CCE-97765-2| Platform: cpe:/o:microsoft:windows_server_2022:::x64 | Date: (C)2022-06-07 (M)2023-07-04 |
This setting lets you configure how domain joined computers become registered as devices.
When you enable this setting, domain joined computers automatically and silently get registered as devices with Azure Active Directory.
Note: Additional requirements may apply on certain Windows SKUs. Refer to Azure Active Directory Device Registration Overview.
http://go.microsoft.com/fwlink/?LinkId=307136
Countermeasure:
Configure this setting depending on your organization's requirements.
Potential Impact:
Domain-joined computers are automatically and silently registered as devices with Azure Active Directory.
Parameter:
[enabled/disabled]
Technical Mechanism:
(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Device Registration\Register domain joined computers as devices
(2) REG: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WorkplaceJoin!autoWorkplaceJoin
| CCSS Severity: | CCSS Metrics: |
| CCSS Score : 9.0 | Attack Vector: NETWORK |
| Exploit Score: 2.2 | Attack Complexity: HIGH |
| Impact Score: 6.0 | Privileges Required: NONE |
| Severity: CRITICAL | User Interaction: NONE |
| Vector: AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H | Scope: CHANGED |
| | Confidentiality: HIGH |
| | Integrity: HIGH |
| | Availability: HIGH |
| | |
References: | Resource Id | Reference |
|---|
| SCAP Repo OVAL Definition | oval:org.secpod.oval:def:80830 |
