CCE-42186-7Platform: cpe:/o:microsoft:windows_10 | Date: (C)2016-09-23 (M)2023-07-04 |
Disable: 'Register domain joined computers as devices'
This setting lets you configure how domain joined computers become registered as devices.
When you enable this setting, domain joined computers automatically and silently get registered as devices with Azure Active Directory.
Note: Additional requirements may apply on certain Windows SKUs. Refer to Azure Active Directory Device Registration Overview.
http://go.microsoft.com/fwlink/?LinkId=307136
Counter Measure:
Configure this setting depending on your organization's requirements.
Potential Impact:
Domain-joined computers are automatically and silently registered as devices with Azure Active Directory.
Parameter:
[enable/disable]
Technical Mechanism:
(1) GPO: Computer ConfigurationAdministrative TemplatesWindows ComponentsDevice RegistrationRegister domain joined computers as devices
(2) REG: HKEY_LOCAL_MACHINESoftwarePoliciesMicrosoftWindowsWorkplaceJoinautoWorkplaceJoin
CCSS Severity: | CCSS Metrics: |
CCSS Score : 9.0 | Attack Vector: NETWORK |
Exploit Score: 2.2 | Attack Complexity: HIGH |
Impact Score: 6.0 | Privileges Required: NONE |
Severity: CRITICAL | User Interaction: NONE |
Vector: AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H | Scope: CHANGED |
| Confidentiality: HIGH |
| Integrity: HIGH |
| Availability: HIGH |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:35073 |