IntuneSecurityBaselineMicrosoft365AppsForEnterprise¶
Parameters¶
| Parameter | Attribute | DataType | Description | Allowed Values |
|---|---|---|---|---|
| Description | Write | String | Policy description | |
| DisplayName | Key | String | Policy name | |
| RoleScopeTagIds | Write | StringArray[] | List of Scope Tags for this Entity instance. | |
| Id | Write | String | The unique identifier for an entity. Read-only. | |
| DeviceSettings | Write | MSFT_MicrosoftGraphIntuneSettingsCatalogDeviceSettings_IntuneSecurityBaselineMicrosoft365AppsForEnterprise | The policy settings for the device scope | |
| UserSettings | Write | MSFT_MicrosoftGraphIntuneSettingsCatalogUserSettings_IntuneSecurityBaselineMicrosoft365AppsForEnterprise | The policy settings for the user scope | |
| Assignments | Write | MSFT_DeviceManagementConfigurationPolicyAssignments[] | Represents the assignment to the Intune policy. | |
| Ensure | Write | String | Present ensures the policy exists, absent ensures it is removed. | Present, Absent |
| Credential | Write | PSCredential | Credentials of the Admin | |
| ApplicationId | Write | String | Id of the Azure Active Directory application to authenticate with. | |
| TenantId | Write | String | Id of the Azure Active Directory tenant used for authentication. | |
| ApplicationSecret | Write | PSCredential | Secret of the Azure Active Directory tenant used for authentication. | |
| CertificateThumbprint | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | |
| ManagedIdentity | Write | Boolean | Managed ID being used for authentication. | |
| AccessTokens | Write | StringArray[] | Access token used for authentication. |
MSFT_DeviceManagementConfigurationPolicyAssignments¶
Parameters¶
| Parameter | Attribute | DataType | Description | Allowed Values |
|---|---|---|---|---|
| dataType | Write | String | The type of the target assignment. | #microsoft.graph.cloudPcManagementGroupAssignmentTarget, #microsoft.graph.groupAssignmentTarget, #microsoft.graph.allLicensedUsersAssignmentTarget, #microsoft.graph.allDevicesAssignmentTarget, #microsoft.graph.exclusionGroupAssignmentTarget, #microsoft.graph.configurationManagerCollectionAssignmentTarget |
| deviceAndAppManagementAssignmentFilterType | Write | String | The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude. | none, include, exclude |
| deviceAndAppManagementAssignmentFilterId | Write | String | The Id of the filter for the target assignment. | |
| deviceAndAppManagementAssignmentFilterDisplayName | Write | String | The display name of the filter for the target assignment. | |
| groupId | Write | String | The group Id that is the target of the assignment. | |
| groupDisplayName | Write | String | The group Display Name that is the target of the assignment. | |
| collectionId | Write | String | The collection Id that is the target of the assignment.(ConfigMgr) |
MSFT_MicrosoftGraphIntuneSettingsCatalogDeviceSettings_IntuneSecurityBaselineMicrosoft365AppsForEnterprise¶
Parameters¶
| Parameter | Attribute | DataType | Description | Allowed Values |
|---|---|---|---|---|
| Pol_SecGuide_A001_Block_Flash | Write | SInt32 | Block Flash activation in Office documents (0: Disabled, 1: Enabled) | 0, 1 |
| Pol_SecGuide_Block_Flash | Write | String | Block Flash player in Office (Device) - Depends on Pol_SecGuide_A001_Block_Flash (block all flash activation: Block all activation, block embedded flash activation only: Block embedding/linking, allow other activation, allow all flash activation: Allow all activation) | block all flash activation, block embedded flash activation only, allow all flash activation |
| Pol_SecGuide_Legacy_JScript | Write | SInt32 | Restrict legacy JScript execution for Office (0: Disabled, 1: Enabled) | 0, 1 |
| POL_SG_powerpnt | Write | SInt32 | PowerPoint: (Device) - Depends on Pol_SecGuide_Legacy_JScript | |
| POL_SG_onenote | Write | SInt32 | OneNote: (Device) - Depends on Pol_SecGuide_Legacy_JScript | |
| POL_SG_mspub | Write | SInt32 | Publisher: (Device) - Depends on Pol_SecGuide_Legacy_JScript | |
| POL_SG_msaccess | Write | SInt32 | Access: (Device) - Depends on Pol_SecGuide_Legacy_JScript | |
| POL_SG_winproj | Write | SInt32 | Project: (Device) - Depends on Pol_SecGuide_Legacy_JScript | |
| POL_SG_visio | Write | SInt32 | Visio: (Device) - Depends on Pol_SecGuide_Legacy_JScript | |
| POL_SG_outlook | Write | SInt32 | Outlook: (Device) - Depends on Pol_SecGuide_Legacy_JScript | |
| POL_SG_winword | Write | SInt32 | Word: (Device) - Depends on Pol_SecGuide_Legacy_JScript | |
| POL_SG_excel | Write | SInt32 | Excel: (Device) - Depends on Pol_SecGuide_Legacy_JScript | |
| L_PolicyEnableSIPHighSecurityMode | Write | SInt32 | Configure SIP security mode (0: Disabled, 1: Enabled) | 0, 1 |
| L_PolicyDisableHttpConnect | Write | SInt32 | Disable HTTP fallback for SIP connection (0: Disabled, 1: Enabled) | 0, 1 |
| L_AddonManagement | Write | SInt32 | Add-on Management (0: Disabled, 1: Enabled) | 0, 1 |
| L_powerpntexe17 | Write | SInt32 | powerpnt.exe (Device) - Depends on L_AddonManagement (0: False, 1: True) | 0, 1 |
| L_excelexe15 | Write | SInt32 | excel.exe (Device) - Depends on L_AddonManagement (0: False, 1: True) | 0, 1 |
| L_visioexe19 | Write | SInt32 | visio.exe (Device) - Depends on L_AddonManagement (0: False, 1: True) | 0, 1 |
| L_onenoteexe26 | Write | SInt32 | onent.exe (Device) - Depends on L_AddonManagement (0: False, 1: True) | 0, 1 |
| L_outlookexe22 | Write | SInt32 | outlook.exe (Device) - Depends on L_AddonManagement (0: False, 1: True) | 0, 1 |
| L_pptviewexe18 | Write | SInt32 | pptview.exe (Device) - Depends on L_AddonManagement (0: False, 1: True) | 0, 1 |
| L_winwordexe21 | Write | SInt32 | winword.exe (Device) - Depends on L_AddonManagement (0: False, 1: True) | 0, 1 |
| L_exprwdexe24 | Write | SInt32 | exprwd.exe (Device) - Depends on L_AddonManagement (0: False, 1: True) | 0, 1 |
| L_spdesignexe23 | Write | SInt32 | spDesign.exe (Device) - Depends on L_AddonManagement (0: False, 1: True) | 0, 1 |
| L_winprojexe20 | Write | SInt32 | winproj.exe (Device) - Depends on L_AddonManagement (0: False, 1: True) | 0, 1 |
| L_grooveexe14 | Write | SInt32 | groove.exe (Device) - Depends on L_AddonManagement (0: False, 1: True) | 0, 1 |
| L_mspubexe16 | Write | SInt32 | mspub.exe (Device) - Depends on L_AddonManagement (0: False, 1: True) | 0, 1 |
| L_mse7exe27 | Write | SInt32 | mse7.exe (Device) - Depends on L_AddonManagement (0: False, 1: True) | 0, 1 |
| L_msaccessexe25 | Write | SInt32 | msaccess.exe (Device) - Depends on L_AddonManagement (0: False, 1: True) | 0, 1 |
| L_ConsistentMimeHandling | Write | SInt32 | Consistent Mime Handling (0: Disabled, 1: Enabled) | 0, 1 |
| L_excelexe43 | Write | SInt32 | excel.exe (Device) - Depends on L_ConsistentMimeHandling (0: False, 1: True) | 0, 1 |
| L_spdesignexe51 | Write | SInt32 | spDesign.exe (Device) - Depends on L_ConsistentMimeHandling (0: False, 1: True) | 0, 1 |
| L_onenoteexe54 | Write | SInt32 | onent.exe (Device) - Depends on L_ConsistentMimeHandling (0: False, 1: True) | 0, 1 |
| L_outlookexe50 | Write | SInt32 | outlook.exe (Device) - Depends on L_ConsistentMimeHandling (0: False, 1: True) | 0, 1 |
| L_pptviewexe46 | Write | SInt32 | pptview.exe (Device) - Depends on L_ConsistentMimeHandling (0: False, 1: True) | 0, 1 |
| L_mspubexe44 | Write | SInt32 | mspub.exe (Device) - Depends on L_ConsistentMimeHandling (0: False, 1: True) | 0, 1 |
| L_visioexe47 | Write | SInt32 | visio.exe (Device) - Depends on L_ConsistentMimeHandling (0: False, 1: True) | 0, 1 |
| L_winprojexe48 | Write | SInt32 | winproj.exe (Device) - Depends on L_ConsistentMimeHandling (0: False, 1: True) | 0, 1 |
| L_msaccessexe53 | Write | SInt32 | msaccess.exe (Device) - Depends on L_ConsistentMimeHandling (0: False, 1: True) | 0, 1 |
| L_powerpntexe45 | Write | SInt32 | powerpnt.exe (Device) - Depends on L_ConsistentMimeHandling (0: False, 1: True) | 0, 1 |
| L_grooveexe42 | Write | SInt32 | groove.exe (Device) - Depends on L_ConsistentMimeHandling (0: False, 1: True) | 0, 1 |
| L_mse7exe55 | Write | SInt32 | mse7.exe (Device) - Depends on L_ConsistentMimeHandling (0: False, 1: True) | 0, 1 |
| L_winwordexe49 | Write | SInt32 | winword.exe (Device) - Depends on L_ConsistentMimeHandling (0: False, 1: True) | 0, 1 |
| L_exprwdexe52 | Write | SInt32 | exprwd.exe (Device) - Depends on L_ConsistentMimeHandling (0: False, 1: True) | 0, 1 |
| L_Disableusernameandpassword | Write | SInt32 | Disable user name and password (0: Disabled, 1: Enabled) | 0, 1 |
| L_excelexe127 | Write | SInt32 | excel.exe (Device) - Depends on L_Disableusernameandpassword (0: False, 1: True) | 0, 1 |
| L_grooveexe126 | Write | SInt32 | groove.exe (Device) - Depends on L_Disableusernameandpassword (0: False, 1: True) | 0, 1 |
| L_onenoteexe138 | Write | SInt32 | onent.exe (Device) - Depends on L_Disableusernameandpassword (0: False, 1: True) | 0, 1 |
| L_mse7exe139 | Write | SInt32 | mse7.exe (Device) - Depends on L_Disableusernameandpassword (0: False, 1: True) | 0, 1 |
| L_mspubexe128 | Write | SInt32 | mspub.exe (Device) - Depends on L_Disableusernameandpassword (0: False, 1: True) | 0, 1 |
| L_visioexe131 | Write | SInt32 | visio.exe (Device) - Depends on L_Disableusernameandpassword (0: False, 1: True) | 0, 1 |
| L_exprwdexe136 | Write | SInt32 | exprwd.exe (Device) - Depends on L_Disableusernameandpassword (0: False, 1: True) | 0, 1 |
| L_msaccessexe137 | Write | SInt32 | msaccess.exe (Device) - Depends on L_Disableusernameandpassword (0: False, 1: True) | 0, 1 |
| L_spdesignexe135 | Write | SInt32 | spDesign.exe (Device) - Depends on L_Disableusernameandpassword (0: False, 1: True) | 0, 1 |
| L_winwordexe133 | Write | SInt32 | winword.exe (Device) - Depends on L_Disableusernameandpassword (0: False, 1: True) | 0, 1 |
| L_powerpntexe129 | Write | SInt32 | powerpnt.exe (Device) - Depends on L_Disableusernameandpassword (0: False, 1: True) | 0, 1 |
| L_outlookexe134 | Write | SInt32 | outlook.exe (Device) - Depends on L_Disableusernameandpassword (0: False, 1: True) | 0, 1 |
| L_winprojexe132 | Write | SInt32 | winproj.exe (Device) - Depends on L_Disableusernameandpassword (0: False, 1: True) | 0, 1 |
| L_pptviewexe130 | Write | SInt32 | pptview.exe (Device) - Depends on L_Disableusernameandpassword (0: False, 1: True) | 0, 1 |
| L_Informationbar | Write | SInt32 | Information Bar (0: Disabled, 1: Enabled) | 0, 1 |
| L_excelexe113 | Write | SInt32 | excel.exe (Device) - Depends on L_Informationbar (0: False, 1: True) | 0, 1 |
| L_mspubexe114 | Write | SInt32 | mspub.exe (Device) - Depends on L_Informationbar (0: False, 1: True) | 0, 1 |
| L_msaccessexe123 | Write | SInt32 | msaccess.exe (Device) - Depends on L_Informationbar (0: False, 1: True) | 0, 1 |
| L_onenoteexe124 | Write | SInt32 | onent.exe (Device) - Depends on L_Informationbar (0: False, 1: True) | 0, 1 |
| L_outlookexe120 | Write | SInt32 | outlook.exe (Device) - Depends on L_Informationbar (0: False, 1: True) | 0, 1 |
| L_winprojexe118 | Write | SInt32 | winproj.exe (Device) - Depends on L_Informationbar (0: False, 1: True) | 0, 1 |
| L_powerpntexe115 | Write | SInt32 | powerpnt.exe (Device) - Depends on L_Informationbar (0: False, 1: True) | 0, 1 |
| L_spdesignexe121 | Write | SInt32 | spDesign.exe (Device) - Depends on L_Informationbar (0: False, 1: True) | 0, 1 |
| L_grooveexe112 | Write | SInt32 | groove.exe (Device) - Depends on L_Informationbar (0: False, 1: True) | 0, 1 |
| L_visioexe117 | Write | SInt32 | visio.exe (Device) - Depends on L_Informationbar (0: False, 1: True) | 0, 1 |
| L_mse7exe125 | Write | SInt32 | mse7.exe (Device) - Depends on L_Informationbar (0: False, 1: True) | 0, 1 |
| L_winwordexe119 | Write | SInt32 | winword.exe (Device) - Depends on L_Informationbar (0: False, 1: True) | 0, 1 |
| L_exprwdexe122 | Write | SInt32 | exprwd.exe (Device) - Depends on L_Informationbar (0: False, 1: True) | 0, 1 |
| L_pptviewexe116 | Write | SInt32 | pptview.exe (Device) - Depends on L_Informationbar (0: False, 1: True) | 0, 1 |
| L_LocalMachineZoneLockdownSecurity | Write | SInt32 | Local Machine Zone Lockdown Security (0: Disabled, 1: Enabled) | 0, 1 |
| L_mse7exe41 | Write | SInt32 | mse7.exe (Device) - Depends on L_LocalMachineZoneLockdownSecurity (0: False, 1: True) | 0, 1 |
| L_powerpntexe31 | Write | SInt32 | powerpnt.exe (Device) - Depends on L_LocalMachineZoneLockdownSecurity (0: False, 1: True) | 0, 1 |
| L_mspubexe30 | Write | SInt32 | mspub.exe (Device) - Depends on L_LocalMachineZoneLockdownSecurity (0: False, 1: True) | 0, 1 |
| L_outlookexe36 | Write | SInt32 | outlook.exe (Device) - Depends on L_LocalMachineZoneLockdownSecurity (0: False, 1: True) | 0, 1 |
| L_pptviewexe32 | Write | SInt32 | pptview.exe (Device) - Depends on L_LocalMachineZoneLockdownSecurity (0: False, 1: True) | 0, 1 |
| L_excelexe29 | Write | SInt32 | excel.exe (Device) - Depends on L_LocalMachineZoneLockdownSecurity (0: False, 1: True) | 0, 1 |
| L_exprwdexe38 | Write | SInt32 | exprwd.exe (Device) - Depends on L_LocalMachineZoneLockdownSecurity (0: False, 1: True) | 0, 1 |
| L_grooveexe28 | Write | SInt32 | groove.exe (Device) - Depends on L_LocalMachineZoneLockdownSecurity (0: False, 1: True) | 0, 1 |
| L_winwordexe35 | Write | SInt32 | winword.exe (Device) - Depends on L_LocalMachineZoneLockdownSecurity (0: False, 1: True) | 0, 1 |
| L_msaccessexe39 | Write | SInt32 | msaccess.exe (Device) - Depends on L_LocalMachineZoneLockdownSecurity (0: False, 1: True) | 0, 1 |
| L_spdesignexe37 | Write | SInt32 | spDesign.exe (Device) - Depends on L_LocalMachineZoneLockdownSecurity (0: False, 1: True) | 0, 1 |
| L_visioexe33 | Write | SInt32 | visio.exe (Device) - Depends on L_LocalMachineZoneLockdownSecurity (0: False, 1: True) | 0, 1 |
| L_onenoteexe40 | Write | SInt32 | onent.exe (Device) - Depends on L_LocalMachineZoneLockdownSecurity (0: False, 1: True) | 0, 1 |
| L_winprojexe34 | Write | SInt32 | winproj.exe (Device) - Depends on L_LocalMachineZoneLockdownSecurity (0: False, 1: True) | 0, 1 |
| L_MimeSniffingSafetyFature | Write | SInt32 | Mime Sniffing Safety Feature (0: Disabled, 1: Enabled) | 0, 1 |
| L_powerpntexe59 | Write | SInt32 | powerpnt.exe (Device) - Depends on L_MimeSniffingSafetyFature (0: False, 1: True) | 0, 1 |
| L_exprwdexe66 | Write | SInt32 | exprwd.exe (Device) - Depends on L_MimeSniffingSafetyFature (0: False, 1: True) | 0, 1 |
| L_grooveexe56 | Write | SInt32 | groove.exe (Device) - Depends on L_MimeSniffingSafetyFature (0: False, 1: True) | 0, 1 |
| L_visioexe61 | Write | SInt32 | visio.exe (Device) - Depends on L_MimeSniffingSafetyFature (0: False, 1: True) | 0, 1 |
| L_outlookexe64 | Write | SInt32 | outlook.exe (Device) - Depends on L_MimeSniffingSafetyFature (0: False, 1: True) | 0, 1 |
| L_mspubexe58 | Write | SInt32 | mspub.exe (Device) - Depends on L_MimeSniffingSafetyFature (0: False, 1: True) | 0, 1 |
| L_mse7exe69 | Write | SInt32 | mse7.exe (Device) - Depends on L_MimeSniffingSafetyFature (0: False, 1: True) | 0, 1 |
| L_msaccessexe67 | Write | SInt32 | msaccess.exe (Device) - Depends on L_MimeSniffingSafetyFature (0: False, 1: True) | 0, 1 |
| L_pptviewexe60 | Write | SInt32 | pptview.exe (Device) - Depends on L_MimeSniffingSafetyFature (0: False, 1: True) | 0, 1 |
| L_winprojexe62 | Write | SInt32 | winproj.exe (Device) - Depends on L_MimeSniffingSafetyFature (0: False, 1: True) | 0, 1 |
| L_spdesignexe65 | Write | SInt32 | spDesign.exe (Device) - Depends on L_MimeSniffingSafetyFature (0: False, 1: True) | 0, 1 |
| L_onenoteexe68 | Write | SInt32 | onent.exe (Device) - Depends on L_MimeSniffingSafetyFature (0: False, 1: True) | 0, 1 |
| L_winwordexe63 | Write | SInt32 | winword.exe (Device) - Depends on L_MimeSniffingSafetyFature (0: False, 1: True) | 0, 1 |
| L_excelexe57 | Write | SInt32 | excel.exe (Device) - Depends on L_MimeSniffingSafetyFature (0: False, 1: True) | 0, 1 |
| L_NavigateURL | Write | SInt32 | Navigate URL (0: Disabled, 1: Enabled) | 0, 1 |
| L_spdesignexe177 | Write | SInt32 | spDesign.exe (Device) - Depends on L_NavigateURL (0: False, 1: True) | 0, 1 |
| L_onenoteexe180 | Write | SInt32 | onent.exe (Device) - Depends on L_NavigateURL (0: False, 1: True) | 0, 1 |
| L_pptviewexe172 | Write | SInt32 | pptview.exe (Device) - Depends on L_NavigateURL (0: False, 1: True) | 0, 1 |
| L_outlookexe176 | Write | SInt32 | outlook.exe (Device) - Depends on L_NavigateURL (0: False, 1: True) | 0, 1 |
| L_winprojexe174 | Write | SInt32 | winproj.exe (Device) - Depends on L_NavigateURL (0: False, 1: True) | 0, 1 |
| L_msaccessexe179 | Write | SInt32 | msaccess.exe (Device) - Depends on L_NavigateURL (0: False, 1: True) | 0, 1 |
| L_winwordexe175 | Write | SInt32 | winword.exe (Device) - Depends on L_NavigateURL (0: False, 1: True) | 0, 1 |
| L_excelexe169 | Write | SInt32 | excel.exe (Device) - Depends on L_NavigateURL (0: False, 1: True) | 0, 1 |
| L_mspubexe170 | Write | SInt32 | mspub.exe (Device) - Depends on L_NavigateURL (0: False, 1: True) | 0, 1 |
| L_exprwdexe178 | Write | SInt32 | exprwd.exe (Device) - Depends on L_NavigateURL (0: False, 1: True) | 0, 1 |
| L_powerpntexe171 | Write | SInt32 | powerpnt.exe (Device) - Depends on L_NavigateURL (0: False, 1: True) | 0, 1 |
| L_visioexe173 | Write | SInt32 | visio.exe (Device) - Depends on L_NavigateURL (0: False, 1: True) | 0, 1 |
| L_mse7exe181 | Write | SInt32 | mse7.exe (Device) - Depends on L_NavigateURL (0: False, 1: True) | 0, 1 |
| L_grooveexe168 | Write | SInt32 | groove.exe (Device) - Depends on L_NavigateURL (0: False, 1: True) | 0, 1 |
| L_ObjectCachingProtection | Write | SInt32 | Object Caching Protection (0: Disabled, 1: Enabled) | 0, 1 |
| L_winwordexe77 | Write | SInt32 | winword.exe (Device) - Depends on L_ObjectCachingProtection (0: False, 1: True) | 0, 1 |
| L_powerpntexe73 | Write | SInt32 | powerpnt.exe (Device) - Depends on L_ObjectCachingProtection (0: False, 1: True) | 0, 1 |
| L_spdesignexe79 | Write | SInt32 | spDesign.exe (Device) - Depends on L_ObjectCachingProtection (0: False, 1: True) | 0, 1 |
| L_mse7exe83 | Write | SInt32 | mse7.exe (Device) - Depends on L_ObjectCachingProtection (0: False, 1: True) | 0, 1 |
| L_mspubexe72 | Write | SInt32 | mspub.exe (Device) - Depends on L_ObjectCachingProtection (0: False, 1: True) | 0, 1 |
| L_msaccessexe81 | Write | SInt32 | msaccess.exe (Device) - Depends on L_ObjectCachingProtection (0: False, 1: True) | 0, 1 |
| L_onenoteexe82 | Write | SInt32 | onent.exe (Device) - Depends on L_ObjectCachingProtection (0: False, 1: True) | 0, 1 |
| L_outlookexe78 | Write | SInt32 | outlook.exe (Device) - Depends on L_ObjectCachingProtection (0: False, 1: True) | 0, 1 |
| L_grooveexe70 | Write | SInt32 | groove.exe (Device) - Depends on L_ObjectCachingProtection (0: False, 1: True) | 0, 1 |
| L_excelexe71 | Write | SInt32 | excel.exe (Device) - Depends on L_ObjectCachingProtection (0: False, 1: True) | 0, 1 |
| L_visioexe75 | Write | SInt32 | visio.exe (Device) - Depends on L_ObjectCachingProtection (0: False, 1: True) | 0, 1 |
| L_pptviewexe74 | Write | SInt32 | pptview.exe (Device) - Depends on L_ObjectCachingProtection (0: False, 1: True) | 0, 1 |
| L_winprojexe76 | Write | SInt32 | winproj.exe (Device) - Depends on L_ObjectCachingProtection (0: False, 1: True) | 0, 1 |
| L_exprwdexe80 | Write | SInt32 | exprwd.exe (Device) - Depends on L_ObjectCachingProtection (0: False, 1: True) | 0, 1 |
| L_ProtectionFromZoneElevation | Write | SInt32 | Protection From Zone Elevation (0: Disabled, 1: Enabled) | 0, 1 |
| L_mspubexe100 | Write | SInt32 | mspub.exe (Device) - Depends on L_ProtectionFromZoneElevation (0: False, 1: True) | 0, 1 |
| L_visioexe103 | Write | SInt32 | visio.exe (Device) - Depends on L_ProtectionFromZoneElevation (0: False, 1: True) | 0, 1 |
| L_powerpntexe101 | Write | SInt32 | powerpnt.exe (Device) - Depends on L_ProtectionFromZoneElevation (0: False, 1: True) | 0, 1 |
| L_excelexe99 | Write | SInt32 | excel.exe (Device) - Depends on L_ProtectionFromZoneElevation (0: False, 1: True) | 0, 1 |
| L_mse7exe111 | Write | SInt32 | mse7.exe (Device) - Depends on L_ProtectionFromZoneElevation (0: False, 1: True) | 0, 1 |
| L_winwordexe105 | Write | SInt32 | winword.exe (Device) - Depends on L_ProtectionFromZoneElevation (0: False, 1: True) | 0, 1 |
| L_exprwdexe108 | Write | SInt32 | exprwd.exe (Device) - Depends on L_ProtectionFromZoneElevation (0: False, 1: True) | 0, 1 |
| L_msaccessexe109 | Write | SInt32 | msaccess.exe (Device) - Depends on L_ProtectionFromZoneElevation (0: False, 1: True) | 0, 1 |
| L_spdesignexe107 | Write | SInt32 | spDesign.exe (Device) - Depends on L_ProtectionFromZoneElevation (0: False, 1: True) | 0, 1 |
| L_onenoteexe110 | Write | SInt32 | onent.exe (Device) - Depends on L_ProtectionFromZoneElevation (0: False, 1: True) | 0, 1 |
| L_pptviewexe102 | Write | SInt32 | pptview.exe (Device) - Depends on L_ProtectionFromZoneElevation (0: False, 1: True) | 0, 1 |
| L_winprojexe104 | Write | SInt32 | winproj.exe (Device) - Depends on L_ProtectionFromZoneElevation (0: False, 1: True) | 0, 1 |
| L_grooveexe98 | Write | SInt32 | groove.exe (Device) - Depends on L_ProtectionFromZoneElevation (0: False, 1: True) | 0, 1 |
| L_outlookexe106 | Write | SInt32 | outlook.exe (Device) - Depends on L_ProtectionFromZoneElevation (0: False, 1: True) | 0, 1 |
| L_RestrictActiveXInstall | Write | SInt32 | Restrict ActiveX Install (0: Disabled, 1: Enabled) | 0, 1 |
| L_mse7exe | Write | SInt32 | mse7.exe (Device) - Depends on L_RestrictActiveXInstall (0: False, 1: True) | 0, 1 |
| L_powerpntexe | Write | SInt32 | powerpnt.exe (Device) - Depends on L_RestrictActiveXInstall (0: False, 1: True) | 0, 1 |
| L_spDesignexe | Write | SInt32 | spDesign.exe (Device) - Depends on L_RestrictActiveXInstall (0: False, 1: True) | 0, 1 |
| L_onenoteexe | Write | SInt32 | onent.exe (Device) - Depends on L_RestrictActiveXInstall (0: False, 1: True) | 0, 1 |
| L_excelexe | Write | SInt32 | excel.exe (Device) - Depends on L_RestrictActiveXInstall (0: False, 1: True) | 0, 1 |
| L_mspubexe | Write | SInt32 | mspub.exe (Device) - Depends on L_RestrictActiveXInstall (0: False, 1: True) | 0, 1 |
| L_visioexe | Write | SInt32 | visio.exe (Device) - Depends on L_RestrictActiveXInstall (0: False, 1: True) | 0, 1 |
| L_exprwdexe | Write | SInt32 | exprwd.exe (Device) - Depends on L_RestrictActiveXInstall (0: False, 1: True) | 0, 1 |
| L_outlookexe | Write | SInt32 | outlook.exe (Device) - Depends on L_RestrictActiveXInstall (0: False, 1: True) | 0, 1 |
| L_pptviewexe | Write | SInt32 | pptview.exe (Device) - Depends on L_RestrictActiveXInstall (0: False, 1: True) | 0, 1 |
| L_winprojexe | Write | SInt32 | winproj.exe (Device) - Depends on L_RestrictActiveXInstall (0: False, 1: True) | 0, 1 |
| L_winwordexe | Write | SInt32 | winword.exe (Device) - Depends on L_RestrictActiveXInstall (0: False, 1: True) | 0, 1 |
| L_grooveexe | Write | SInt32 | groove.exe (Device) - Depends on L_RestrictActiveXInstall (0: False, 1: True) | 0, 1 |
| L_msaccessexe | Write | SInt32 | msaccess.exe (Device) - Depends on L_RestrictActiveXInstall (0: False, 1: True) | 0, 1 |
| L_RestrictFileDownload | Write | SInt32 | Restrict File Download (0: Disabled, 1: Enabled) | 0, 1 |
| L_visioexe5 | Write | SInt32 | visio.exe (Device) - Depends on L_RestrictFileDownload (0: False, 1: True) | 0, 1 |
| L_winprojexe6 | Write | SInt32 | winproj.exe (Device) - Depends on L_RestrictFileDownload (0: False, 1: True) | 0, 1 |
| L_msaccessexe11 | Write | SInt32 | msaccess.exe (Device) - Depends on L_RestrictFileDownload (0: False, 1: True) | 0, 1 |
| L_spdesignexe9 | Write | SInt32 | spDesign.exe (Device) - Depends on L_RestrictFileDownload (0: False, 1: True) | 0, 1 |
| L_excelexe1 | Write | SInt32 | excel.exe (Device) - Depends on L_RestrictFileDownload (0: False, 1: True) | 0, 1 |
| L_powerpntexe3 | Write | SInt32 | powerpnt.exe (Device) - Depends on L_RestrictFileDownload (0: False, 1: True) | 0, 1 |
| L_mspubexe2 | Write | SInt32 | mspub.exe (Device) - Depends on L_RestrictFileDownload (0: False, 1: True) | 0, 1 |
| L_exprwdexe10 | Write | SInt32 | exprwd.exe (Device) - Depends on L_RestrictFileDownload (0: False, 1: True) | 0, 1 |
| L_outlookexe8 | Write | SInt32 | outlook.exe (Device) - Depends on L_RestrictFileDownload (0: False, 1: True) | 0, 1 |
| L_pptviewexe4 | Write | SInt32 | pptview.exe (Device) - Depends on L_RestrictFileDownload (0: False, 1: True) | 0, 1 |
| L_winwordexe7 | Write | SInt32 | winword.exe (Device) - Depends on L_RestrictFileDownload (0: False, 1: True) | 0, 1 |
| L_onenoteexe12 | Write | SInt32 | onent.exe (Device) - Depends on L_RestrictFileDownload (0: False, 1: True) | 0, 1 |
| L_mse7exe13 | Write | SInt32 | mse7.exe (Device) - Depends on L_RestrictFileDownload (0: False, 1: True) | 0, 1 |
| L_grooveexe0 | Write | SInt32 | groove.exe (Device) - Depends on L_RestrictFileDownload (0: False, 1: True) | 0, 1 |
| L_SavedfromURL | Write | SInt32 | Saved from URL (0: Disabled, 1: Enabled) | 0, 1 |
| L_pptviewexe158 | Write | SInt32 | pptview.exe (Device) - Depends on L_SavedfromURL (0: False, 1: True) | 0, 1 |
| L_exprwdexe164 | Write | SInt32 | exprwd.exe (Device) - Depends on L_SavedfromURL (0: False, 1: True) | 0, 1 |
| L_mse7exe167 | Write | SInt32 | mse7.exe (Device) - Depends on L_SavedfromURL (0: False, 1: True) | 0, 1 |
| L_spdesignexe163 | Write | SInt32 | spDesign.exe (Device) - Depends on L_SavedfromURL (0: False, 1: True) | 0, 1 |
| L_winprojexe160 | Write | SInt32 | winproj.exe (Device) - Depends on L_SavedfromURL (0: False, 1: True) | 0, 1 |
| L_mspubexe156 | Write | SInt32 | mspub.exe (Device) - Depends on L_SavedfromURL (0: False, 1: True) | 0, 1 |
| L_visioexe159 | Write | SInt32 | visio.exe (Device) - Depends on L_SavedfromURL (0: False, 1: True) | 0, 1 |
| L_winwordexe161 | Write | SInt32 | winword.exe (Device) - Depends on L_SavedfromURL (0: False, 1: True) | 0, 1 |
| L_msaccessexe165 | Write | SInt32 | msaccess.exe (Device) - Depends on L_SavedfromURL (0: False, 1: True) | 0, 1 |
| L_onenoteexe166 | Write | SInt32 | onent.exe (Device) - Depends on L_SavedfromURL (0: False, 1: True) | 0, 1 |
| L_outlookexe162 | Write | SInt32 | outlook.exe (Device) - Depends on L_SavedfromURL (0: False, 1: True) | 0, 1 |
| L_grooveexe154 | Write | SInt32 | groove.exe (Device) - Depends on L_SavedfromURL (0: False, 1: True) | 0, 1 |
| L_excelexe155 | Write | SInt32 | excel.exe (Device) - Depends on L_SavedfromURL (0: False, 1: True) | 0, 1 |
| L_powerpntexe157 | Write | SInt32 | powerpnt.exe (Device) - Depends on L_SavedfromURL (0: False, 1: True) | 0, 1 |
| L_ScriptedWindowSecurityRestrictions | Write | SInt32 | Scripted Window Security Restrictions (0: Disabled, 1: Enabled) | 0, 1 |
| L_exprwdexe94 | Write | SInt32 | exprwd.exe (Device) - Depends on L_ScriptedWindowSecurityRestrictions (0: False, 1: True) | 0, 1 |
| L_mse7exe97 | Write | SInt32 | mse7.exe (Device) - Depends on L_ScriptedWindowSecurityRestrictions (0: False, 1: True) | 0, 1 |
| L_mspubexe86 | Write | SInt32 | mspub.exe (Device) - Depends on L_ScriptedWindowSecurityRestrictions (0: False, 1: True) | 0, 1 |
| L_outlookexe92 | Write | SInt32 | outlook.exe (Device) - Depends on L_ScriptedWindowSecurityRestrictions (0: False, 1: True) | 0, 1 |
| L_msaccessexe95 | Write | SInt32 | msaccess.exe (Device) - Depends on L_ScriptedWindowSecurityRestrictions (0: False, 1: True) | 0, 1 |
| L_powerpntexe87 | Write | SInt32 | powerpnt.exe (Device) - Depends on L_ScriptedWindowSecurityRestrictions (0: False, 1: True) | 0, 1 |
| L_grooveexe84 | Write | SInt32 | groove.exe (Device) - Depends on L_ScriptedWindowSecurityRestrictions (0: False, 1: True) | 0, 1 |
| L_excelexe85 | Write | SInt32 | excel.exe (Device) - Depends on L_ScriptedWindowSecurityRestrictions (0: False, 1: True) | 0, 1 |
| L_pptviewexe88 | Write | SInt32 | pptview.exe (Device) - Depends on L_ScriptedWindowSecurityRestrictions (0: False, 1: True) | 0, 1 |
| L_spdesignexe93 | Write | SInt32 | spDesign.exe (Device) - Depends on L_ScriptedWindowSecurityRestrictions (0: False, 1: True) | 0, 1 |
| L_visioexe89 | Write | SInt32 | visio.exe (Device) - Depends on L_ScriptedWindowSecurityRestrictions (0: False, 1: True) | 0, 1 |
| L_onenoteexe96 | Write | SInt32 | onent.exe (Device) - Depends on L_ScriptedWindowSecurityRestrictions (0: False, 1: True) | 0, 1 |
| L_winprojexe90 | Write | SInt32 | winproj.exe (Device) - Depends on L_ScriptedWindowSecurityRestrictions (0: False, 1: True) | 0, 1 |
| L_winwordexe91 | Write | SInt32 | winword.exe (Device) - Depends on L_ScriptedWindowSecurityRestrictions (0: False, 1: True) | 0, 1 |
MSFT_MicrosoftGraphIntuneSettingsCatalogUserSettings_IntuneSecurityBaselineMicrosoft365AppsForEnterprise¶
Parameters¶
| Parameter | Attribute | DataType | Description | Allowed Values |
|---|---|---|---|---|
| MicrosoftAccess_Security_TrustCenter_L_BlockMacroExecutionFromInternet | Write | SInt32 | Block macros from running in Office files from the Internet (User) (0: Disabled, 1: Enabled) | 0, 1 |
| MicrosoftAccess_Security_TrustCenter_L_DisableTrustBarNotificationforunsigned | Write | SInt32 | Disable Trust Bar Notification for unsigned application add-ins and block them (User) (0: Disabled, 1: Enabled) | 0, 1 |
| MicrosoftAccess_Security_TrustCenter_L_RequirethatApplicationExtensionsaresigned | Write | SInt32 | Require that application add-ins are signed by Trusted Publisher (User) (0: Disabled, 1: Enabled) | 0, 1 |
| MicrosoftAccess_Security_TrustCenterTrustedLocations_L_AllowTrustedLocationsOnTheNetwork | Write | SInt32 | Allow Trusted Locations on the network (User) (0: Disabled, 1: Enabled) | 0, 1 |
| MicrosoftAccess_Security_TrustCenter_L_VBAWarningsPolicy | Write | SInt32 | VBA Macro Notification Settings (User) (0: Disabled, 1: Enabled) | 0, 1 |
| MicrosoftAccess_Security_TrustCenter_L_VBAWarningsPolicy_L_Empty | Write | SInt32 | - Depends on MicrosoftAccess_Security_TrustCenter_L_VBAWarningsPolicy (2: Disable all with notification, 3: Disable all except digitally signed macros, 4: Disable all without notification, 1: Enable all macros (not recommended)) | 2, 3, 4, 1 |
| L_Donotshowdataextractionoptionswhenopeningcorruptworkbooks | Write | SInt32 | Do not show data extraction options when opening corrupt workbooks (User) (0: Disabled, 1: Enabled) | 0, 1 |
| L_Asktoupdateautomaticlinks | Write | SInt32 | Ask to update automatic links (User) (0: Disabled, 1: Enabled) | 0, 1 |
| L_LoadpicturesfromWebpagesnotcreatedinExcel | Write | SInt32 | Load pictures from Web pages not created in Excel (User) (0: Disabled, 1: Enabled) | 0, 1 |
| L_DisableAutoRepublish | Write | SInt32 | Disable AutoRepublish (User) (0: Disabled, 1: Enabled) | 0, 1 |
| L_DoNotShowAutoRepublishWarningAlert | Write | SInt32 | Do not show AutoRepublish warning alert (User) (0: Disabled, 1: Enabled) | 0, 1 |
| L_Forcefileextenstionstomatch | Write | SInt32 | Force file extension to match file type (User) (0: Disabled, 1: Enabled) | 0, 1 |
| L_Forcefileextenstionstomatch_L_Empty | Write | SInt32 | - Depends on L_Forcefileextenstionstomatch (0: Allow different, 1: Allow different, but warn, 2: Always match file type) | 0, 1, 2 |
| L_DeterminewhethertoforceencryptedExcel | Write | SInt32 | Scan encrypted macros in Excel Open XML workbooks (User) (0: Disabled, 1: Enabled) | 0, 1 |
| L_DeterminewhethertoforceencryptedExcelDropID | Write | SInt32 | - Depends on L_DeterminewhethertoforceencryptedExcel (0: Scan encrypted macros (default), 1: Scan if anti-virus software available, 2: Load macros without scanning) | 0, 1, 2 |
| L_BlockXLLFromInternet | Write | SInt32 | Block Excel XLL Add-ins that come from an untrusted source (User) (0: Disabled, 1: Enabled) | 0, 1 |
| L_BlockXLLFromInternetEnum | Write | SInt32 | - Depends on L_BlockXLLFromInternet (1: Block, 0: Show Additional Warning, 2: Allow) | 1, 0, 2 |
| MicrosoftExcel_Security_TrustCenter_L_BlockMacroExecutionFromInternet | Write | SInt32 | Block macros from running in Office files from the Internet (User) (0: Disabled, 1: Enabled) | 0, 1 |
| MicrosoftExcel_Security_TrustCenter_L_DisableTrustBarNotificationforunsigned | Write | SInt32 | Disable Trust Bar Notification for unsigned application add-ins and block them (User) (Deprecated) (0: Disabled, 1: Enabled) | 0, 1 |
| L_EnableBlockUnsecureQueryFiles | Write | SInt32 | Always prevent untrusted Microsoft Query files from opening (User) (0: Disabled, 1: Enabled) | 0, 1 |
| L_DBaseIIIANDIVFiles | Write | SInt32 | dBase III / IV files (User) (0: Disabled, 1: Enabled) | 0, 1 |
| L_DBaseIIIANDIVFilesDropID | Write | SInt32 | File block setting: (User) - Depends on L_DBaseIIIANDIVFiles (0: Do not block, 2: Open/Save blocked, use open policy) | 0, 2 |
| L_DifAndSylkFiles | Write | SInt32 | Dif and Sylk files (User) (0: Disabled, 1: Enabled) | 0, 1 |
| L_DifAndSylkFilesDropID | Write | SInt32 | File block setting: (User) - Depends on L_DifAndSylkFiles (0: Do not block, 1: Save blocked, 2: Open/Save blocked, use open policy) | 0, 1, 2 |
| L_Excel2MacrosheetsAndAddInFiles | Write | SInt32 | Excel 2 macrosheets and add-in files (User) (0: Disabled, 1: Enabled) | 0, 1 |
| L_Excel2MacrosheetsAndAddInFilesDropID | Write | SInt32 | File block setting: (User) - Depends on L_Excel2MacrosheetsAndAddInFiles (0: Do not block, 2: Open/Save blocked, use open policy, 3: Block, 4: Open in Protected View, 5: Allow editing and open in Protected View) | 0, 2, 3, 4, 5 |
| L_Excel2Worksheets | Write | SInt32 | Excel 2 worksheets (User) (0: Disabled, 1: Enabled) | 0, 1 |
| L_Excel2WorksheetsDropID | Write | SInt32 | File block setting: (User) - Depends on L_Excel2Worksheets (0: Do not block, 2: Open/Save blocked, use open policy, 3: Block, 4: Open in Protected View, 5: Allow editing and open in Protected View) | 0, 2, 3, 4, 5 |
| L_Excel3MacrosheetsAndAddInFiles | Write | SInt32 | Excel 3 macrosheets and add-in files (User) (0: Disabled, 1: Enabled) | 0, 1 |
| L_Excel3MacrosheetsAndAddInFilesDropID | Write | SInt32 | File block setting: (User) - Depends on L_Excel3MacrosheetsAndAddInFiles (0: Do not block, 2: Open/Save blocked, use open policy, 3: Block, 4: Open in Protected View, 5: Allow editing and open in Protected View) | 0, 2, 3, 4, 5 |
| L_Excel3Worksheets | Write | SInt32 | Excel 3 worksheets (User) (0: Disabled, 1: Enabled) | 0, 1 |
| L_Excel3WorksheetsDropID | Write | SInt32 | File block setting: (User) - Depends on L_Excel3Worksheets (0: Do not block, 2: Open/Save blocked, use open policy, 3: Block, 4: Open in Protected View, 5: Allow editing and open in Protected View) | 0, 2, 3, 4, 5 |
| L_Excel4MacrosheetsAndAddInFiles | Write | SInt32 | Excel 4 macrosheets and add-in files (User) (0: Disabled, 1: Enabled) | 0, 1 |
| L_Excel4MacrosheetsAndAddInFilesDropID | Write | SInt32 | File block setting: (User) - Depends on L_Excel4MacrosheetsAndAddInFiles (0: Do not block, 2: Open/Save blocked, use open policy, 3: Block, 4: Open in Protected View, 5: Allow editing and open in Protected View) | 0, 2, 3, 4, 5 |
| L_Excel4Workbooks | Write | SInt32 | Excel 4 workbooks (User) (0: Disabled, 1: Enabled) | 0, 1 |
| L_Excel4WorkbooksDropID | Write | SInt32 | File block setting: (User) - Depends on L_Excel4Workbooks (0: Do not block, 2: Open/Save blocked, use open policy, 3: Block, 4: Open in Protected View, 5: Allow editing and open in Protected View) | 0, 2, 3, 4, 5 |
| L_Excel4Worksheets | Write | SInt32 | Excel 4 worksheets (User) (0: Disabled, 1: Enabled) | 0, 1 |
| L_Excel4WorksheetsDropID | Write | SInt32 | File block setting: (User) - Depends on L_Excel4Worksheets (0: Do not block, 2: Open/Save blocked, use open policy, 3: Block, 4: Open in Protected View, 5: Allow editing and open in Protected View) | 0, 2, 3, 4, 5 |
| L_Excel95Workbooks | Write | SInt32 | Excel 95 workbooks (User) (0: Disabled, 1: Enabled) | 0, 1 |
| L_Excel95WorkbooksDropID | Write | SInt32 | File block setting: (User) - Depends on L_Excel95Workbooks (0: Do not block, 1: Save blocked, 2: Open/Save blocked, use open policy, 3: Block, 4: Open in Protected View, 5: Allow editing and open in Protected View) | 0, 1, 2, 3, 4, 5 |
| L_Excel9597WorkbooksAndTemplates | Write | SInt32 | Excel 95-97 workbooks and templates (User) (0: Disabled, 1: Enabled) | 0, 1 |
| L_Excel9597WorkbooksAndTemplatesDropID | Write | SInt32 | File block setting: (User) - Depends on L_Excel9597WorkbooksAndTemplates (0: Do not block, 2: Open/Save blocked, use open policy, 3: Block, 4: Open in Protected View, 5: Allow editing and open in Protected View) | 0, 2, 3, 4, 5 |
| L_Excel972003WorkbooksAndTemplates | Write | SInt32 | Excel 97-2003 workbooks and templates (User) (0: Disabled, 1: Enabled) | 0, 1 |
| L_Excel972003WorkbooksAndTemplatesDropID | Write | SInt32 | File block setting: (User) - Depends on L_Excel972003WorkbooksAndTemplates (0: Do not block, 1: Save blocked, 2: Open/Save blocked, use open policy, 3: Block, 4: Open in Protected View, 5: Allow editing and open in Protected View) | 0, 1, 2, 3, 4, 5 |
| MicrosoftExcel_Security_TrustCenterFileBlockSettings_L_SetDefaultFileBlockBehavior | Write | SInt32 | Set default file block behavior (User) (0: Disabled, 1: Enabled) | 0, 1 |
| MicrosoftExcel_Security_TrustCenterFileBlockSettings_L_SetDefaultFileBlockBehaviorDropID | Write | SInt32 | - Depends on MicrosoftExcel_Security_TrustCenterFileBlockSettings_L_SetDefaultFileBlockBehavior (0: Blocked files are not opened, 1: Blocked files open in Protected View and can not be edited, 2: Blocked files open in Protected View and can be edited) | 0, 1, 2 |
| L_WebPagesAndExcel2003XMLSpreadsheets | Write | SInt32 | Web pages and Excel 2003 XML spreadsheets (User) (0: Disabled, 1: Enabled) | 0, 1 |
| L_WebPagesAndExcel2003XMLSpreadsheetsDropID | Write | SInt32 | File block setting: (User) - Depends on L_WebPagesAndExcel2003XMLSpreadsheets (0: Do not block, 1: Save blocked, 2: Open/Save blocked, use open policy, 3: Block, 4: Open in Protected View, 5: Allow editing and open in Protected View) | 0, 1, 2, 3, 4, 5 |
| L_XL4KillSwitchPolicy | Write | SInt32 | Prevent Excel from running XLM macros (User) (0: Disabled, 1: Enabled) | 0, 1 |
| L_EnableDataBaseFileProtectedView | Write | SInt32 | Always open untrusted database files in Protected View (User) (0: Disabled, 1: Enabled) | 0, 1 |
| MicrosoftExcel_Security_TrustCenterProtectedView_L_DoNotOpenFilesFromTheInternetZoneInProtectedView | Write | SInt32 | Do not open files from the Internet zone in Protected View (User) (0: Disabled, 1: Enabled) | 0, 1 |
| MicrosoftExcel_Security_TrustCenterProtectedView_L_DoNotOpenFilesInUnsafeLocationsInProtectedView | Write | SInt32 | Do not open files in unsafe locations in Protected View (User) (0: Disabled, 1: Enabled) | 0, 1 |
| MicrosoftExcel_Security_TrustCenterProtectedView_L_SetDocumentBehaviorIfFileValidationFails | Write | SInt32 | Set document behavior if file validation fails (User) (0: Disabled, 1: Enabled) | 0, 1 |
| MicrosoftExcel_Security_TrustCenterProtectedView_L_SetDocumentBehaviorIfFileValidationFailsStr3 | Write | SInt32 | Checked: Allow edit. Unchecked: Do not allow edit. (User) - Depends on MicrosoftExcel_Security_TrustCenterProtectedView_L_SetDocumentBehaviorIfFileValidationFails (0: False, 1: True) | 0, 1 |
| MicrosoftExcel_Security_TrustCenterProtectedView_L_SetDocumentBehaviorIfFileValidationFailsDropID | Write | SInt32 | - Depends on MicrosoftExcel_Security_TrustCenterProtectedView_L_SetDocumentBehaviorIfFileValidationFails (0: Block files, 1: Open in Protected View) | 0, 1 |
| MicrosoftExcel_Security_TrustCenterProtectedView_L_TurnOffProtectedViewForAttachmentsOpenedFromOutlook | Write | SInt32 | Turn off Protected View for attachments opened from Outlook (User) (0: Disabled, 1: Enabled) | 0, 1 |
| MicrosoftExcel_Security_TrustCenter_L_RequirethatApplicationExtensionsaresigned | Write | SInt32 | Require that application add-ins are signed by Trusted Publisher (User) (0: Disabled, 1: Enabled) | 0, 1 |
| MicrosoftExcel_Security_TrustCenter_L_DisableTrustBarNotificationforunsigned_v2 | Write | SInt32 | Disable Trust Bar Notification for unsigned application add-ins and block them (User) - Depends on MicrosoftExcel_Security_TrustCenter_L_RequirethatApplicationExtensionsaresigned (0: Disabled, 1: Enabled) | 0, 1 |
| MicrosoftExcel_Security_TrustCenterTrustedLocations_L_AllowTrustedLocationsOnTheNetwork | Write | SInt32 | Allow Trusted Locations on the network (User) (0: Disabled, 1: Enabled) | 0, 1 |
| MicrosoftExcel_Security_TrustCenter_L_VBAWarningsPolicy | Write | SInt32 | VBA Macro Notification Settings (User) (0: Disabled, 1: Enabled) | 0, 1 |
| L_empty4 | Write | SInt32 | - Depends on MicrosoftExcel_Security_TrustCenter_L_VBAWarningsPolicy (2: Disable VBA macros with notification, 3: Disable VBA macros except digitally signed macros, 4: Disable VBA macros without notification, 1: Enable VBA macros (not recommended)) | 2, 3, 4, 1 |
| MicrosoftExcel_Security_L_TurnOffFileValidation | Write | SInt32 | Turn off file validation (User) (0: Disabled, 1: Enabled) | 0, 1 |
| L_WebContentWarningLevel | Write | SInt32 | WEBSERVICE Function Notification Settings (User) (0: Disabled, 1: Enabled) | 0, 1 |
| L_WebContentWarningLevelValue | Write | SInt32 | - Depends on L_WebContentWarningLevel (0: Enable all WEBSERVICE functions (not recommended), 1: Disable all with notification, 2: Disable all without notification) | 0, 1, 2 |
| L_NoExtensibilityCustomizationFromDocumentPolicy | Write | SInt32 | Disable UI extending from documents and templates (User) (0: Disabled, 1: Enabled) | 0, 1 |
| L_NoExtensibilityCustomizationFromDocumentPolicyWord | Write | SInt32 | Disallow in Word (User) - Depends on L_NoExtensibilityCustomizationFromDocumentPolicy (0: False, 1: True) | 0, 1 |
| L_NoExtensibilityCustomizationFromDocumentPolicyExcel | Write | SInt32 | Disallow in Excel (User) - Depends on L_NoExtensibilityCustomizationFromDocumentPolicy (0: False, 1: True) | 0, 1 |
| L_NoExtensibilityCustomizationFromDocumentPolicyVisio | Write | SInt32 | Disallow in Visio (User) - Depends on L_NoExtensibilityCustomizationFromDocumentPolicy (0: False, 1: True) | 0, 1 |
| L_NoExtensibilityCustomizationFromDocumentPolicyPowerPoint | Write | SInt32 | Disallow in PowerPoint (User) - Depends on L_NoExtensibilityCustomizationFromDocumentPolicy (0: False, 1: True) | 0, 1 |
| L_NoExtensibilityCustomizationFromDocumentPolicyPublisher | Write | SInt32 | Disallow in Publisher (User) - Depends on L_NoExtensibilityCustomizationFromDocumentPolicy (0: False, 1: True) | 0, 1 |
| L_NoExtensibilityCustomizationFromDocumentPolicyOutlook | Write | SInt32 | Disallow in Outlook (User) - Depends on L_NoExtensibilityCustomizationFromDocumentPolicy (0: False, 1: True) | 0, 1 |
| L_NoExtensibilityCustomizationFromDocumentPolicyProject | Write | SInt32 | Disallow in Project (User) - Depends on L_NoExtensibilityCustomizationFromDocumentPolicy (0: False, 1: True) | 0, 1 |
| L_NoExtensibilityCustomizationFromDocumentPolicyAccess | Write | SInt32 | Disallow in Access (User) - Depends on L_NoExtensibilityCustomizationFromDocumentPolicy (0: False, 1: True) | 0, 1 |
| L_NoExtensibilityCustomizationFromDocumentPolicyInfoPath | Write | SInt32 | Disallow in InfoPath (User) - Depends on L_NoExtensibilityCustomizationFromDocumentPolicy (0: False, 1: True) | 0, 1 |
| L_ActiveXControlInitialization | Write | SInt32 | ActiveX Control Initialization (User) (0: Disabled, 1: Enabled) | 0, 1 |
| L_ActiveXControlInitializationcolon | Write | SInt32 | ActiveX Control Initialization: (User) - Depends on L_ActiveXControlInitialization (1: 1, 2: 2, 3: 3, 4: 4, 5: 5, 6: 6) | 1, 2, 3, 4, 5, 6 |
| L_BasicAuthProxyBehavior | Write | SInt32 | Allow Basic Authentication prompts from network proxies (User) (0: Disabled, 1: Enabled) | 0, 1 |
| L_AllowVbaIntranetRefs | Write | SInt32 | Allow VBA to load typelib references by path from untrusted intranet locations (User) (0: Disabled, 1: Enabled) | 0, 1 |
| L_AutomationSecurity | Write | SInt32 | Automation Security (User) (0: Disabled, 1: Enabled) | 0, 1 |
| L_SettheAutomationSecuritylevel | Write | SInt32 | Set the Automation Security level (User) - Depends on L_AutomationSecurity (3: Disable macros by default, 2: Use application macro security level, 1: Macros enabled (default)) | 3, 2, 1 |
| L_AuthenticationFBABehavior | Write | SInt32 | Control how Office handles form-based sign-in prompts (User) (0: Disabled, 1: Enabled) | 0, 1 |
| L_AuthenticationFBAEnabledHostsID | Write | String | Specify hosts allowed to show form-based sign-in prompts to users: (User) - Depends on L_AuthenticationFBABehavior | |
| L_authenticationFBABehaviorEnum | Write | SInt32 | Behavior: (User) - Depends on L_AuthenticationFBABehavior (1: Block all prompts, 2: Ask the user what to do for each new host, 3: Show prompts only from allowed hosts) | 1, 2, 3 |
| L_DisableStrictVbaRefsSecurityPolicy | Write | SInt32 | Disable additional security checks on VBA library references that may refer to unsafe locations on the local machine (User) (0: Disabled, 1: Enabled) | 0, 1 |
| L_DisableallTrustBarnotificationsfor | Write | SInt32 | Disable all Trust Bar notifications for security issues (User) (0: Disabled, 1: Enabled) | 0, 1 |
| L_Encryptiontypeforirm | Write | SInt32 | Encryption mode for Information Rights Management (IRM) (User) (0: Disabled, 1: Enabled) | 0, 1 |
| L_Encryptiontypeforirmcolon | Write | SInt32 | IRM Encryption Mode: (User) - Depends on L_Encryptiontypeforirm (1: Cipher Block Chaining (CBC), 2: Electronic Codebook (ECB)) | 1, 2 |
| L_Encryptiontypeforpasswordprotectedoffice972003 | Write | SInt32 | Encryption type for password protected Office 97-2003 files (User) (0: Disabled, 1: Enabled) | 0, 1 |
| L_encryptiontypecolon318 | Write | String | Encryption type: (User) - Depends on L_Encryptiontypeforpasswordprotectedoffice972003 | |
| L_Encryptiontypeforpasswordprotectedofficeopen | Write | SInt32 | Encryption type for password protected Office Open XML files (User) (0: Disabled, 1: Enabled) | 0, 1 |
| L_Encryptiontypecolon | Write | String | Encryption type: (User) - Depends on L_Encryptiontypeforpasswordprotectedofficeopen | |
| L_LoadControlsinForms3 | Write | SInt32 | Load Controls in Forms3 (User) (0: Disabled, 1: Enabled) | 0, 1 |
| L_LoadControlsinForms3colon | Write | SInt32 | Load Controls in Forms3: (User) - Depends on L_LoadControlsinForms3 (1: 1, 2: 2, 3: 3, 4: 4) | 1, 2, 3, 4 |
| L_MacroRuntimeScanScope | Write | SInt32 | Macro Runtime Scan Scope (User) (0: Disabled, 1: Enabled) | 0, 1 |
| L_MacroRuntimeScanScopeEnum | Write | SInt32 | - Depends on L_MacroRuntimeScanScope (0: Disable for all documents, 1: Enable for low trust documents, 2: Enable for all documents) | 0, 1, 2 |
| L_Protectdocumentmetadataforrightsmanaged | Write | SInt32 | Protect document metadata for rights managed Office Open XML Files (User) (0: Disabled, 1: Enabled) | 0, 1 |
| L_Allowmixofpolicyanduserlocations | Write | SInt32 | Allow mix of policy and user locations (User) (0: Disabled, 1: Enabled) | 0, 1 |
| L_DisabletheOfficeclientfrompolling | Write | SInt32 | Disable the Office client from polling the SharePoint Server for published links (User) (0: Disabled, 1: Enabled) | 0, 1 |
| L_DisableSmartDocumentsuseofmanifests | Write | SInt32 | Disable Smart Document's use of manifests (User) (0: Disabled, 1: Enabled) | 0, 1 |
| L_OutlookSecurityMode | Write | SInt32 | Outlook Security Mode (User) (0: Disabled, 1: Enabled) | 0, 1 |
| L_OOMAddressAccess | Write | SInt32 | Configure Outlook object model prompt when reading address information (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled) | 0, 1 |
| L_OOMAddressAccess_Setting | Write | SInt32 | Guard behavior: (User) (1: Prompt User, 2: Automatically Approve, 0: Automatically Deny, 3: Prompt user based on computer security) | 1, 2, 0, 3 |
| L_OOMMeetingTaskRequest | Write | SInt32 | Configure Outlook object model prompt when responding to meeting and task requests (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled) | 0, 1 |
| L_OOMMeetingTaskRequest_Setting | Write | SInt32 | Guard behavior: (User) (1: Prompt User, 2: Automatically Approve, 0: Automatically Deny, 3: Prompt user based on computer security) | 1, 2, 0, 3 |
| L_OOMSend | Write | SInt32 | Configure Outlook object model prompt when sending mail (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled) | 0, 1 |
| L_OOMSend_Setting | Write | SInt32 | Guard behavior: (User) (1: Prompt User, 2: Automatically Approve, 0: Automatically Deny, 3: Prompt user based on computer security) | 1, 2, 0, 3 |
| L_Preventusersfromcustomizingattachmentsecuritysettings | Write | SInt32 | Prevent users from customizing attachment security settings (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled) | 0, 1 |
| L_RetrievingCRLsCertificateRevocationLists | Write | SInt32 | Retrieving CRLs (Certificate Revocation Lists) (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled) | 0, 1 |
| L_empty31 | Write | SInt32 | (0: Use system Default, 1: When online always retreive the CRL, 2: Never retreive the CRL) | 0, 1, 2 |
| L_OOMFormula | Write | SInt32 | Configure Outlook object model prompt When accessing the Formula property of a UserProperty object (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled) | 0, 1 |
| L_OOMFormula_Setting | Write | SInt32 | Guard behavior: (User) (1: Prompt User, 2: Automatically Approve, 0: Automatically Deny, 3: Prompt user based on computer security) | 1, 2, 0, 3 |
| L_AuthenticationwithExchangeServer | Write | SInt32 | Authentication with Exchange Server (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled) | 0, 1 |
| L_SelecttheauthenticationwithExchangeserver | Write | String | Select the authentication with Exchange server. (User) (9: Kerberos/NTLM Password Authentication, 16: Kerberos Password Authentication, 10: NTLM Password Authentication, 2147545088: Insert a smart card) | 9, 16, 10, 2147545088 |
| L_EnableRPCEncryption | Write | SInt32 | Enable RPC encryption (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled) | 0, 1 |
| L_Enablelinksinemailmessages | Write | SInt32 | Allow hyperlinks in suspected phishing e-mail messages (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled) | 0, 1 |
| L_OOMAddressBook | Write | SInt32 | Configure Outlook object model prompt when accessing an address book (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled) | 0, 1 |
| L_OOMAddressBook_Setting | Write | SInt32 | Guard behavior: (User) (1: Prompt User, 2: Automatically Approve, 0: Automatically Deny, 3: Prompt user based on computer security) | 1, 2, 0, 3 |
| L_OutlookSecurityPolicy | Write | SInt32 | Outlook Security Policy: (User) - Depends on L_OutlookSecurityMode (0: Outlook Default Security, 1: Use Security Form from 'Outlook Security Settings' Public Folder, 2: Use Security Form from 'Outlook 10 Security Settings' Public Folder, 3: Use Outlook Security Group Policy) | 0, 1, 2, 3 |
| L_AllowUsersToLowerAttachments | Write | SInt32 | Allow users to demote attachments to Level 2 (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled) | 0, 1 |
| L_AllowActiveXOneOffForms | Write | SInt32 | Allow Active X One Off Forms (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled) | 0, 1 |
| L_empty29 | Write | SInt32 | Sets which ActiveX controls to allow. (0: Load only Outlook Controls, 1: Allows only Safe Controls, 2: Allows all ActiveX Controls) | 0, 1, 2 |
| L_EnableScriptsInOneOffForms | Write | SInt32 | Allow scripts in one-off Outlook forms (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled) | 0, 1 |
| L_Level2RemoveFilePolicy | Write | SInt32 | Remove file extensions blocked as Level 2 (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled) | 0, 1 |
| L_removedextensions25 | Write | String | Removed Extensions: (User) | |
| L_MSGUnicodeformatwhendraggingtofilesystem | Write | SInt32 | Use Unicode format when dragging e-mail message to file system (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled) | 0, 1 |
| L_OnExecuteCustomActionOOM | Write | SInt32 | Set Outlook object model custom actions execution prompt (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled) | 0, 1 |
| L_OnExecuteCustomActionOOM_Setting | Write | SInt32 | When executing a custom action: (User) (1: Prompt User, 2: Automatically Approve, 0: Automatically Deny, 3: Prompt user based on computer security) | 1, 2, 0, 3 |
| L_DisableOutlookobjectmodelscriptsforpublicfolders | Write | SInt32 | Do not allow Outlook object model scripts to run for public folders (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled) | 0, 1 |
| L_BlockInternet | Write | SInt32 | Include Internet in Safe Zones for Automatic Picture Download (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled) | 0, 1 |
| L_SecurityLevelOutlook | Write | SInt32 | Security setting for macros (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled) | 0, 1 |
| L_SecurityLevel | Write | SInt32 | Security Level (User) (2: Always warn, 4: Never warn, disable all, 3: Warn for signed, disable unsigned, 1: No security check) | 2, 4, 3, 1 |
| L_Level1RemoveFilePolicy | Write | SInt32 | Remove file extensions blocked as Level 1 (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled) | 0, 1 |
| L_RemovedExtensions | Write | String | Removed Extensions: (User) | |
| L_SignatureWarning | Write | SInt32 | Signature Warning (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled) | 0, 1 |
| L_signaturewarning30 | Write | SInt32 | Signature Warning (User) (0: Let user decide if they want to be warned, 1: Always warn about invalid signatures, 2: Never warn about invalid signatures) | 0, 1, 2 |
| L_Level1Attachments | Write | SInt32 | Display Level 1 attachments (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled) | 0, 1 |
| L_Minimumencryptionsettings | Write | SInt32 | Minimum encryption settings (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled) | 0, 1 |
| L_Minimumkeysizeinbits | Write | SInt32 | Minimum key size (in bits): (User) | |
| L_DisableOutlookobjectmodelscripts | Write | SInt32 | Do not allow Outlook object model scripts to run for shared folders (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled) | 0, 1 |
| L_OOMSaveAs | Write | SInt32 | Configure Outlook object model prompt when executing Save As (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled) | 0, 1 |
| L_OOMSaveAs_Setting | Write | SInt32 | Guard behavior: (User) (1: Prompt User, 2: Automatically Approve, 0: Automatically Deny, 3: Prompt user based on computer security) | 1, 2, 0, 3 |
| L_JunkEmailprotectionlevel | Write | SInt32 | Junk E-mail protection level (User) - Depends on L_OutlookSecurityMode (0: Disabled, 1: Enabled) | 0, 1 |
| L_Selectlevel | Write | String | Select level: (User) (4294967295: No Protection, 6: Low (Default), 3: High, 2147483648: Trusted Lists Only) | 4294967295, 6, 3, 2147483648 |
| L_RunPrograms | Write | SInt32 | Run Programs (User) (0: Disabled, 1: Enabled) | 0, 1 |
| L_RunPrograms_L_Empty | Write | SInt32 | - Depends on L_RunPrograms (0: disable (don't run any programs), 1: enable (prompt user before running), 2: enable all (run without prompting)) | 0, 1, 2 |
| L_Determinewhethertoforceencryptedppt | Write | SInt32 | Scan encrypted macros in PowerPoint Open XML presentations (User) (0: Disabled, 1: Enabled) | 0, 1 |
| L_DeterminewhethertoforceencryptedpptDropID | Write | SInt32 | - Depends on L_Determinewhethertoforceencryptedppt (0: Scan encrypted macros (default), 1: Scan if anti-virus software available, 2: Load macros without scanning) | 0, 1, 2 |
| MicrosoftPowerPoint_Security_TrustCenter_L_BlockMacroExecutionFromInternet | Write | SInt32 | Block macros from running in Office files from the Internet (User) (0: Disabled, 1: Enabled) | 0, 1 |
| MicrosoftPowerPoint_Security_TrustCenter_L_DisableTrustBarNotificationforunsigned | Write | SInt32 | Disable Trust Bar Notification for unsigned application add-ins and block them (User) (Deprecated) (0: Disabled, 1: Enabled) | 0, 1 |
| L_PowerPoint972003PresentationsShowsTemplatesandAddInFiles | Write | SInt32 | PowerPoint 97-2003 presentations, shows, templates and add-in files (User) (0: Disabled, 1: Enabled) | 0, 1 |
| L_PowerPoint972003PresentationsShowsTemplatesandAddInFilesDropID | Write | SInt32 | File block setting: (User) - Depends on L_PowerPoint972003PresentationsShowsTemplatesandAddInFiles (0: Do not block, 1: Save blocked, 2: Open/Save blocked, use open policy, 3: Block, 4: Open in Protected View, 5: Allow editing and open in Protected View) | 0, 1, 2, 3, 4, 5 |
| MicrosoftPowerPoint_Security_TrustCenterFileBlockSettings_L_SetDefaultFileBlockBehavior | Write | SInt32 | Set default file block behavior (User) (0: Disabled, 1: Enabled) | 0, 1 |
| MicrosoftPowerPoint_Security_TrustCenterFileBlockSettings_L_SetDefaultFileBlockBehaviorDropID | Write | SInt32 | - Depends on MicrosoftPowerPoint_Security_TrustCenterFileBlockSettings_L_SetDefaultFileBlockBehavior (0: Blocked files are not opened, 1: Blocked files open in Protected View and can not be edited, 2: Blocked files open in Protected View and can be edited) | 0, 1, 2 |
| MicrosoftPowerPoint_Security_TrustCenterProtectedView_L_DoNotOpenFilesFromTheInternetZoneInProtectedView | Write | SInt32 | Do not open files from the Internet zone in Protected View (User) (0: Disabled, 1: Enabled) | 0, 1 |
| MicrosoftPowerPoint_Security_TrustCenterProtectedView_L_DoNotOpenFilesInUnsafeLocationsInProtectedView | Write | SInt32 | Do not open files in unsafe locations in Protected View (User) (0: Disabled, 1: Enabled) | 0, 1 |
| MicrosoftPowerPoint_Security_TrustCenterProtectedView_L_SetDocumentBehaviorIfFileValidationFails | Write | SInt32 | Set document behavior if file validation fails (User) (0: Disabled, 1: Enabled) | 0, 1 |
| MicrosoftPowerPoint_Security_TrustCenterProtectedView_L_SetDocumentBehaviorIfFileValidationFailsStr3 | Write | SInt32 | Checked: Allow edit. Unchecked: Do not allow edit. (User) - Depends on MicrosoftPowerPoint_Security_TrustCenterProtectedView_L_SetDocumentBehaviorIfFileValidationFails (0: False, 1: True) | 0, 1 |
| MicrosoftPowerPoint_Security_TrustCenterProtectedView_L_SetDocumentBehaviorIfFileValidationFailsDropID | Write | SInt32 | - Depends on MicrosoftPowerPoint_Security_TrustCenterProtectedView_L_SetDocumentBehaviorIfFileValidationFails (0: Block files, 1: Open in Protected View) | 0, 1 |
| MicrosoftPowerPoint_Security_TrustCenterProtectedView_L_TurnOffProtectedViewForAttachmentsOpenedFromOutlook | Write | SInt32 | Turn off Protected View for attachments opened from Outlook (User) (0: Disabled, 1: Enabled) | 0, 1 |
| MicrosoftPowerPoint_Security_TrustCenter_L_RequirethatApplicationExtensionsaresigned | Write | SInt32 | Require that application add-ins are signed by Trusted Publisher (User) (0: Disabled, 1: Enabled) | 0, 1 |
| MicrosoftPowerPoint_Security_TrustCenter_L_DisableTrustBarNotificationforunsigned_v2 | Write | SInt32 | Disable Trust Bar Notification for unsigned application add-ins and block them (User) - Depends on MicrosoftPowerPoint_Security_TrustCenter_L_RequirethatApplicationExtensionsaresigned (0: Disabled, 1: Enabled) | 0, 1 |
| MicrosoftPowerPoint_Security_TrustCenterTrustedLocations_L_AllowTrustedLocationsOnTheNetwork | Write | SInt32 | Allow Trusted Locations on the network (User) (0: Disabled, 1: Enabled) | 0, 1 |
| MicrosoftPowerPoint_Security_TrustCenter_L_VBAWarningsPolicy | Write | SInt32 | VBA Macro Notification Settings (User) (0: Disabled, 1: Enabled) | 0, 1 |
| L_empty3 | Write | SInt32 | - Depends on MicrosoftPowerPoint_Security_TrustCenter_L_VBAWarningsPolicy (2: Disable all with notification, 3: Disable all except digitally signed macros, 4: Disable all without notification, 1: Enable all macros (not recommended)) | 2, 3, 4, 1 |
| MicrosoftPowerPoint_Security_L_TurnOffFileValidation | Write | SInt32 | Turn off file validation (User) (0: Disabled, 1: Enabled) | 0, 1 |
| MicrosoftProject_Security_TrustCenter_L_AllowTrustedLocationsOnTheNetwork | Write | SInt32 | Allow Trusted Locations on the network (User) (0: Disabled, 1: Enabled) | 0, 1 |
| MicrosoftProject_Security_TrustCenter_L_DisableTrustBarNotificationforunsigned | Write | SInt32 | Disable Trust Bar Notification for unsigned application add-ins and block them (User) (Deprecated) (0: Disabled, 1: Enabled) | 0, 1 |
| MicrosoftProject_Security_TrustCenter_L_RequirethatApplicationExtensionsaresigned | Write | SInt32 | Require that application add-ins are signed by Trusted Publisher (User) (0: Disabled, 1: Enabled) | 0, 1 |
| MicrosoftProject_Security_TrustCenter_L_DisableTrustBarNotificationforunsigned_v2 | Write | SInt32 | Disable Trust Bar Notification for unsigned application add-ins and block them (User) - Depends on MicrosoftProject_Security_TrustCenter_L_RequirethatApplicationExtensionsaresigned (0: Disabled, 1: Enabled) | 0, 1 |
| MicrosoftProject_Security_TrustCenter_L_VBAWarningsPolicy | Write | SInt32 | VBA Macro Notification Settings (User) (0: Disabled, 1: Enabled) | 0, 1 |
| MicrosoftProject_Security_TrustCenter_L_VBAWarningsPolicy_L_Empty | Write | SInt32 | - Depends on MicrosoftProject_Security_TrustCenter_L_VBAWarningsPolicy (2: Disable all with notification, 3: Disable all except digitally signed macros, 4: Disable all without notification, 1: Enable all macros (not recommended)) | 2, 3, 4, 1 |
| L_PublisherAutomationSecurityLevel | Write | SInt32 | Publisher Automation Security Level (User) (0: Disabled, 1: Enabled) | 0, 1 |
| L_PublisherAutomationSecurityLevel_L_Empty | Write | SInt32 | - Depends on L_PublisherAutomationSecurityLevel (1: Low (enabled), 2: By UI (prompted), 3: High (disabled)) | 1, 2, 3 |
| MicrosoftPublisherV3_Security_TrustCenter_L_BlockMacroExecutionFromInternet | Write | SInt32 | Block macros from running in Office files from the internet (User) (0: Disabled, 1: Enabled) | 0, 1 |
| MicrosoftPublisherV2_Security_TrustCenter_L_DisableTrustBarNotificationforunsigned | Write | SInt32 | Disable Trust Bar Notification for unsigned application add-ins (User) (Deprecated) (0: Disabled, 1: Enabled) | 0, 1 |
| MicrosoftPublisherV2_Security_TrustCenter_L_RequirethatApplicationExtensionsaresigned | Write | SInt32 | Require that application add-ins are signed by Trusted Publisher (User) (0: Disabled, 1: Enabled) | 0, 1 |
| MicrosoftPublisherV2_Security_TrustCenter_L_DisableTrustBarNotificationforunsigned_v2 | Write | SInt32 | Disable Trust Bar Notification for unsigned application add-ins (User) - Depends on MicrosoftPublisherV2_Security_TrustCenter_L_RequirethatApplicationExtensionsaresigned (0: Disabled, 1: Enabled) | 0, 1 |
| MicrosoftPublisherV2_Security_TrustCenter_L_VBAWarningsPolicy | Write | SInt32 | VBA Macro Notification Settings (User) (0: Disabled, 1: Enabled) | 0, 1 |
| L_empty0 | Write | SInt32 | - Depends on MicrosoftPublisherV2_Security_TrustCenter_L_VBAWarningsPolicy (2: Disable all with notification, 3: Disable all except digitally signed macros, 4: Disable all without notification, 1: Enable all macros (not recommended)) | 2, 3, 4, 1 |
| MicrosoftVisio_Security_TrustCenter_L_AllowTrustedLocationsOnTheNetwork | Write | SInt32 | Allow Trusted Locations on the network (User) (0: Disabled, 1: Enabled) | 0, 1 |
| MicrosoftVisio_Security_TrustCenter_L_BlockMacroExecutionFromInternet | Write | SInt32 | Block macros from running in Office files from the Internet (User) (0: Disabled, 1: Enabled) | 0, 1 |
| MicrosoftVisio_Security_TrustCenter_L_DisableTrustBarNotificationforunsigned | Write | SInt32 | Disable Trust Bar Notification for unsigned application add-ins and block them (User) (Deprecated) (0: Disabled, 1: Enabled) | 0, 1 |
| L_Visio2000Files | Write | SInt32 | Visio 2000-2002 Binary Drawings, Templates and Stencils (User) (0: Disabled, 1: Enabled) | 0, 1 |
| L_Visio2000FilesDropID | Write | SInt32 | File block setting: (User) - Depends on L_Visio2000Files (0: Do not block, 2: Open/Save blocked) | 0, 2 |
| L_Visio2003Files | Write | SInt32 | Visio 2003-2010 Binary Drawings, Templates and Stencils (User) (0: Disabled, 1: Enabled) | 0, 1 |
| L_Visio2003FilesDropID | Write | SInt32 | File block setting: (User) - Depends on L_Visio2003Files (0: Do not block, 1: Save blocked, 2: Open/Save blocked) | 0, 1, 2 |
| L_Visio50AndEarlierFiles | Write | SInt32 | Visio 5.0 or earlier Binary Drawings, Templates and Stencils (User) (0: Disabled, 1: Enabled) | 0, 1 |
| L_Visio50AndEarlierFilesDropID | Write | SInt32 | File block setting: (User) - Depends on L_Visio50AndEarlierFiles (0: Do not block, 2: Open/Save blocked) | 0, 2 |
| MicrosoftVisio_Security_TrustCenter_L_RequirethatApplicationExtensionsaresigned | Write | SInt32 | Require that application add-ins are signed by Trusted Publisher (User) (0: Disabled, 1: Enabled) | 0, 1 |
| MicrosoftVisio_Security_TrustCenter_L_DisableTrustBarNotificationforunsigned_v2 | Write | SInt32 | Disable Trust Bar Notification for unsigned application add-ins and block them (User) - Depends on MicrosoftVisio_Security_TrustCenter_L_RequirethatApplicationExtensionsaresigned (0: Disabled, 1: Enabled) | 0, 1 |
| MicrosoftVisio_Security_TrustCenter_L_VBAWarningsPolicy | Write | SInt32 | VBA Macro Notification Settings (User) (0: Disabled, 1: Enabled) | 0, 1 |
| MicrosoftVisio_Security_TrustCenter_L_VBAWarningsPolicy_L_Empty | Write | SInt32 | - Depends on MicrosoftVisio_Security_TrustCenter_L_VBAWarningsPolicy (2: Disable all with notification, 3: Disable all except digitally signed macros, 4: Disable all without notification, 1: Enable all macros (not recommended)) | 2, 3, 4, 1 |
| MicrosoftWord_Security_TrustCenter_L_BlockMacroExecutionFromInternet | Write | SInt32 | Block macros from running in Office files from the Internet (User) (0: Disabled, 1: Enabled) | 0, 1 |
| MicrosoftWord_Security_TrustCenter_L_DisableTrustBarNotificationforunsigned | Write | SInt32 | Disable Trust Bar Notification for unsigned application add-ins and block them (User) (Deprecated) (0: Disabled, 1: Enabled) | 0, 1 |
| L_AllowDDE | Write | SInt32 | Dynamic Data Exchange (User) (0: Disabled, 1: Enabled) | 0, 1 |
| L_AllowDDEDropID | Write | SInt32 | Dynamic Data Exchange setting (User) - Depends on L_AllowDDE (1: Limited Dynamic Data Exchange, 2: Allow Dynamic Data Exchange) | 1, 2 |
| MicrosoftWord_Security_TrustCenterFileBlockSettings_L_SetDefaultFileBlockBehavior | Write | SInt32 | Set default file block behavior (User) (0: Disabled, 1: Enabled) | 0, 1 |
| MicrosoftWord_Security_TrustCenterFileBlockSettings_L_SetDefaultFileBlockBehaviorDropID | Write | SInt32 | - Depends on MicrosoftWord_Security_TrustCenterFileBlockSettings_L_SetDefaultFileBlockBehavior (0: Blocked files are not opened, 1: Blocked files open in Protected View and can not be edited, 2: Blocked files open in Protected View and can be edited) | 0, 1, 2 |
| L_Word2AndEarlierBinaryDocumentsAndTemplates | Write | SInt32 | Word 2 and earlier binary documents and templates (User) (0: Disabled, 1: Enabled) | 0, 1 |
| L_Word2AndEarlierBinaryDocumentsAndTemplatesDropID | Write | SInt32 | File block setting: (User) - Depends on L_Word2AndEarlierBinaryDocumentsAndTemplates (0: Do not block, 2: Open/Save blocked, use open policy, 3: Block, 4: Open in Protected View, 5: Allow editing and open in Protected View) | 0, 2, 3, 4, 5 |
| L_Word2000BinaryDocumentsAndTemplates | Write | SInt32 | Word 2000 binary documents and templates (User) (0: Disabled, 1: Enabled) | 0, 1 |
| L_Word2000BinaryDocumentsAndTemplatesDropID | Write | SInt32 | File block setting: (User) - Depends on L_Word2000BinaryDocumentsAndTemplates (0: Do not block, 2: Open/Save blocked, use open policy, 3: Block, 4: Open in Protected View, 5: Allow editing and open in Protected View) | 0, 2, 3, 4, 5 |
| L_Word2003BinaryDocumentsAndTemplates | Write | SInt32 | Word 2003 binary documents and templates (User) (0: Disabled, 1: Enabled) | 0, 1 |
| L_Word2003BinaryDocumentsAndTemplatesDropID | Write | SInt32 | File block setting: (User) - Depends on L_Word2003BinaryDocumentsAndTemplates (0: Do not block, 2: Open/Save blocked, use open policy, 3: Block, 4: Open in Protected View, 5: Allow editing and open in Protected View) | 0, 2, 3, 4, 5 |
| L_Word2007AndLaterBinaryDocumentsAndTemplates | Write | SInt32 | Word 2007 and later binary documents and templates (User) (0: Disabled, 1: Enabled) | 0, 1 |
| L_Word2007AndLaterBinaryDocumentsAndTemplatesDropID | Write | SInt32 | File block setting: (User) - Depends on L_Word2007AndLaterBinaryDocumentsAndTemplates (0: Do not block, 1: Save blocked, 2: Open/Save blocked, use open policy, 3: Block, 4: Open in Protected View, 5: Allow editing and open in Protected View) | 0, 1, 2, 3, 4, 5 |
| L_Word6Pt0BinaryDocumentsAndTemplates | Write | SInt32 | Word 6.0 binary documents and templates (User) (0: Disabled, 1: Enabled) | 0, 1 |
| L_Word6Pt0BinaryDocumentsAndTemplatesDropID | Write | SInt32 | File block setting: (User) - Depends on L_Word6Pt0BinaryDocumentsAndTemplates (0: Do not block, 2: Open/Save blocked, use open policy, 3: Block, 4: Open in Protected View, 5: Allow editing and open in Protected View) | 0, 2, 3, 4, 5 |
| L_Word95BinaryDocumentsAndTemplates | Write | SInt32 | Word 95 binary documents and templates (User) (0: Disabled, 1: Enabled) | 0, 1 |
| L_Word95BinaryDocumentsAndTemplatesDropID | Write | SInt32 | File block setting: (User) - Depends on L_Word95BinaryDocumentsAndTemplates (0: Do not block, 2: Open/Save blocked, use open policy, 3: Block, 4: Open in Protected View, 5: Allow editing and open in Protected View) | 0, 2, 3, 4, 5 |
| L_Word97BinaryDocumentsAndTemplates | Write | SInt32 | Word 97 binary documents and templates (User) (0: Disabled, 1: Enabled) | 0, 1 |
| L_Word97BinaryDocumentsAndTemplatesDropID | Write | SInt32 | File block setting: (User) - Depends on L_Word97BinaryDocumentsAndTemplates (0: Do not block, 2: Open/Save blocked, use open policy, 3: Block, 4: Open in Protected View, 5: Allow editing and open in Protected View) | 0, 2, 3, 4, 5 |
| L_WordXPBinaryDocumentsAndTemplates | Write | SInt32 | Word XP binary documents and templates (User) (0: Disabled, 1: Enabled) | 0, 1 |
| L_WordXPBinaryDocumentsAndTemplatesDropID | Write | SInt32 | File block setting: (User) - Depends on L_WordXPBinaryDocumentsAndTemplates (0: Do not block, 2: Open/Save blocked, use open policy, 3: Block, 4: Open in Protected View, 5: Allow editing and open in Protected View) | 0, 2, 3, 4, 5 |
| MicrosoftWord_Security_TrustCenterProtectedView_L_DoNotOpenFilesFromTheInternetZoneInProtectedView | Write | SInt32 | Do not open files from the Internet zone in Protected View (User) (0: Disabled, 1: Enabled) | 0, 1 |
| MicrosoftWord_Security_TrustCenterProtectedView_L_DoNotOpenFilesInUnsafeLocationsInProtectedView | Write | SInt32 | Do not open files in unsafe locations in Protected View (User) (0: Disabled, 1: Enabled) | 0, 1 |
| MicrosoftWord_Security_TrustCenterProtectedView_L_SetDocumentBehaviorIfFileValidationFails | Write | SInt32 | Set document behavior if file validation fails (User) (0: Disabled, 1: Enabled) | 0, 1 |
| MicrosoftWord_Security_TrustCenterProtectedView_L_SetDocumentBehaviorIfFileValidationFailsDropID | Write | SInt32 | - Depends on MicrosoftWord_Security_TrustCenterProtectedView_L_SetDocumentBehaviorIfFileValidationFails (0: Block files, 1: Open in Protected View) | 0, 1 |
| MicrosoftWord_Security_TrustCenterProtectedView_L_SetDocumentBehaviorIfFileValidationFailsStr3 | Write | SInt32 | Checked: Allow edit. Unchecked: Do not allow edit. (User) - Depends on MicrosoftWord_Security_TrustCenterProtectedView_L_SetDocumentBehaviorIfFileValidationFails (0: False, 1: True) | 0, 1 |
| MicrosoftWord_Security_TrustCenterProtectedView_L_TurnOffProtectedViewForAttachmentsOpenedFromOutlook | Write | SInt32 | Turn off Protected View for attachments opened from Outlook (User) (0: Disabled, 1: Enabled) | 0, 1 |
| MicrosoftWord_Security_TrustCenter_L_RequirethatApplicationExtensionsaresigned | Write | SInt32 | Require that application add-ins are signed by Trusted Publisher (User) (0: Disabled, 1: Enabled) | 0, 1 |
| MicrosoftWord_Security_TrustCenter_L_DisableTrustBarNotificationforunsigned_v2 | Write | SInt32 | Disable Trust Bar Notification for unsigned application add-ins and block them (User) - Depends on MicrosoftWord_Security_TrustCenter_L_RequirethatApplicationExtensionsaresigned (0: Disabled, 1: Enabled) | 0, 1 |
| L_DeterminewhethertoforceencryptedWord | Write | SInt32 | Scan encrypted macros in Word Open XML documents (User) (0: Disabled, 1: Enabled) | 0, 1 |
| L_DeterminewhethertoforceencryptedWordDropID | Write | SInt32 | - Depends on L_DeterminewhethertoforceencryptedWord (0: Scan encrypted macros (default), 1: Scan if anti-virus software available, 2: Load macros without scanning) | 0, 1, 2 |
| MicrosoftWord_Security_TrustCenter_L_VBAWarningsPolicy | Write | SInt32 | VBA Macro Notification Settings (User) (0: Disabled, 1: Enabled) | 0, 1 |
| L_empty19 | Write | SInt32 | - Depends on MicrosoftWord_Security_TrustCenter_L_VBAWarningsPolicy (2: Disable all with notification, 3: Disable all except digitally signed macros, 4: Disable all without notification, 1: Enable all macros (not recommended)) | 2, 3, 4, 1 |
| MicrosoftWord_Security_L_TurnOffFileValidation | Write | SInt32 | Turn off file validation (User) (0: Disabled, 1: Enabled) | 0, 1 |
| MicrosoftWord_Security_TrustCenterTrustedLocations_L_AllowTrustedLocationsOnTheNetwork | Write | SInt32 | Allow Trusted Locations on the network (User) (0: Disabled, 1: Enabled) | 0, 1 |
Description¶
Intune Security Baseline Microsoft365 Apps For Enterprise
Permissions¶
Microsoft Graph¶
To authenticate with the Microsoft Graph API, this resource required the following permissions:
Delegated permissions¶
-
Read
- Group.Read.All, DeviceManagementConfiguration.Read.All
-
Update
- Group.Read.All, DeviceManagementConfiguration.ReadWrite.All
Application permissions¶
-
Read
- Group.Read.All, DeviceManagementConfiguration.Read.All
-
Update
- Group.Read.All, DeviceManagementConfiguration.ReadWrite.All
Examples¶
Example 1¶
This example is used to test new resources and showcase the usage of new resources being worked on. It is not meant to use as a production baseline.
Configuration Example
{
param(
[Parameter()]
[System.String]
$ApplicationId,
[Parameter()]
[System.String]
$TenantId,
[Parameter()]
[System.String]
$CertificateThumbprint
)
Import-DscResource -ModuleName Microsoft365DSC
node localhost
{
IntuneSecurityBaselineMicrosoft365AppsForEnterprise 'mySecurityBaselineMicrosoft365AppsForEnterprisePolicy'
{
DisplayName = 'test'
DeviceSettings = MSFT_MicrosoftGraphIntuneSettingsCatalogDeviceSettings_IntuneSecurityBaselineMicrosoft365AppsForEnterprise
{
L_ProtectionFromZoneElevation = '1'
L_grooveexe98 = '1'
L_excelexe99 = '1'
L_mspubexe100 = '1'
L_powerpntexe101 = '1'
L_pptviewexe102 = '1'
L_visioexe103 = '1'
L_winprojexe104 = '1'
L_winwordexe105 = '1'
L_outlookexe106 = '1'
L_spdesignexe107 = '1'
L_exprwdexe108 = '1'
L_msaccessexe109 = '1'
L_onenoteexe110 = '1'
L_mse7exe111 = '1'
}
UserSettings = MSFT_MicrosoftGraphIntuneSettingsCatalogUserSettings_IntuneSecurityBaselineMicrosoft365AppsForEnterprise
{
MicrosoftPublisherV3_Security_TrustCenter_L_BlockMacroExecutionFromInternet = '1'
MicrosoftVisio_Security_TrustCenter_L_VBAWarningsPolicy = '1'
MicrosoftVisio_Security_TrustCenter_L_VBAWarningsPolicy_L_Empty = '3'
}
Ensure = 'Present'
ApplicationId = $ApplicationId;
TenantId = $TenantId;
CertificateThumbprint = $CertificateThumbprint;
}
}
}
Example 2¶
This example is used to test new resources and showcase the usage of new resources being worked on. It is not meant to use as a production baseline.
Configuration Example
{
param(
[Parameter()]
[System.String]
$ApplicationId,
[Parameter()]
[System.String]
$TenantId,
[Parameter()]
[System.String]
$CertificateThumbprint
)
Import-DscResource -ModuleName Microsoft365DSC
node localhost
{
IntuneSecurityBaselineMicrosoft365AppsForEnterprise 'mySecurityBaselineMicrosoft365AppsForEnterprisePolicy'
{
DisplayName = 'test'
DeviceSettings = MSFT_MicrosoftGraphIntuneSettingsCatalogDeviceSettings_IntuneSecurityBaselineMicrosoft365AppsForEnterprise
{
L_ProtectionFromZoneElevation = '1'
L_grooveexe98 = '1'
L_excelexe99 = '1'
L_mspubexe100 = '1'
L_powerpntexe101 = '1'
L_pptviewexe102 = '1'
L_visioexe103 = '1'
L_winprojexe104 = '1'
L_winwordexe105 = '1'
L_outlookexe106 = '1'
L_spdesignexe107 = '1'
L_exprwdexe108 = '1'
L_msaccessexe109 = '1'
L_onenoteexe110 = '1'
L_mse7exe111 = '1'
}
UserSettings = MSFT_MicrosoftGraphIntuneSettingsCatalogUserSettings_IntuneSecurityBaselineMicrosoft365AppsForEnterprise
{
MicrosoftPublisherV3_Security_TrustCenter_L_BlockMacroExecutionFromInternet = '1'
MicrosoftVisio_Security_TrustCenter_L_VBAWarningsPolicy = '1'
MicrosoftVisio_Security_TrustCenter_L_VBAWarningsPolicy_L_Empty = '2' # Updated property
}
Ensure = 'Present'
ApplicationId = $ApplicationId;
TenantId = $TenantId;
CertificateThumbprint = $CertificateThumbprint;
}
}
}
Example 3¶
This example is used to test new resources and showcase the usage of new resources being worked on. It is not meant to use as a production baseline.
Configuration Example
{
param(
[Parameter()]
[System.String]
$ApplicationId,
[Parameter()]
[System.String]
$TenantId,
[Parameter()]
[System.String]
$CertificateThumbprint
)
Import-DscResource -ModuleName Microsoft365DSC
node localhost
{
IntuneSecurityBaselineMicrosoft365AppsForEnterprise 'mySecurityBaselineMicrosoft365AppsForEnterprisePolicy'
{
DisplayName = 'test'
Ensure = 'Absent'
ApplicationId = $ApplicationId;
TenantId = $TenantId;
CertificateThumbprint = $CertificateThumbprint;
}
}
}