Exchange Standards

Low Impact

Standard Name

Description

Recommended By

PowerShell Equivalent

APIName

Enables DKIM for all domains that currently support it

"CIS"

New-DkimSigningConfig and Set-DkimSigningConfig

AddDKIM

Enable Auto-expanding archives

Enables auto-expanding archives for the tenant. Does not enable archives for users.

Set-OrganizationConfig -AutoExpandingArchive

AutoExpandArchive

Set Sharing Level for Default calendar

Set-MailboxFolderPermission

calDefault

Set Cloud Message Recall state

Set-OrganizationConfig -MessageRecallEnabled

CloudMessageRecall

Disable additional storage providers in OWA

Disables additional storage providers in OWA. This is to prevent users from using personal storage providers like Dropbox, Google Drive, etc. Usually this has little user impact.

"CIS"

Get-OwaMailboxPolicy | Set-OwaMailboxPolicy -AdditionalStorageProvidersEnabled $False

DisableAdditionalStorageProviders

Disable external calendar sharing

Disables external calendar sharing for the entire tenant. This is not a widely used feature, and it's therefore unlikely that this will impact users. Only for the default policy, so exclusions can be made if needed by making a new policy and assigning it to users.

"CIS"

Get-SharingPolicy | Set-SharingPolicy -Enabled $False

DisableExternalCalendarSharing

Disable TNEF/winmail.dat

Set-RemoteDomain -Identity 'Default' -TNEFEnabled $false

DisableTNEF

Disable daily Insight/Viva reports

Disables the daily viva reports for all users.

Set-UserBriefingConfig

DisableViva

Enable Litigation Hold for all users

Enables litigation hold for all UserMailboxes with a valid license.

Set-Mailbox -LitigationHoldEnabled $true

EnableLitigationHold

Enable Mailbox auditing

Enables mailbox auditing on tenant level and for all mailboxes. Disables audit bypass on all mailboxes. By default Microsoft does not enable mailbox auditing for Resource Mailboxes, Public Folder Mailboxes and DiscoverySearch Mailboxes. Unified Audit Log needs to be enabled for this standard to function.

"CIS"

Set-OrganizationConfig -AuditDisabled $false

EnableMailboxAuditing

Enable all MailTips

Enables all MailTips in Outlook. MailTips are the notifications Outlook and Outlook on the web shows when an email you create, meets some requirements

"CIS"

Set-OrganizationConfig

EnableMailTips

Enable Online Archive for all users

Enables the In-Place Online Archive for all UserMailboxes with a valid license.

Enable-Mailbox -Archive $true

EnableOnlineArchiving

Set Focused Inbox state

Set-OrganizationConfig -FocusedInboxOn $true or $false

FocusedInbox

Set Global Quarantine Notification Interval

Sets the global quarantine notification interval for the tenant. This is the time between the quarantine notification emails are sent out to users. Default is 24 hours.

Set-QuarantinePolicy -EndUserSpamNotificationFrequency

GlobalQuarantineNotifications

Lower Transport Message Expiration to 12 hours

Expires messages in the transport queue after 12 hours. Makes the NDR for failed messages show up faster for users. Default is 24 hours.

Set-TransportConfig -MessageExpirationTimeout 12.00:00:00

MessageExpiration

Set Outbound Spam Alert e-mail

Sets the e-mail address to which outbound spam alerts are sent.

"CIS"

Set-HostedOutboundSpamFilterPolicy

OutBoundSpamAlert

Rotate DKIM keys that are 1024 bit to 2048 bit

"CIS"

Rotate-DkimSigningConfig

RotateDKIM

Set send/receive size limits

Sets the Send and Receive limits for new users. Valid values are 1MB to 150MB

Set-MailboxPlan

SendReceiveLimitTenant

Enable or disable 'external' warning in Outlook

"CIS"

et-ExternalInOutlook –Enabled $true or $false

SpoofWarn

Set Teams Meetings by default state

Sets the default state for automatically turning meetings into Teams meetings for the tenant. This can be overridden by the user in Outlook.

Set-OrganizationConfig -OnlineMeetingsByDefaultEnabled

TeamsMeetingsByDefault

Medium Impact

Standard Name

Description

Recommended By

PowerShell Equivalent

APIName

Set Bookings state

Sets the state of Bookings on the tenant. Bookings is a scheduling tool that allows users to book appointments with others both internal and external.

Set-OrganizationConfig -BookingsEnabled

Bookings

Set mailbox Sent Items delegation (Sent items for shared mailboxes)

This makes sure that e-mails sent from shared mailboxes or delegate mailboxes, end up in the mailbox of the shared/delegate mailbox instead of the sender, allowing you to keep replies in the same mailbox as the original e-mail.

Set-Mailbox

DelegateSentItems

Disable users from installing add-ins in Outlook

Disables users from being able to install add-ins in Outlook. Only admins are able to approve add-ins for the users. This is done to reduce the threat surface for data exfiltration.

"CIS"

Get-ManagementRoleAssignment | Remove-ManagementRoleAssignment

DisableOutlookAddins

Disable Shared Mailbox AAD accounts

Shared mailboxes can be directly logged into if the password is reset, this presents a security risk as do all shared login credentials. Microsoft's recommendation is to disable the user account for shared mailboxes. It would be a good idea to review the sign-in reports to establish potential impact.

"CIS"

Get-Mailbox & Update-MgUser

DisableSharedMailbox

Remove Safe Senders to prevent SPF bypass

Loops through all users and removes the Safe Senders list. This is to prevent SPF bypass attacks, as the Safe Senders list is not checked by SPF.

Set-MailboxJunkEmailConfiguration

SafeSendersDisable

Allow users to send from their alias addresses

Allows users to change the 'from' address to any set in their Azure AD Profile.

Set-Mailbox

SendFromAlias

Set shorten meetings state

Sets the shorten meetings settings on a tenant level. This will shorten meetings by the selected amount of minutes. Valid values are 0 to 29. Short meetings are under 60 minutes, long meetings are over 60 minutes.

Set-OrganizationConfig -ShortenEventScopeDefault -DefaultMinutesToReduceShortEventsBy -DefaultMinutesToReduceLongEventsBy

ShortenMeetings

Set the state of the built-in Report button in Outlook

Set the state of the built-in Report button in Outlook. This gives the users the ability to report emails as spam or phish.

New-ReportSubmissionPolicy or Set-ReportSubmissionPolicy and New-ReportSubmissionRule or Set-ReportSubmissionRule

UserSubmissions

High Impact

Standard Name

Description

Recommended By

PowerShell Equivalent

APIName

Disable automatic forwarding to external recipients

Disables the ability for users to automatically forward e-mails to external recipients. This is to prevent data exfiltration. Please check if there are any legitimate use cases for this feature before implementing, like forwarding invoices and such.

"CIS"

Set-HostedOutboundSpamFilterPolicy -AutoForwardingMode 'Off'

EXODisableAutoForwarding

Retention Policy, permanently delete items in Deleted Items after X days

Creates a CIPP - Deleted Items retention policy tag that permanently deletes items in the Deleted Items folder after X days.

Set-RetentionPolicyTag

RetentionPolicyTag

Last updated 1 month ago

Was this helpful?

Exchange Standards

Low Impact

Standard Name

Description

Recommended By

PowerShell Equivalent

APIName

Enables DKIM for all domains that currently support it

"CIS"

New-DkimSigningConfig and Set-DkimSigningConfig

AddDKIM

Enable Auto-expanding archives

Enables auto-expanding archives for the tenant. Does not enable archives for users.

Set-OrganizationConfig -AutoExpandingArchive

AutoExpandArchive

Set Sharing Level for Default calendar

Sets the default sharing level for the default calendar for all users in the tenant. You can read about the different sharing levels

Set-MailboxFolderPermission

calDefault

Set Cloud Message Recall state

Sets the default state for Cloud Message Recall for the tenant. By default this is enabled. You can read more about the feature

Set-OrganizationConfig -MessageRecallEnabled

CloudMessageRecall

Disable additional storage providers in OWA

Disables additional storage providers in OWA. This is to prevent users from using personal storage providers like Dropbox, Google Drive, etc. Usually this has little user impact.

"CIS"

Get-OwaMailboxPolicy | Set-OwaMailboxPolicy -AdditionalStorageProvidersEnabled $False

DisableAdditionalStorageProviders

Disable external calendar sharing

"CIS"

Get-SharingPolicy | Set-SharingPolicy -Enabled $False

DisableExternalCalendarSharing

Disable TNEF/winmail.dat

Disables Transport Neutral Encapsulation Format (TNEF)/winmail.dat for the tenant. TNEF can cause issues if the recipient is not using a client supporting TNEF. Cannot be overridden by the user. For more information, see

Set-RemoteDomain -Identity 'Default' -TNEFEnabled $false

DisableTNEF

Disable daily Insight/Viva reports

Disables the daily viva reports for all users.

Set-UserBriefingConfig

DisableViva

Enable Litigation Hold for all users

Enables litigation hold for all UserMailboxes with a valid license.

Set-Mailbox -LitigationHoldEnabled $true

EnableLitigationHold

Enable Mailbox auditing

"CIS"

Set-OrganizationConfig -AuditDisabled $false

EnableMailboxAuditing

Enable all MailTips

Enables all MailTips in Outlook. MailTips are the notifications Outlook and Outlook on the web shows when an email you create, meets some requirements

"CIS"

Set-OrganizationConfig

EnableMailTips

Enable Online Archive for all users

Enables the In-Place Online Archive for all UserMailboxes with a valid license.

Enable-Mailbox -Archive $true

EnableOnlineArchiving

Set Focused Inbox state

Sets the default Focused Inbox state for the tenant. This can be overridden by the user in their Outlook settings. For more information, see

Set-OrganizationConfig -FocusedInboxOn $true or $false

FocusedInbox

Set Global Quarantine Notification Interval

Sets the global quarantine notification interval for the tenant. This is the time between the quarantine notification emails are sent out to users. Default is 24 hours.

Set-QuarantinePolicy -EndUserSpamNotificationFrequency

GlobalQuarantineNotifications

Lower Transport Message Expiration to 12 hours

Expires messages in the transport queue after 12 hours. Makes the NDR for failed messages show up faster for users. Default is 24 hours.

Set-TransportConfig -MessageExpirationTimeout 12.00:00:00

MessageExpiration

Set Outbound Spam Alert e-mail

Sets the e-mail address to which outbound spam alerts are sent.

"CIS"

Set-HostedOutboundSpamFilterPolicy

OutBoundSpamAlert

Rotate DKIM keys that are 1024 bit to 2048 bit

"CIS"

Rotate-DkimSigningConfig

RotateDKIM

Set send/receive size limits

Sets the Send and Receive limits for new users. Valid values are 1MB to 150MB

Set-MailboxPlan

SendReceiveLimitTenant

Enable or disable 'external' warning in Outlook

Adds or removes indicators to e-mail messages received from external senders in Outlook. You can read more about this feature on

"CIS"

et-ExternalInOutlook –Enabled $true or $false

SpoofWarn

Set Teams Meetings by default state

Sets the default state for automatically turning meetings into Teams meetings for the tenant. This can be overridden by the user in Outlook.

Set-OrganizationConfig -OnlineMeetingsByDefaultEnabled

TeamsMeetingsByDefault

Medium Impact

Standard Name

Description

Recommended By

PowerShell Equivalent

APIName

Set Bookings state

Sets the state of Bookings on the tenant. Bookings is a scheduling tool that allows users to book appointments with others both internal and external.

Set-OrganizationConfig -BookingsEnabled

Bookings

Set mailbox Sent Items delegation (Sent items for shared mailboxes)

Set-Mailbox

DelegateSentItems

Disable users from installing add-ins in Outlook

Disables users from being able to install add-ins in Outlook. Only admins are able to approve add-ins for the users. This is done to reduce the threat surface for data exfiltration.

"CIS"

Get-ManagementRoleAssignment | Remove-ManagementRoleAssignment

DisableOutlookAddins

Disable Shared Mailbox AAD accounts

"CIS"

Get-Mailbox & Update-MgUser

DisableSharedMailbox

Remove Safe Senders to prevent SPF bypass

Loops through all users and removes the Safe Senders list. This is to prevent SPF bypass attacks, as the Safe Senders list is not checked by SPF.

Set-MailboxJunkEmailConfiguration

SafeSendersDisable

Allow users to send from their alias addresses

Allows users to change the 'from' address to any set in their Azure AD Profile.

Set-Mailbox

SendFromAlias

Set shorten meetings state

Set-OrganizationConfig -ShortenEventScopeDefault -DefaultMinutesToReduceShortEventsBy -DefaultMinutesToReduceLongEventsBy

ShortenMeetings

Set the state of the built-in Report button in Outlook

Set the state of the built-in Report button in Outlook. This gives the users the ability to report emails as spam or phish.

New-ReportSubmissionPolicy or Set-ReportSubmissionPolicy and New-ReportSubmissionRule or Set-ReportSubmissionRule

UserSubmissions

High Impact

Standard Name

Description

Recommended By

PowerShell Equivalent

APIName

Disable automatic forwarding to external recipients

"CIS"

Set-HostedOutboundSpamFilterPolicy -AutoForwardingMode 'Off'

EXODisableAutoForwarding

Retention Policy, permanently delete items in Deleted Items after X days

Creates a CIPP - Deleted Items retention policy tag that permanently deletes items in the Deleted Items folder after X days.

Set-RetentionPolicyTag

RetentionPolicyTag

Last updated 1 month ago

Was this helpful?