BIO 12.01.01 ISO A.12.6.2

IE: Add-on Management Enabled (LEGACY - IE11 EOL)

πŸ“… 2025-10-30
β€’
⏱️ 3 minuten lezen
β€’
🟒 Nice-to-Have

πŸ’Ό Management Samenvatting

IE Add-on Management = LEGACY CONTROL - Internet Explorer 11 END-OF-LIFE (June 15, 2022 - RETIRED by Microsoft).

Aanbeveling
DO NOT IMPLEMENT (LEGACY)
Risico zonder
N/A
Risk Score
10/10
Implementatie
0u
Van toepassing op:
βœ“ Internet Explorer 11

Internet Explorer = DEAD: Microsoft retirement: June 15, 2022 (no support, no security patches), Replacement: Microsoft Edge (Chromium-based) + IE Mode (legacy site compatibility), IE11 still installed: Windows 10/11 (maar disabled by default), Security: CRITICAL vulnerabilities (no patches post-EOL), Exploitation: Active attacks on unpatched IE11. Migration: ALL users β†’ Edge (modern browser), Legacy sites: Edge IE Mode (isolated IE engine for specific sites ONLY).

PowerShell Modules Vereist
Primary API: GPO (Registry)
Connection: N/A
Required Modules:

Implementatie

IE Add-on Management (IRRELEVANT): LEGACY setting (IE11 add-on control), Modern approach: DISABLE IE11 entirely (via GPO/Intune), Edge: No IE add-ons (different architecture), IE Mode: Controlled per-site (no add-ons). Recommendation: SKIP this control β†’ Focus on 'Disable IE11' + Edge migration.

Vereisten

  1. NONE - IE11 should be DISABLED
  2. Migration: All users to Edge

Implementatie

DO NOT IMPLEMENT (LEGACY). Instead: Intune Settings Catalog β†’ Internet Explorer β†’ Disable Internet Explorer: Enabled. Migrate users to Edge. IE Mode: Configure Enterprise Mode Site List voor legacy sites ONLY.

Compliance

BIO 12.01 (Remove EOL software), ISO 27001 A.12.6.2.

Monitoring

Gebruik PowerShell-script addon-management-enabled.ps1 (functie Invoke-Monitoring) – Controleren.

Remediatie

Gebruik PowerShell-script addon-management-enabled.ps1 (functie Invoke-Remediation) – Herstellen.

Compliance & Frameworks

Automation

Gebruik het onderstaande PowerShell script om deze security control te monitoren en te implementeren. Het script bevat functies voor zowel monitoring (-Monitoring) als remediation (-Remediation).

PowerShell
<# .SYNOPSIS Add-on Management must be enabled for all Office 365 ProPlus programs .DESCRIPTION Implementation for Add-on Management must be enabled for all Office 365 ProPlus programs .NOTES Filename: addon-management-enabled.ps1 Author: Nederlandse Baseline voor Veilige Cloud Version: 1.0 Related JSON: content/office/ie-security/addon-management-enabled.json #> #Requires -Version 5.1 #Requires -Modules Microsoft.Graph [CmdletBinding()] param( [Parameter()][switch]$WhatIf, [Parameter()][switch]$Monitoring, [Parameter()][switch]$Remediation, [Parameter()][switch]$Revert ) $ErrorActionPreference = 'Stop' $VerbosePreference = 'Continue' $PolicyName = "Add-on Management must be enabled for all Office 365 ProPlus programs" $CISControl = "1.1.4.1.1" function Connect-RequiredServices { # Connection logic based on API } function Test-Compliance { Write-Verbose "Testing compliance for: $PolicyName..." $result = [PSCustomObject]@{ ScriptName = "addon-management-enabled" PolicyName = $PolicyName IsCompliant = $false TotalResources = 0 CompliantCount = 0 NonCompliantCount = 0 Details = @() Recommendations = @() } # Compliance check implementation # Based on: $result.Details += "Compliance check - implementation required based on control" $result.NonCompliantCount = 1 return $result } function Invoke-Remediation { Write-Host "`nApplying remediation for: $PolicyName..." -ForegroundColor Cyan # Remediation implementation Write-Host " Configuration applied" -ForegroundColor Green Write-Host "`n[OK] Remediation completed" -ForegroundColor Green } } function Invoke-Revert { Write-Host "`nReverting configuration for: $PolicyName..." -ForegroundColor Cyan # Revert implementation Write-Host " Configuration reverted" -ForegroundColor Green Write-Host "`n[OK] Revert completed" -ForegroundColor Green function Invoke-Monitoring { $result = Test-Compliance Write-Host "`n========================================" -ForegroundColor Cyan Write-Host "$PolicyName" -ForegroundColor Cyan Write-Host "========================================" -ForegroundColor Cyan Write-Host "Total: $($result.TotalResources)" -ForegroundColor White Write-Host "Compliant: $($result.CompliantCount)" -ForegroundColor Green $color = if ($result.NonCompliantCount -gt 0) { "Red" } else { "Green" } Write-Host "Non-compliant: $($result.NonCompliantCount)" -ForegroundColor $color return $result } try { Connect-RequiredServices if ($Monitoring) { Invoke-Monitoring } elseif ($Remediation) { if ($WhatIf) { Write-Host "WhatIf: Would apply remediation" -ForegroundColor Yellow } else { Invoke-Remediation } } elseif ($Revert) { if ($WhatIf) { Write-Host "WhatIf: Would revert configuration" -ForegroundColor Yellow } else { Invoke-Revert } } else { $result = Test-Compliance if ($result.IsCompliant) { Write-Host "`n[OK] COMPLIANT" -ForegroundColor Green } else { Write-Host "`n[FAIL] NON-COMPLIANT" -ForegroundColor Red } } } catch { Write-Error $_ }

Risico zonder implementatie

Risico zonder implementatie
N/A: N/A - IE11 EOL (2022). Focus: Disable IE11 + migrate to Edge.

Management Samenvatting

IE Add-on Management = LEGACY (IE11 EOL June 2022). DO NOT IMPLEMENT. Instead: Disable IE11, migrate Edge, use IE Mode for legacy sites. Implementatie: 0 uur (SKIP).