| V-228419 | | Disabling of user name and password syntax from being used in URLs must be enforced. | The Uniform Resource Locator (URL) standard allows user authentication to be included in URL strings in the form http://username:password@example.com.... |
| V-228420 | | Enabling IE Bind to Object functionality must be present. | Internet Explorer performs a number of safety checks before initializing an ActiveX control. It will not initialize a control if the kill bit for the ... |
| V-228421 | | Saved from URL mark to assure Internet zone processing must be enforced. | Typically, when Internet Explorer loads a web page from a Universal Naming Convention (UNC) share that contains a Mark of the Web (MOTW) comment, indi... |
| V-228422 | | Navigation to URLs embedded in Office products must be blocked. | To protect users from attacks, Internet Explorer usually does not attempt to load malformed URLs. This functionality can be controlled separately for ... |
| V-228423 | | Scripted Window Security must be enforced. | Malicious websites often try to confuse or trick users into giving a site permission to perform an action allowing the site to take control of the use... |
| V-228424 | | Add-on Management functionality must be allowed. | Internet Explorer add-ons are pieces of code, run in Internet Explorer, to provide additional functionality. Rogue add-ons may contain viruses or othe... |
| V-228425 | | Links that invoke instances of Internet Explorer from within an Office product must be blocked. | The Pop-up Blocker feature in Internet Explorer can be used to block most unwanted pop-up and pop-under windows from appearing. This functionality can... |
| V-228426 | | File Downloads must be configured for proper restrictions. | Disabling this setting allows websites to present file download prompts via code without the user specifically initiating the download. User preferenc... |
| V-228427 | | Protection from zone elevation must be enforced. | Internet Explorer places restrictions on each web page users can use the browser to open. Web pages on a user's local computer have the fewest securit... |
| V-228428 | | ActiveX Installs must be configured for proper restriction. | Microsoft ActiveX controls allow unmanaged, unprotected code to run on the user computers. ActiveX controls do not run within a protected container in... |
| V-228429 | | Publishing calendars to Office Online must be prevented. | This policy setting controls whether Outlook users can publish their calendars to the Office.com Calendar Sharing Service. If you enable this policy s... |
| V-228430 | | Publishing to a Web Distributed and Authoring (DAV) server must be prevented. | This policy setting controls whether Outlook users can publish their calendars to a DAV server. If you enable this policy setting, Outlook users canno... |
| V-228431 | | Level of calendar details that a user can publish must be restricted. | This policy setting controls the level of calendar details that Outlook users can publish to the Microsoft Outlook Calendar Sharing Service. If you en... |
| V-228432 | | Access restriction settings for published calendars must be configured. | This policy setting determines what restrictions apply to users who publish their calendars on Office.com or third-party World Wide Web Distributed Au... |
| V-228433 | | Outlook Object Model scripts must be disallowed to run for shared folders. | This policy setting controls whether Outlook executes scripts associated with custom forms or folder home pages for shared folders. If you enable this... |
| V-228434 | | Outlook Object Model scripts must be disallowed to run for public folders. | This policy setting controls whether Outlook executes scripts that are associated with custom forms or folder home pages for public folders. If you en... |
| V-228435 | | ActiveX One-Off forms must be configured. | By default, third-party ActiveX controls are not allowed to run in one-off forms in Outlook. You can change this behavior so that Safe Controls (Micro... |
| V-228436 | | The Add-In Trust Level must be configured. | All installed trusted COM addins can be trusted. Exchange Settings for the addins still override if present and this option is selected.... |
| V-228437 | | The remember password for internet e-mail accounts must be disabled. | Use this option to hide your user's ability to cache passwords locally in the computer's registry. When configured, this policy will hide the 'Remembe... |
| V-228438 | | Users customizing attachment security settings must be prevented. | This policy setting prevents users from overriding the set of attachments blocked by Outlook. If you enable this policy setting users will be prevente... |
| V-228439 | | Outlook Security Mode must be configured to use Group Policy settings. | This policy setting controls which set of security settings are enforced in Outlook. If you enable this policy setting, you can choose from four optio... |
| V-228440 | | The ability to display level 1 attachments must be disallowed. | This policy setting controls whether Outlook blocks potentially dangerous attachments designated Level 1. Outlook uses two levels of security to restr... |
| V-228441 | | Level 1 file extensions must be blocked and not removed. | This policy setting controls which types of attachments (determined by file extension) Outlook prevents from being delivered. Outlook uses two levels ... |
| V-228442 | | Level 2 file extensions must be blocked and not removed. | This policy setting controls which types of attachments (determined by file extension) must be saved to disk before users can open them. Files with s... |
| V-228443 | | Scripts in One-Off Outlook forms must be disallowed. | This policy setting controls whether scripts can run in Outlook forms in which the script and layout are contained within the message. If you enable t... |
| V-228444 | | Custom Outlook Object Model (OOM) action execution prompts must be configured. | This policy setting controls whether Outlook prompts users before executing a custom action. Custom actions add functionality to Outlook that can be t... |
| V-228445 | | Object Model Prompt for programmatic email send behavior must be configured. | This policy setting controls what happens when an untrusted program attempts to send e-mail programmatically using the Outlook object model. If you en... |
| V-228446 | | Object Model Prompt behavior for programmatic address books must be configured. | This policy setting controls what happens when an untrusted program attempts to gain access to an Address Book using the Outlook object model. If you ... |
| V-228447 | | Object Model Prompt behavior for programmatic access of user address data must be configured. | This policy setting controls what happens when an untrusted program attempts to gain access to a recipient field, such as the 'To:' field, using the O... |
| V-228448 | | Object Model Prompt behavior for Meeting and Task Responses must be configured. | This policy setting controls what happens when an untrusted program attempts to programmatically send e-mail in Outlook using the Response method of a... |
| V-228449 | | Object Model Prompt behavior for the SaveAs method must be configured. | This policy setting controls what happens when an untrusted program attempts to use the Save As command to programmatically save an item. If you enabl... |
| V-228450 | | Object Model Prompt behavior for accessing User Property Formula must be configured. | This policy setting controls what happens when a user designs a custom form in Outlook and attempts to bind an Address Information field to a combinat... |
| V-228451 | | Trusted add-ins behavior for email must be configured. | This policy setting can be used to specify a list of trusted add-ins that can be run without being restricted by the security measures in Outlook. If ... |
| V-228452 | | S/Mime interoperability with external clients for message handling must be configured. | This policy setting controls whether Outlook decodes encrypted messages itself or passes them to an external program for processing. If you enable thi... |
| V-228453 | | Message formats must be set to use SMime. | This policy setting controls which message encryption formats Outlook can use. Outlook supports three formats for encrypting and signing messages: S/M... |
| V-228454 | | Run in FIPS compliant mode must be enforced. | This policy setting controls whether Outlook is required to use FIPS-compliant algorithms when signing and encrypting messages. Outlook can run in a ... |
| V-228455 | | Send all signed messages as clear signed messages must be configured. | This policy setting controls whether Outlook sends signed messages as clear text signed messages. If you enable this policy setting, the "Send clear t... |
| V-228456 | | Automatic sending s/Mime receipt requests must be disallowed. | This policy setting controls how Outlook handles S/MIME receipt requests. If you enable this policy setting, you can choose from four options for hand... |
| V-228457 | | Retrieving of CRL data must be set for online action. | This policy setting controls how Outlook retrieves Certificate Revocation Lists to verify the validity of certificates.Certificate revocation lists (C... |
| V-228458 | | External content and pictures in HTML email must be displayed. | This policy setting setting controls whether Outlook downloads untrusted pictures and external content located in HTML e-mail messages without users e... |
| V-228459 | | Automatic download content for email in Safe Senders list must be disallowed. | This policy setting controls whether Outlook automatically downloads external content in e-mail from senders in the Safe Senders List or Safe Recipien... |
| V-228460 | | Permit download of content from safe zones must be configured. | This policy setting controls whether Outlook automatically downloads content from safe zones when displaying messages. If you enable this policy setti... |
| V-228461 | | IE Trusted Zones assumed trusted must be blocked. | This policy setting controls whether pictures from sites in the Trusted Sites security zone are automatically downloaded in Outlook e-mail messages an... |
| V-228462 | | Internet with Safe Zones for Picture Download must be disabled. | This policy setting controls whether pictures and external content in HTML e-mail messages from untrusted senders on the Internet are downloaded witho... |
| V-228463 | | Intranet with Safe Zones for automatic picture downloads must be configured. | This policy setting controls whether pictures and external content in HTML e-mail messages from untrusted senders on the local intranet are downloaded... |
| V-228464 | | Always warn on untrusted macros must be enforced. | This policy setting controls the security level for macros in Outlook. If you enable this policy setting, you can choose from four options for handlin... |
| V-228465 | | Hyperlinks in suspected phishing email messages must be disallowed. | This policy setting controls whether hyperlinks in suspected phishing e-mail messages in Outlook are allowed. If you enable this policy setting, Outlo... |
| V-228466 | | RPC encryption between Outlook and Exchange server must be enforced. | This policy setting controls whether Outlook uses remote procedure call (RPC) encryption to communicate with Microsoft Exchange servers. If you enable... |
| V-228467 | | Outlook must be configured to force authentication when connecting to an Exchange server. | This policy setting controls which authentication method Outlook uses to authenticate with Microsoft Exchange Server. Note - Exchange Server supports ... |
| V-228468 | | Disabling download full text of articles as HTML must be configured. | This policy setting controls whether Outlook automatically makes an offline copy of the RSS items as HTML attachments. If you enable this policy setti... |
| V-228469 | | Automatic download of Internet Calendar appointment attachments must be disallowed. | This policy setting controls whether Outlook downloads files attached to Internet Calendar appointments. If you enable this policy setting, Outlook au... |
| V-228470 | | Internet calendar integration in Outlook must be disabled. | This policy setting allows the user to determine whether or not to include Internet Calendar integration in Outlook. The Internet Calendar feature in ... |
| V-228471 | | User Entries to Server List must be disallowed. | This policy setting controls whether Outlook users can add entries to the list of SharePoint servers when establishing a meeting workspace. If you ena... |
| V-228472 | | Automatically downloading enclosures on RSS must be disallowed. | This policy setting allows you to control whether Outlook automatically downloads enclosures on RSS items. If you enable this policy setting, Outlook ... |
| V-228473 | | Outlook must be configured not to prompt users to choose security settings if default settings fail. | Check to prompt the user to choose security settings if default settings fail; uncheck to automatically select.... |
| V-228474 | | Outlook minimum encryption key length settings must be set. | This policy setting allows you to set the minimum key length for an encrypted e-mail message. If you enable this policy setting, you may set the minim... |
| V-228475 | | Replies or forwards to signed/encrypted messages must be signed/encrypted. | This policy setting controls whether replies and forwards to signed/encrypted mail should also be signed/encrypted. If you enable this policy setting,... |
| V-228476 | | Check e-mail addresses against addresses of certificates being used must be disallowed. | This policy setting controls whether Outlook verifies the user's e-mail address with the address associated with the certificate used for signing. If ... |
| V-251863 | | Read EMail as plain text must be enforced. | Outlook can display email messages and other items in three formats: plain text, Rich Text Format (RTF), and HTML. By default, Outlook displays email ... |
| V-251865 | | Read signed email as plain text must be enforced. | Outlook can display email messages and other items in three formats: plain text, Rich Text Format (RTF), and HTML. By default, Outlook displays digita... |
| V-251866 | | The default message format must be set to use Plain Text. | Outlook uses HTML as the default email format. HTML format poses a security risk by embedding information into the email itself, which could allow for... |
| V-251867 | | Outlook Rich Text options must be set for converting to plain text format. | Outlook automatically converts Rich Text Format (RTF) messages that are sent over the internet to HTML format, so that the message formatting is maint... |
| V-251872 | | Text in Outlook that represents internet and network paths must not be automatically turned into hyperlinks. | The ability of Outlook to automatically turn text that represents internet and network paths into hyperlinks would allow users to click on those hyper... |
