LogoLogo
Get CIPPJoin Discord
  • ☕CIPP Documentation
  • 🦸Setup
    • Self Hosting Guide
      • Prerequisites
      • Installation
      • Run From Package Mode
      • Post-Install Configuration
      • Configuring Automatic Updates
      • Updating Versions
      • Migrating to Hosted CIPP
      • Self-hosted API Setup
    • Service Account Setup
      • GDAP's Importance in CIPP
      • Creating the CIPP Service Account
      • Conditional Access best practices
      • Recommended Roles
    • Configuring CIPP
      • Adding users to CIPP
      • Executing the SAM Setup Wizard
      • Tenant Onboarding
      • Adding Tenants & Consenting the CIPP-SAM Application
      • User Roles in CIPP
      • Adding a custom domain name
      • I want to manage my own tenant
    • Implementing CIPP
      • Recommended First Steps
      • Standards Setup
    • Resources
      • Professional Onboarding Services
      • Sponsor Quick Start
  • 🙋User Documentation
    • Shared Features
      • Menu Bar
        • Tenant Select
        • Display Mode
        • 🔍Search
        • Bookmarks
        • User Preferences
      • Table Features
      • Speed Dial
      • Keyboard Shortcuts
    • CIPP Dashboard
    • Identity Management
      • Administration
        • Users
          • Bulk Add
          • Invite Guest
          • Add User
          • View Individual User
            • Edit User
            • Exchange Settings
            • Compromise Remediation
            • Conditional Access
        • Risky Users
        • Groups
          • Add Group
          • Edit Group
        • Group Templates
          • Add Group Template
          • Deploy Group Templates
        • Devices
        • Deleted items
        • Roles
        • JIT Admin
          • Add JIT Admin
        • Offboarding Wizard
      • Reports
        • MFA Report
        • Inactive Users
        • Sign Ins Report
        • AAD Connect Report
        • Risk Detections
    • Tenant Administration
      • Administration
        • Tenants
          • Edit Tenant
          • Tenant Groups
            • Add Tenant Group
            • Edit Tenant Group
        • Alert Configuration
          • Add Alert
        • Audit Logs
        • Enterprise Applications
        • Secure Score
        • App Consent Requests
        • Authentication Methods
        • Partner Relationships
      • GDAP Management
        • Relationships
          • Relationship Summary
            • Role Mappings
        • Role Mappings
          • Map GDAP Roles
        • Role Templates
          • Add Template
        • Invites
          • New Invite
        • Onboarding
        • Offboarding
      • Configuration Backup
        • Backups
          • Restore Configuration Backup
          • Add Configuration Backup
      • Standards
        • List Standards Templates
        • Add Standards Template
        • Compare Tenant to Standard
        • Best Practice Analyser
          • Best Practice Templates
          • Custom Reports
        • Domains Analyser
      • Conditional Access
        • CA Policies
          • Deploy CA Policies
        • CA Vacation Mode
          • Add Vacation Schedule
        • CA Templates
        • Named Locations
          • Add Named Locations
      • Reports
        • License Report
        • Sherweb License Report
          • Add Subscription
        • Consented Applications
    • Security & Compliance
      • Incidents & Alerts
        • Incidents
        • Alerts
      • Defender
        • Defender Status
        • Defender Deployment
        • Vulnerabilities
      • Reports
        • Device Compliance
    • Intune
      • Applications
        • Applications
          • Add Application
            • Add MSP App
            • Add Store App
            • Add Choco App
            • Add Office App
        • Application Queue
      • Autopilot
        • Autopilot Devices
        • Add Autopilot Device
        • Profiles
        • Add Profile
        • Status Pages
        • Add Status Page
      • Device Management
        • Devices
        • Configuration Policies
        • Compliance Policies
        • Protection Policies
        • Apply Policy
        • Policy Templates
        • Scripts
      • Reports
        • Analytics Device Score
    • Teams & SharePoint
      • OneDrive
      • SharePoint
        • Add Site
        • Bulk Add Site
      • Teams
        • Teams
          • Add Team
        • Teams Activity
        • Business Voice
    • Email & Exchange
      • Administration
        • Mailboxes
          • Add Shared Mailbox
        • Deleted Mailboxes
        • Mailbox Rules
        • Contacts
          • Add Contact
          • Edit Contact
        • Quarantine
        • Tenant Allow/Block Lists
          • Add Entry
      • Transport
        • Transport rules
          • Deploy Template
        • Transport Templates
        • Connectors
          • Deploy connector Templates
        • Connector Templates
      • Spamfilter
        • Spamfilter
          • Deploy Spamfilter
        • Spamfilter Templates
        • Connection filter
          • Deploy Connection Filter
        • Connection filter templates
      • Tools
        • Mailbox Restore Wizard
        • Mail Test
      • Resource Management
        • Rooms
          • Add Room
          • Edit Room
        • Room Lists
      • Reports
        • Mailbox Statistics
        • Mailbox Client Access Settings
        • Anti-Phishing Filters
        • Malware Filters
        • Safe Link Filters
        • Safe Attachment Filters
        • Shared Mailbox with Enabled Account
        • Global Address List
    • Tools
      • Tenant Tools
        • Graph Explorer
        • Application Approval
        • Tenant Lookup
        • IP Database
        • Individual Domain Check
      • Email Tools
        • Message Trace
        • Mailbox Restores
        • Message Viewer
      • Dark Web Tools
        • Tenant Breach Lookup
        • Breach Lookup
      • Template Library
      • Community Repositories
        • View Repository Templates
      • Scheduler
        • Add Job
    • CIPP
      • Application Settings
        • Permissions
        • Tenants
        • Backend
        • Notifications
        • Partner Webhooks
        • Licenses
        • CIPP Backup
        • Global Variables
      • Logbook
      • SAM Setup Wizard
      • Integrations
        • Integration Sync
        • CIPP-API
        • Sherweb
        • Gradient
        • Halo PSA Ticketing
        • NinjaOne
        • Hudu
        • Password Pusher
        • Have I Been Pwned?
        • Cloudflare
        • GitHub
      • Custom Data
        • Directory Extensions
          • Add Directory Extension
        • Schema Extensions
          • Add Schema Extension
        • Mappings
          • Add Mapping
          • Edit Mapping
      • Advanced
        • Super Admin
          • Tenant Mode
          • Function Offloading
          • Custom Roles
          • SAM App Roles
          • SAM App Permissions
        • Exchange Cmdlets
        • Timers
        • Table Maintenance
  • 📂Troubleshooting
    • Error codes
    • Troubleshooting instructions
      • Refreshing a Specific Tenant's Permissions via CPV API
    • Frequently Asked Questions
      • I got a "Potential Phishing page detected" alert. What do I do with that?
  • 🔐Security
    • CIPP Security and Compliance
      • Security Policy
      • Security reports
    • CIPP Community Vulnerability Disclosure Policy
  • 👩‍💻👩💻 Dev Documentation
    • CIPP Dev Guide
      • Setting Up for Local Development
      • Executing Local Development
      • Project Structure
      • Development Tips
      • CIPP v7 Developer Brief
    • Contributing to the Code
    • Contributing to the Documentation
  • ⚙️API Documentation
    • Setup & Authentication
    • Endpoints
  • 🧰MSP Adoption Toolkit
    • Building a CIPP Business Case
  • ☕Sip & CIPP
    • Conditional Access
    • Autopilot & Intune
  • CIPP New Interface Release Candidate 2 (rc2)
Powered by GitBook
On this page
  • Low Impact
  • Medium Impact
  • High Impact

Was this helpful?

Edit on GitHub
Export as PDF
  1. User Documentation
  2. Tenant Administration
  3. Standards
  4. List Standards Templates

Exchange Standards

Low Impact

Standard Name
Description
Recommended By
PowerShell Equivalent
APIName

Enables DKIM for all domains that currently support it

Enables DKIM for all domains that currently support it

"CIS"

New-DkimSigningConfig and Set-DkimSigningConfig

AddDKIM

Enable Auto-expanding archives

Enables auto-expanding archives for the tenant. Does not enable archives for users.

Set-OrganizationConfig -AutoExpandingArchive

AutoExpandArchive

Set Sharing Level for Default calendar

Set-MailboxFolderPermission

calDefault

Set Cloud Message Recall state

Set-OrganizationConfig -MessageRecallEnabled

CloudMessageRecall

Disable additional storage providers in OWA

Disables additional storage providers in OWA. This is to prevent users from using personal storage providers like Dropbox, Google Drive, etc. Usually this has little user impact.

"CIS"

Get-OwaMailboxPolicy | Set-OwaMailboxPolicy -AdditionalStorageProvidersEnabled $False

DisableAdditionalStorageProviders

Disable external calendar sharing

Disables external calendar sharing for the entire tenant. This is not a widely used feature, and it's therefore unlikely that this will impact users. Only for the default policy, so exclusions can be made if needed by making a new policy and assigning it to users.

"CIS"

Get-SharingPolicy | Set-SharingPolicy -Enabled $False

DisableExternalCalendarSharing

Disable TNEF/winmail.dat

Set-RemoteDomain -Identity 'Default' -TNEFEnabled $false

DisableTNEF

Disable daily Insight/Viva reports

Disables the daily viva reports for all users.

Set-UserBriefingConfig

DisableViva

Enable Litigation Hold for all users

Enables litigation hold for all UserMailboxes with a valid license.

Set-Mailbox -LitigationHoldEnabled $true

EnableLitigationHold

Enable Mailbox auditing

Enables mailbox auditing on tenant level and for all mailboxes. Disables audit bypass on all mailboxes. By default Microsoft does not enable mailbox auditing for Resource Mailboxes, Public Folder Mailboxes and DiscoverySearch Mailboxes. Unified Audit Log needs to be enabled for this standard to function.

"CIS"

Set-OrganizationConfig -AuditDisabled $false

EnableMailboxAuditing

Enable all MailTips

Enables all MailTips in Outlook. MailTips are the notifications Outlook and Outlook on the web shows when an email you create, meets some requirements

"CIS"

Set-OrganizationConfig

EnableMailTips

Enable Online Archive for all users

Enables the In-Place Online Archive for all UserMailboxes with a valid license.

Enable-Mailbox -Archive $true

EnableOnlineArchiving

Set Focused Inbox state

Set-OrganizationConfig -FocusedInboxOn $true or $false

FocusedInbox

Set Global Quarantine Notification Interval

Sets the global quarantine notification interval for the tenant. This is the time between the quarantine notification emails are sent out to users. Default is 24 hours.

Set-QuarantinePolicy -EndUserSpamNotificationFrequency

GlobalQuarantineNotifications

Lower Transport Message Expiration to 12 hours

Expires messages in the transport queue after 12 hours. Makes the NDR for failed messages show up faster for users. Default is 24 hours.

Set-TransportConfig -MessageExpirationTimeout 12.00:00:00

MessageExpiration

Set Outbound Spam Alert e-mail

Sets the e-mail address to which outbound spam alerts are sent.

"CIS"

Set-HostedOutboundSpamFilterPolicy

OutBoundSpamAlert

Rotate DKIM keys that are 1024 bit to 2048 bit

Rotate DKIM keys that are 1024 bit to 2048 bit

"CIS"

Rotate-DkimSigningConfig

RotateDKIM

Set send/receive size limits

Sets the Send and Receive limits for new users. Valid values are 1MB to 150MB

Set-MailboxPlan

SendReceiveLimitTenant

Enable or disable 'external' warning in Outlook

"CIS"

et-ExternalInOutlook –Enabled $true or $false

SpoofWarn

Set Teams Meetings by default state

Sets the default state for automatically turning meetings into Teams meetings for the tenant. This can be overridden by the user in Outlook.

Set-OrganizationConfig -OnlineMeetingsByDefaultEnabled

TeamsMeetingsByDefault

Medium Impact

Standard Name
Description
Recommended By
PowerShell Equivalent
APIName

Set Bookings state

Sets the state of Bookings on the tenant. Bookings is a scheduling tool that allows users to book appointments with others both internal and external.

Set-OrganizationConfig -BookingsEnabled

Bookings

Set mailbox Sent Items delegation (Sent items for shared mailboxes)

This makes sure that e-mails sent from shared mailboxes or delegate mailboxes, end up in the mailbox of the shared/delegate mailbox instead of the sender, allowing you to keep replies in the same mailbox as the original e-mail.

Set-Mailbox

DelegateSentItems

Disable users from installing add-ins in Outlook

Disables users from being able to install add-ins in Outlook. Only admins are able to approve add-ins for the users. This is done to reduce the threat surface for data exfiltration.

"CIS"

Get-ManagementRoleAssignment | Remove-ManagementRoleAssignment

DisableOutlookAddins

Disable Shared Mailbox AAD accounts

Shared mailboxes can be directly logged into if the password is reset, this presents a security risk as do all shared login credentials. Microsoft's recommendation is to disable the user account for shared mailboxes. It would be a good idea to review the sign-in reports to establish potential impact.

"CIS"

Get-Mailbox & Update-MgUser

DisableSharedMailbox

Remove Safe Senders to prevent SPF bypass

Loops through all users and removes the Safe Senders list. This is to prevent SPF bypass attacks, as the Safe Senders list is not checked by SPF.

Set-MailboxJunkEmailConfiguration

SafeSendersDisable

Allow users to send from their alias addresses

Allows users to change the 'from' address to any set in their Azure AD Profile.

Set-Mailbox

SendFromAlias

Set shorten meetings state

Sets the shorten meetings settings on a tenant level. This will shorten meetings by the selected amount of minutes. Valid values are 0 to 29. Short meetings are under 60 minutes, long meetings are over 60 minutes.

Set-OrganizationConfig -ShortenEventScopeDefault -DefaultMinutesToReduceShortEventsBy -DefaultMinutesToReduceLongEventsBy

ShortenMeetings

Set the state of the built-in Report button in Outlook

Set the state of the built-in Report button in Outlook. This gives the users the ability to report emails as spam or phish.

New-ReportSubmissionPolicy or Set-ReportSubmissionPolicy and New-ReportSubmissionRule or Set-ReportSubmissionRule

UserSubmissions

High Impact

Standard Name
Description
Recommended By
PowerShell Equivalent
APIName

Disable automatic forwarding to external recipients

Disables the ability for users to automatically forward e-mails to external recipients. This is to prevent data exfiltration. Please check if there are any legitimate use cases for this feature before implementing, like forwarding invoices and such.

"CIS"

Set-HostedOutboundSpamFilterPolicy -AutoForwardingMode 'Off'

EXODisableAutoForwarding

Retention Policy, permanently delete items in Deleted Items after X days

Creates a CIPP - Deleted Items retention policy tag that permanently deletes items in the Deleted Items folder after X days.

Set-RetentionPolicyTag

RetentionPolicyTag

Last updated 1 month ago

Was this helpful?

Sets the default sharing level for the default calendar for all users in the tenant. You can read about the different sharing levels

Sets the default state for Cloud Message Recall for the tenant. By default this is enabled. You can read more about the feature

Disables Transport Neutral Encapsulation Format (TNEF)/winmail.dat for the tenant. TNEF can cause issues if the recipient is not using a client supporting TNEF. Cannot be overridden by the user. For more information, see

Sets the default Focused Inbox state for the tenant. This can be overridden by the user in their Outlook settings. For more information, see

Adds or removes indicators to e-mail messages received from external senders in Outlook. You can read more about this feature on

🙋
here.
here.
Microsoft's documentation.
Microsoft's documentation.
Microsoft's Exchange Team Blog.