusted Sites security zone are automatically downloaded in Outlook e-mail messages and other items. If you enable this policy... |
| V-71161 | Medium | Level 1 file extensions must be blocked and not removed.
| This policy setting controls which types of attachments (determined by file extension) Outlook prevents from being delivered. Outlook uses two levels of security to restrict users' access to files... |
| V-71145 | Medium | Outlook Object Model scripts must be disallowed to run for shared folders.
| This policy setting controls whether Outlook executes scripts associated with custom forms or folder home pages for shared folders. If you enable this policy setting, Outlook cannot execute any... |
| V-71165 | Medium | Scripts in One-Off Outlook forms must be disallowed.
| This policy setting controls whether scripts can run in Outlook forms in which the script and layout are contained within the message. If you enable this policy setting, scripts can run in one-off... |
| V-71167 | Medium | Custom Outlook Object Model (OOM) action execution prompts must be configured.
| This policy setting controls whether Outlook prompts users before executing a custom action. Custom actions add functionality to Outlook that can be triggered as part of a rule. Among other... |
| V-71261 | Medium | Automatic download of Internet Calendar appointment attachments must be disallowed.
| This policy setting controls whether Outlook downloads files attached to Internet Calendar appointments. If you enable this policy setting, Outlook automatically downloads all Internet Calendar... |
| V-71229 | Medium | Run in FIPS compliant mode must be enforced.
| This policy setting controls whether Outlook is required to use FIPS-compliant algorithms when signing and encrypting messages. Outlook can run in a mode that complies with Federal Information... |
| V-71179 | Medium | Object Model Prompt behavior for accessing User Property Formula must be configured.
| This policy setting controls what happens when a user designs a custom form in Outlook and attempts to bind an Address Information field to a combination or formula custom field. If you enable... |
| V-71147 | Medium | Outlook Object Model scripts must be disallowed to run for public folders.
| This policy setting controls whether Outlook executes scripts that are associated with custom forms or folder home pages for public folders. If you enable this policy setting, Outlook cannot... |
| V-71149 | Medium | ActiveX One-Off forms must be configured.
| By default, third-party ActiveX controls are not allowed to run in one-off forms in Outlook. You can change this behavior so that Safe Controls (Microsoft Forms 2.0 controls and the Outlook... |
| V-71163 | Medium | Level 2 file extensions must be blocked and not removed.
| This policy setting controls which types of attachments (determined by file extension) must be saved to disk before users can open them. Files with specific extensions can be categorized as Level... |
| V-71109 | Medium | Disabling of user name and password syntax from being used in URLs must be enforced.
| The Uniform Resource Locator (URL) standard allows user authentication to be included in URL strings in the form http://username:password@example.com. A malicious user might use this URL syntax to... |
| V-71177 | Medium | Object Model Prompt behavior for the SaveAs method must be configured.
| This policy setting controls what happens when an untrusted program attempts to use the Save As command to programmatically save an item. If you enable this policy setting, you can choose from... |
