CIS Microsoft Windows 10 Enterprise Release 1909 Benchmark

18.9.77.3.2 (L2) Ensure 'Join Microsoft MAPS' is set to 'Disabled' (Scored) ........1077 18.9.77.7.1 (L1) Ensure 'Turn on behavior monitoring' is set to 'Enabled' (Scored) ....................................................................................................................................................................1080 18.9.77.9.1 (L2) Ensure 'Configure Watson events' is set to 'Disabled' (Scored) ....................................................................................................................................................................1083 18.9.77.10.1 (L1) Ensure 'Scan removable drives' is set to 'Enabled' (Scored) .1085 18.9.77.10.2 (L1) Ensure 'Turn on e-mail scanning' is set to 'Enabled' (Scored) ....................................................................................................................................................................1087 18.9.77.13.1.1 (L1) Ensure 'Configure Attack Surface Reduction rules' is set to 'Enabled' (Scored) ............................................................................................................................1090 18.9.77.13.1.2 (L1) Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is 'configured' (Scored) ...........................................................................1092 18.9.77.13.3.1 (L1) Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block' (Scored) .......................................................................1096 18.9.77.14 (L1) Ensure 'Configure detection for potentially unwanted applications' is set to 'Enabled: Block' (Scored) ................................................................1098 18.9.77.15 (L1) Ensure 'Turn off Windows Defender AntiVirus' is set to 'Disabled' (Scored) .................................................................................................................................................1100 18.9.78Windows Defender Application Guard.......................................................................1103 18.9.78.1 (NG) Ensure 'Allow auditing events in Windows Defender Application Guard' is set to 'Enabled' (Scored) ...........................................................................................1103 18.9.78.2 (NG) Ensure 'Allow camera and microphone access in Windows Defender Application Guard' is set to 'Disabled' (Scored) ............................................1106 18.9.78.3 (NG) Ensure 'Allow data persistence for Windows Defender Application Guard' is set to 'Disabled' (Scored) ..........................................................................................1108 18.9.78.4 (NG) Ensure 'Allow files to download and save to the host operating system fromWindows Defender Application Guard' is set to 'Disabled' (Scored) ....................................................................................................................................................................1110 18.9.78.5 (NG) Ensure 'Allow users to trust files that open in Windows Defender Application Guard' is set to 'Enabled: 0 (Do not allow users to manually trust files)' OR '2 (Allow users to manually trust after an antivirus check)' (Scored) ....................................................................................................................................................................1112 18.9.78.6 (NG) Ensure 'Configure Windows Defender Application Guard clipboard settings: Clipboard behavior setting' is set to 'Enabled: Enable clipboard operation from an isolated session to the host' (Scored) ....................................................................1115

36 | P a g e