Security Guardian Current - User Guide

• Enter an associated value

Select from the following pre-defined values:

• Add Attribute
• Add Object
• Delete Attribute
• Delete Object
• Modify Attribute
• Move Object
• Other Actions
• Rename Object

• Enter an associated value

• Active Directory Federation Services - Server Farm

• Active Directory Federation Services - Claims Provider Trusts
• Active Directory Federation Services - Authentication Methods
• Active Directory Federation Services - Relying Party Trusts
• Active Directory Federation Services - Endpoints
• AD Query
• Alert Plan
• Alert Rule

• Anonymous Cloud Activity

• Anonymous Web Site Activity

• Audit Configuration

• Authentication Activity

• Authentication Services Monitoring

• Microsoft Entra

• Microsoft Entra - Administrative Units

• Microsoft Entra- Application
• Microsoft Entra - B2B

• Microsoft Entra - Directory

• Microsoft Entra - Group

• Microsoft Entra - Policy

• Microsoft Entra- Resource

• Microsoft Entra - Risk Event
• Microsoft Entra- Role

• Microsoft Entra - Sign-in

• Microsoft Entra - User

• Category

• Change Auditor Internal Auditing

• Computer Monitoring

• Configuration Monitoring

• Connection Object

• Custom AD Object Monitoring

• Custom ADAM Object Monitoring
• Custom Computer Monitoring

• Custom File System Monitoring

• Custom Group Monitoring

• Custom Registry Monitoring

• Custom User Monitoring

• Defender

• Detected Anomaly

• Detected Anomaly Item

• Detected TTP

• Detected TTP Item

• DNS Service

• DNS Zone

• Domain Configuration

• Domain Controller Authentication

• Dynamic Access Control

• EMC

• Exchange ActiveSync Monitoring

• Exchange Administrative Group

• Exchange Distribution List

• Exchange Mailbox Monitoring

• Exchange Organization

• Exchange Permission Tracking

• Exchange Security Group

• Exchange User

• Fault Tolerance

• File System Access Denied
• File System Configuration Change
• File System Content Change
• File System Content Access
• File System Security Change

• FluidFS

• Forest Configuration

• FRS Service

• Full Text Event

• Group Policy Item

• Group Policy Object

• Group Monitoring

• Hygiene

• Hygiene Item

• IP Security

• Link Configuration

• Local Group Monitoring
• Local User Monitoring

• Logon Session

• NetApp

• NETLOGON Service

• None

• Notification Template

• NTDS Service

• Microsoft 365 Exchange Online Administration

• Microsoft 365 SharePoint Online
• Microsoft 365 OneDrive for Business
• Microsoft 365 Exchange Online Mailbox

• OU

• Replication Transport

• Schema Configuration
• Search

• Security Change Detail

• Session Event

• Service Monitoring

• SharePoint Document

• SharePoint Document Library

• SharePoint Farm

• SharePoint Folder

• SharePoint List

• SharePoint List Item

• SharePoint Permission
• SharePoint Security Group

• SharePoint Site

• SharePoint Site Collection

• Site Configuration

• Site Link Bridge Configuration

• Site Link Configuration

• Skype for Business Administration

• Skype for Business Configuration

• SQL Broker Event

• SQL CLR Event

• SQL Cursors Event

• SQL Data Level

• SQL Database Event

• SQL Deprecation Event

• SQL Errors and Warnings Event

• SQL Full Text Event

• Scan Event

• SQL Locks Event

• SQL Objects Event
• SQL OLEDB Event

• SQL Performance Event

• SQL Progress Report Event
• SQL Query Notifications Event
• SQL Scan Event

• SQL Security Audit Event

• SQL Server Event

• SQL Session Event

• SQL Stored Procedures Event

• SQL Transaction Event

• SQL TSQL Event

• SQL User-Configurable Event

• Subnets

• System Events

• SYSVOL

• Threat Detection - Alert

• Threat Detection - Risky User

• TO

• TO Item

• Transactions Event

• User Cloud Activity

• User Web Site Activity

• VMware Account

• VMware Alarm

• VMware Authorization

• VMware Cluster

• VMware Custom Field

• VMware Datacenter

• VMware Datastore

• VMware DVPortgroup

• VMware Dvs

• VMware Generic

• VMware Host

• VMware License

• VMware Profile

• VMware Resource Pool

• VMware Scheduled Task

• VMware Session

• VMware Task

• VMware Template Upgrade

• VMware Upgrade

• VMware Virtual Machine

• Enter an associated value

• Enter days or hours

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

Select from the following pre-defined values:

• Bot
• Connector
• Tab
• App

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

Select from the following pre-defined values:

• Shared Alert Rule
• Private Alert Rule

• Enter an associated value

• Enter an associated value

• Enter an associated value

Select from the following pre-defined values:

• Yes
• No

• Enter an associated value

• Enter an associated value

• Enter an associated value

Select from the following pre-defined values:

• Kerberos
• NTLM
• Unknown

Select from the following pre-defined values:

• V1
• V2

Select from the following pre-defined values: 

• Yes
• No

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

Select from the following pre-defined values:

• Shared Category
• Private Category

• Enter an associated value

• Enter an associated value

Select from the following pre-defined valus:

• Private
• Standard

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

Select from the following pre-defined values:

• Yes
• No

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

Select from the following pre-defined values:

• Near Realtime
• Not Defined
• Offline
• Realtime

• Enter an associated value

• Enter an associated value

• Enter an associated value

Select from the following pre-defined values:

• Yes
• No

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter days or hours

• Enter an associated value

• Enter an associated value

Select from the following pre-defined values:

• Yes
• No

Select from the following pre-defined values:

• Yes
• No

• Enter an associated value

• Enter an assocoated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

Select from the following pre-defined values:

• Yes
• No

Select from the following pre-defined values:

• False
• True

• Enter an associated value

• Enter an associated value

• Enter the required time frame

• Enter the required time frame

• Enter an associated value

• Enter days or hours

Select from the following pre-defined values:

• Additional logon
• Concurrent user disconnected
• Existing logon
• Lock
• Logoff
• Logon
• None
• Remote logoff
• Remote logon
• Screensaver turned off
• Screensaver turned on
• Shutdown
• Unlock

• Enter days or hours

• Enter days or hours

• Enter days or hours

Select from the following pre-defined values:

• Admin
• Best Access
• Delegated
• Delegated Admin
• Owner
• System Service
• Transport
• Unknown

Select from the following pre-defined values:

• None
• Remote Interactive
• Domain Authentication
• User Session
• Interactive
• Network
• All

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

Select from the following pre-defined values:

• Yes
• No

• Enter an associated value

• Enter an associated value

• Enter an associated value

Select from the following pre-defined values:

• Yes
• No

• Enter an associated value

Select from the following pre-defined values:

• Shared Notification Template
• Private Notification Template

Select from the following pre-defined values:

• Default
• Anonymous
• Identify
• Impersonate
• Delegate

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Access Credential Manager as a trusted caller

• Access This Computer From The Network

• Account Lockout Duration

• Account Lockout Threshold

• Account Logon: Audit Credential Validation

• Account Logon: Audit Kerberos Authentication Service

• Account Logon: Audit Kerberos Service Ticket Operations

• Account Logon: Audit Other Account Logon Events

• Account Management: Audit Application Group Management

• Account Management: Audit Computer Account Management

• Account Management: Audit Distribution Group Management

• Account Management: Audit Other Account Management Events

• Account Management: Audit Security Group Management

• Account Management: Audit User Account Management

• Accounts: Administrator Account Status

• Accounts: Guest Account Status

• Accounts: Limit Local Account Use Of Blank Passwords To Console Logon Only

• Accounts: Rename Administrator Account

• Accounts: Rename Guest Account

• Act As Part Of The Operating System

• Add Workstations To Domain

• Adjust Memory Quotas For A Process

• Allow Log On Locally

• Allow Log On Through Terminal Services

• Application Data Folder options

• Application Data Folder target path

• Audit Account Logon Events

• Audit Account Management

• Audit Directory Service Access

• Audit Logon Events

• Audit Object Access

• Audit Policy Change

• Audit Privilege Use

• Audit Process Tracking

• Audit System Events

• Audit: Audit The Access Of Global System Objects

• Audit: Audit The Use Of Backup And Restore Privilege

• Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings

• Audit: Shut Down System Immediately If Unable To Log Security Audits

• Authenticode Settings Enable Trusted Publisher Lockdown option

• Autoenrollment Settings

• Automatic Browser Configuration Auto-config URL

• Automatic Browser Configuration Automatic Configuration option

• Automatic Browser Configuration Automatic Configuration Time

• Automatic Browser Configuration Automatic detection option

• Automatic Browser Configuration Auto-proxy URL

• Automatic Certificate Request Settings

• Back Up Files And Directories

• Basic User Hash Rule

• Basic User Zone Rule

• BitLocker Drive Encryption

• Browser Title

• Bypass Traverse Checking

• Central Access Policy

• Change The System Time

• Change the time zone

• Computer Configuration Administrative Template

• Computer Preference Setting

• Connection Settings Delete Existing Option

• Connection Settings Import Option

• Contacts Folder target path

• Content Ratings option

• Create A Pagefile

• Create A Token Object

• Create Global Objects

• Create Permanent Shared Objects

• Create symbolic links

• Custom Large Static Logo

• Custom Small Animated Logo

• Custom Small Static Logo

• Debug Programs

• Default Security Level

• Delete Existing Channels option

• Delete Existing Favorites option

• Deny Access To This Computer From The Network

• Deny Log On As A Batch Job

• Deny Log On As A Service

• Deny Log On Locally

• Deny Log On Through Terminal Services / Remote Desktop Services

• Designated File Types

• Desktop Folder options

• Desktop Folder target path

• Detailed Tracking: Audit DPAPI Activity

• Detailed Tracking: Audit Process Creation

• Detailed Tracking: Audit Process Termination

• Detailed Tracking: Audit RPC Events

• Devices: Allow Undock Without Having To Logon

• Devices: Allowed To Format And Eject Removable Media

• Devices: Prevent Users From Installing Printer Drivers

• Devices: Restrict CD-ROM Access To Locally Logged-On User Only

• Devices: Restrict Floppy Access To Locally Logged-On User Only

• Devices: Unsigned Driver Installation Behavior

• Disallowed Certificate Rule

• Disallowed Hash Rule

• Disallowed Path Rule

• Disallowed Zone Rule

• Domain Controller: Allow Server Operators To Schedule

• Domain Controller: LDAP Server Signing Requirements

• Domain Controller: Refuse Machine Account Password C

• Domain Member: Digitally Encrypt Or Sign Secure Channel Data (Always)

• Domain Member: Digitally Encrypt Secure Channel Data (When Possible)

• Domain Member: Digitally Sign Secure Channel Data (When Possible)

• Domain Member: Disable Machine Account Password Changes

• Domain Member: Maximum Machine Account Password Age

• Domain Member: Require Strong (Windows 2000 Or Later) Session Key

• Downloads Folder options

• Downloads Folder target path

• DS Access: Audit Detailed Directory Service Replication

• DS Access: Audit Directory Service Access

• DS Access: Audit Directory Service Changes

• DS Access: Audit Directory Service Replication

• Enable Computer And User Accounts To Be Trusted For Delegation

• Encrypting File System

• Enforce Password History

• Enforce User Logon Restrictions

• Enforcement Files

• "Enforcement Users

• Enterprise Trust

• "Favorites List

• Favorites options

• Favorites target path

• File or Folder

• Force Shutdown From A Remote System

• Generate Security Audits

• Global Object Access Auditing: File system

• Global Object Access Auditing: Registry

• Group Policy Container Access

• Group policy disable computer configuration flag

• Group policy disable user configuration flag

• Group policy WMI Filter

• Impersonate A Client After Authentication

• Important URLs Home Page URL

• Important URLs Online Support URL

• Important URLs Search Bar URL

• Increase a process working set

• Increase Scheduling Priority

• Interactive Logon: Display user information when the session is locked

• Interactive Logon: Do Not Display Last User Name

• Interactive Logon: Do Not Require CTRL+ALT+DEL

• Interactive Logon: Message Text For Users Attempting To Log On

• Interactive Logon: Message Title For Users Attempting To Log On

• Interactive Logon: Number Of Previous Logons To Cache (In Case Domain Controller Is Not Available)

• Interactive Logon: Prompt User To Change Password Before Expiration

• Interactive Logon: Require Domain Controller Authentication To Unlock Workstation

• Interactive Logon: Require Smart Card

• Interactive Logon: Smart Card Removal Behavior

• Intermediate Certificate Authorities

• IP Security Policy

• Links Folder options

• Links Folder target path

• Links List

• Load And Unload Device Drivers

• Lock Pages In Memory

• Log On As A Batch Job

• Log On As A Service

• Logon/Logoff: Audit Account Lockout

• Logon/Logoff: Audit IPsec Extended Mode

• Logon/Logoff: Audit Logon

• Logon/Logoff: Audit Network Policy Server

• Logon/Logoff: Audit Other Logon/Logoff Events

• Logon/Logoff: Audit Special Logon

• Machine Access Restrictions in Security Descriptor Definition Language (SDDL) syntax

• Machine Launch Restrictions in Security Descriptor Definition Language (SDDL) syntax

• Manage Auditing And Security Log

• Maximum Application Log Size

• Maximum Lifetime For Service Ticket

• Maximum Lifetime for User Ticket

• Maximum Lifetime For User Ticket Renewal

• Maximum Password Age

• Maximum Security Log Size

• Maximum System Log Size

• Maximum Tolerance for Computer Clock Synchronization

• Microsoft Network Client: Digitally Sign Communications (Always)

• Microsoft Network Client: Digitally Sign Communications (If Server Agrees)

• Microsoft Network Client: Send Unencrypted Password To Connect To Third-Party SMB Servers

• Microsoft Network Server: Amount Of Idle Time Required Before Suspending Session

• Microsoft Network Server: Digitally Sign Communication (Always)

• Microsoft Network Server: Digitally Sign Communications (If Client Agrees)

• Microsoft Network Server: Disconnect Clients When Logon Hours Expire

• Microsoft network server: Server SPN target name validation level

• Minimum Password Age

• Minimum Password Length

• Modify Firmware Environment

• Music Folder options

• Music Folder target path

• My Documents Folder options

• My Documents Folder Redirection: My Pictures Options

• My Documents Folder target path

• NAP Client Health Registration Settings: CSP

• NAP Client Health Registration Settings: CSP Key Length

• NAP Client Health Registration Settings: Hash Algorithm

• NAP Client Health Registration Settings: Require server verification

• NAP Client Health Registration Settings: Trusted server group

• NAP Client Health Registration Settings: Trusted server URL

• NAP Enforcement Clients: DHCP Quarentine Enforcement Client

• NAP Enforcement Clients: IPsec Relying Party

• AP Enforcement Clients: RD Gateway Quarentine Enforcement Client

• NAP Enforcement Clients: Remote access enforcement client for Windows XP and Windows Vista

• NAP Enforcement Clients: Wireless EAPOL enforcement client for Windows XP

• NAP User Interface Settings: Description changed

• NAP User Interface Settings: Image File changed

• NAP User Interface Settings: Image File Name changed

• NAP User Interface Settings: Title changed

• Network Access: Allow Anonymous SID/Name Translation

• Network Access: Do Not Allow Anonymous Enumeration Of SAM Accounts

• Network Access: Do Not Allow Anonymous Enumeration Of SAM Accounts And Shares

• Network Access: Do Not Allow Storage Of Credentials Or .NET Passports For Network Authentication

• Network Access: Let Everyone Permissions Apply To Anonymous Users

• Network Access: Named Pipes That Can Be Accesssed Anonymously

• Network Access: Remotely Accessible Registry Paths

• Network Access: Remotely Accessible Registry Paths And Sub-Paths

• Network Access: Restrict Anonymous Access To Named Pipes and Shares

• Network Access: Shares That Can Be Accessed Anonymously

• Network Access: Sharing And Security Model For Local Accounts

• Network Security: Allow Local System to use computer identity for NTLM

• Network security: Allow LocalSystem NULL session fallback

• Network security: Allow PKU2U authentication requests to this computer to use online identities

• Network security: Configure encryption types allowed for Kerberos

• Network Security: Do Not Store LAN Manager Hash Value On Next Password Change

• Network Security: Force Logoff When Logon Hours Expire

• Network Security: LAN Manager Authentication Level

• Network Security: LDAP Client Signing Requirements

• Network Security: Minimum Session Security For NTLM SSP Based (Including Secure RPC) Clients

• Network Security: Minimum Session Security For NTLM SSP Based (Including Secure RPC) Servers

• Network security: Restrict NTLM: NTLM authentication in this domain

• Network security: Restrict NTLM: Add remote server exceptions for NTLM authentication

• Network security: Restrict NTLM: Add server exceptions in this domain

• Network security: Restrict NTLM: Audit Incoming NTLM Traffic

• Network security: Restrict NTLM: Audit NTLM authentication in this domain

• Network security: Restrict NTLM: Incoming NTLM traffic

• Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers

• NLM: Location type

• NLM: Location type permissions

• NLM: Network icon permissions

• NLM: Network name

• NLM: Network name permissions

• Object Access: Audit Application Generated

• Object Access: Audit Certification Services

• Object Access: Audit File Share

• Object Access: Audit File System

• Object Access: Audit Filtering Platform Connection

• Object Access: Audit Filtering Platform Packet Drop

• Object Access: Audit Handle Manipulation

• Object Access: Audit Kernel Object

• Object Access: Audit Other Object Access Events

• Object Access: Audit Registry

• Object Access: Audit SAM

• Object Access: Detailed File Share

• Password Must Meet Complexity Requirements

• Perform Volume Maintenance Tasks

• Pictures Folder options

• Pictures Folder target path

• Place Favorites At Top Of List option

• Policy Change: Audit Authentication Policy Change

• Policy Change: Audit Authorization Policy Change

• Policy Change: Audit Filtering Platform Policy Change

• Policy Change: Audit MPSSVC Rule-Level Policy Change

• Policy Change: Audit Other Policy Change Events

• Policy Change: Audit Policy Change

• Prevent Local Guests Group From Accessing Application Log

• Prevent Local Guests Group From Accessing Security Log

• Prevent Local Guests Group From Accessing System Log

• Privilege Use: Audit Non Sensitive Privilege Use

• Privilege Use: Audit Other Privilege Use Events

• Privilege Use: Audit Sensitive Privilege Use

• Profile System Performance

• Program Settings option

• Proxy Settings Exceptions

• Proxy Settings FTP Proxy

• Proxy Settings Gopher Proxy

• Proxy Settings HTTP Proxy

• Proxy Settings Secure Proxy

• Proxy Settings Socks Proxy

• QoS Policy: Application Name

• QoS Policy: DSCP Value

• QoS Policy: Local IP

• QoS Policy: Local IP Prefix Length

• QoS Policy: Local Port

• QoS Policy: Protocol

• QoS Policy: Remote IP

• QoS Policy: Remote IP Prefix Length

• QoS Policy: Remote Port

• QoS Policy: Throttle Rate

• QoS Policy: URL

• QoS Policy: URL Recursive

• QoS Policy: Version

• Recovery Console: Allow Automatic Administrative Logon

• Recovery Console: Allow Floppy Copy And Access To All Drives And All Folders

• Registry key

• Remove Computer From Docking Station

• Replace A Process Level Token

• Reset Account Lockout Counter After Change

• Restore Files And Directories

• Restricted Group

• Restricted Group Member

• Restricted Group Membership

• Retain Application Log

• Retain Security Log

• Retain System Log

• Retention Method For Application Log

• Retention Method For Security Log

• Retention Method For System Log

• Saved Games Folder target path

• Script setting

• Searches Folder options

• Searches Folder target path

• Secure System Partition (For RISC Platforms Only)

• Security Zones and Privacy option

• Shut Down The Computer When The Security Audit Log Is Full

• Shut Down The System

• Shutdown: Allow System To Be Shut Down Without Having To Log On

• Shutdown: Clear Virtual Memory Pagefile

• Software Installation Policy

• Start Menu Folder options

• Start Menu Folder target path

• Starter GPO

• Starter GPO Computer setting

• Starter GPO User setting

• Store Passwords Using Reversible Encryption

• Synchronize Directory Service Data

• System Cryptography: Force Strong Key Protection For User Keys Stored On The Computer policy

• System Cryptography: Use FIPS Compliant Algorithms For Encryption, Hashing, and Signing policy

• System Objects: Default Owner For Objects Created By Members Of The Administrators Group policy

• System Objects: Require Case Insensitivity For Non-Windows Subsystems policy

• System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links) policy

• System Services Policy Service

• System Services Policy Service Startup Mode

• System Settings: Optional Subsystems

• System Settings: Use Certificate Rules On Windows Executables For Software Restriction Policies

• System: Audit IPsec Driver

• System: Audit Other System Events

• System: Audit Security State Change

• System: Audit Security System Extension

• System: Audit System Integrity

• Take Ownership Of Files Or Other Objects

• Toolbar background Bitmap

• Toolbar Buttons

• Trusted People

• Trusted Publishers

• Trusted Root Certification Authority

• Unrestricted Certificate Rule

• Unrestricted Hash Rule

• Unrestricted Path Rule

• Unrestricted Zone Rule

• Unsigned Non-Driver Installation Behavior

• User Account Control: Admin Approval Mode for the Built-in Administrator account

• User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop

• User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode

• User Account Control: Behavior of the elevation prompt for standard users

• User Account Control: Detect application installations and prompt for elevation

• User Account Control: Only elevate executables that are signed and validated

• User Account Control: Only elevate UIAccess applications that are installed in secure locations

• User Account Control: Run all administrators in Admin Approval Mode

• User Account Control: Switch to the secure desktop when prompting for elevation

• User Account Control: Virtualize file and registry write failures to per-user locations

• User Administrative Template setting

• User Agent String

• User Credential Roaming

• User Credential Roaming Options

• User Group Policy Preference

• User Software Restriction Basic User Hash Rule

• User Software Restriction Basic User Path Rule

• User Software Restriction Basic User Zone Rule

• User Software Restriction Designated File Types

• User Software Restriction Disallowed Certificate Rule

• User Software Restriction Disallowed Hash Rule

• User Software Restriction Disallowed Path Rule

• User Software Restriction Disallowed Zone Rule

• User Software Restriction Enforcement Files

• User Software Restriction Enforcement Users

• User Software Restriction Policies Default Security Level

• User Software Restriction Trusted Publishers

• User Software Restriction Unrestricted Certificate Rule

• User Software Restriction Unrestricted Hash Rule

• User Software Restriction Unrestricted Path Rule

• User Software Restriction Unrestricted Zone Rule

• Videos Folder options

• Videos target path

• Wireless Network Policy

• Account Lockout Policy

• Additional Rules

• Administrative Templates: Policy definitions

• Audit Policies

• Audit Policy

• Central Access Policy

• Change Auditor Protection

• Event Log

• File System

• Folder Redirection

• GPO Status

• Internet Explorer Maintenance

• IP Security Policies on Active Directory

• Kerberos Policy

• NAP Client Configuration

• Network List Manager Policies

• Password Policy

• Policy-Based QoS

• Preferences

• Public Key Policies

• Registry

• Restricted Groups

• Scripts (Logon/Logoff)

• Scripts (Startup/Shutdown)

• Security Levels

• Security Options

• Software Installation

• Software Restriction Policies

• Software Settings

• Starter GPO

• System Services

• User Rights Assignment

• Wireless Network Policies

• WMI Filtering

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter days or hours

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

Select from the following pre-defined values:

• Signin
• User

• Enter an associated value

Select from the following pre-defined values:

• None
• Admin Generated Temporary Password
• User Performed Secured Password Change
• User Performed Secured Password Reset

• Admin Confirmed Signin Safe

• Hidden
• Admin Confirmed Signin Compromised
• Admin Confirmed User Compromised
• Admin Dismissed All Risk For User
• Ai Confirmed Signin Safe
• User Passed MFA Driven By Risk Based Policy

• Enter days or hours

• Enter an associated value

• Enter an associated value

Select from the following pre-defined values:

• Active
• Closed (MFA Auto-Closed)
• Closed (Multiple Reasons)
• Closed (marked as false positive)
• Closed (resolved)
• Closed (ignored)
• Login Blocked
• Remediated

• Enter days or hours

Select from the following pre-defined values:

• Anonymous IP Risk Event
• Impossible Travel Risk Event
• Leaked Credentials Risk Event
• Malware Risk Event
• Suspicious IP Risk Event
• Unfamiliar Location Risk Event

Select from the following pre-defined values:

• Hidden
• High
• Low
• Medium
• None

• Enter an associated value

Select from the following pre-defined values:

• At Risk
• Confirmed Compromised
• Confirmed Safe

• Dismissed

• None
• Remediated

Select from the following pre-defined values:

• Unlikely Travel
• Anonymized IP Address
• Malicious IP Address
• Unfamiliar Features
• Malware Infected IP Address
• Suspicious IP Address
• Leaked Credentials
• Investigations Threat Intelligence
• Generic Admin Confirmed User Compromised
• Mcas Impossible Travel

• Mcas Suspicious Inbox Manipulation Rules

• Investigations Threat Intelligence Signin Linked
• Malicious IP Address Valid Credentials Blocked IP

• Enter an associated value

• Enter an associated value

Select from the follwoing pre-defined values:

• Shared Search
• Private Search

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

Select from the following pre-defined values:

• Primary computer
• Secondary computer

Select from the following pre-defined values:

• Active Directory
• Active Directory Database

• Active Directory Federation Services

• Microsoft Entra
• Exchange
• Group Policy
• Logon Activity
• On Demand Audit
• OneDrive
• SharePoint
• Teams

Select from the following pre-defined values:

• High
• Low
• Medium

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

Select from the following pre-defined values:

• Failed
• Successful

Selectfrom the following pre-defined values:

• Failed
• Protected
• Succeeded

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

Select from the following pre-defined values:

• Yes
• No

Select from the following pre-defined values:

• Yes
• No

Select from the following pre-defined values:

• Yes
• No

Select from the following pre-defined values:

• Yes
• No

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

Select from the following pre-defined values:

• Allow Box in Files tab

• Accepted channel SMTP domains list

• Allow DropBox in Files tab

• Allow Egnyte in Files tab

• Allow Guest access in Teams

• Allow Google Drive in Files tab

• Allow Resource Account Send Messages

• Allow Share File in Files tab

• Allow Skype for Business Interop

• Allow TBot Proactive Messaging

• Allow users to send emails to channels

• Guests allow IP video

• Guests screen sharing mode

• Guests allow Meet Now

• Guests allow editing of sent messages

• Guests allow Deletion of sent messages

• Guests allow chat

• Guests allow Giphys in conversations

• Guests Giphy content rating

• Guests allow memes in conversations

• Guests use Stickers in conversations

• Guests allow immersive reader

• Guests allow private calls

• Meeting room device content pin

• Members can add additional tags

• Resource Account Content Access

• Show organization tab in chats

• Suggested default tags

• Suggested feeds appear in user's activity feed

• Trending feeds appear in user's activity feed

• Tagging permission mode

• Team owners can override who can apply tags

• Use Exchange address book policy

Select from the following pre-defined values:

• Member
• Owner
• Guest

• Enter an associated value

• Enter an associated value

• Enter an associated value

Select from the following pre-defined values:

• Certified
• Not Tier Zero
• Uncertified

• Enter days or hours

• Enter days or hours

• Enter days or hours

Select from the following pre-defined values:

• AD Federation Services
• Microsoft Entra

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

• Enter an associated value

Select from the following pre-defined values:

• False
• True
• Unknown

Select from the following pre-defined values:

• Yes
• No

• Enter an associated value

• Enter an associated value

• Enter an associated value

Select from the following pre-defined values:

• Computer lock/unlock
• Computer restart/shutdown
• Incorrectly finished
• Screensaver
• Started before session monitoring service
• Terminal services connection
• User logon/logoff
• User switch

• Enter an associated value

• Enter an associated value