Pre-Made Policies Documentation
-
Configuration
- CONF-DV-01: Windows 10 and later OneDrive for Business Known Folder Move
- CONF-DV-02: Windows 10 and later Microsoft Edge enable Automatic Sign in and Sync using Windows Credential
- CONF-DV-03: Windows 10 and later Microsoft Edge set default search provider to Google
- CONF-DV-04: Windows 10 and later Deploy Managed Wi-Fi connection with WPA/WPA2-Personal Authentication (no proxy)
-
Compliance
- COMP-DV01: Windows 10 and Later Secure Device Compliance
- COMP-DV02: macOS Secure Device Compliance
- COMP-DV03: iOS/iPadOS Secure Device Compliance
- COMP-DV04a: Android Enterprise (Fully managed, dedicated, and corporate-owned work profile) Secure Device Compliance
- COMP-DV04: Android Enterprise (Personally-owned work profile) Secure Device Compliance
- COMP-DV05: Windows 10 and later Microsoft Defender for Endpoint Enabled and Clear of Risks
-
Conditional Access
- CA-DV01: Require compliant or hybrid Azure AD joined device for admins
- CA-DV02: Block access for unknown or unsupported device platform
- CA-DV03: No persistent browser session
- CA-DV04: Require approved client apps and app protection
- CA-DV05: Require compliant or hybrid Azure AD joined device or multi-factor authentication for all users
- CA-DV06: Use application enforced restrictions for unmanaged devices
- CA-SD01: Require multi-factor authentication for admins
- CA-SD02: Block legacy authentication
- CA-SD03: Require multi-factor authentication for all users
- CA-SD04: Require multi-factor authentication for Azure management
- CA-ID01: Securing security info registration
- CA-ID02: Require multi-factor authentication for guest access
- CA-ID03-P2: Require multi-factor authentication for risky sign-ins
- CA-ID04-P2: Require password change for high-risk users
- Endpoint Security