L1 BIO 16.01 ISO A.12.4.1 CIS 18.9.19.2

Feedback Disabled

πŸ“… 2025-10-30
β€’
⏱️ 2 minuten lezen
β€’
πŸ”΄ Must-Have

πŸ’Ό Management Samenvatting

Deze security regelen waarborgt de correcte configuratie van beveiligingsinstellingen op Windows endpoints.

Aanbeveling
IMPLEMENT
Risico zonder
High
Risk Score
7/10
Implementatie
2u (tech: 1u)
Van toepassing op:
βœ“ Windows

Deze instelling is onderdeel van de Windows security baseline en beschermt tegen bekende aanvalsvectoren door het afdwingen van veilige configuraties.

PowerShell Modules Vereist
Primary API: Graph
Connection: Connect-MgGraph
Required Modules: Microsoft.Graph.DeviceManagement

Implementatie

Dit regelen configureert feedback disabled via Microsoft Intune apparaat configuratie beleid of compliance policies om Windows endpoints te beveiligen volgens security best practices.

Vereisten

office

Implementatie

Gebruik PowerShell-script feedback-disabled.ps1 (functie Invoke-Monitoring) – Monitoren.

monitoring

Gebruik PowerShell-script feedback-disabled.ps1 (functie Invoke-Monitoring) – Controleren.

Remediatie

Gebruik PowerShell-script feedback-disabled.ps1 (functie Invoke-Remediation) – Herstellen.

Compliance en Auditing

Beleid documentatie

Compliance & Frameworks

Automation

Gebruik het onderstaande PowerShell script om deze security control te monitoren en te implementeren. Het script bevat functies voor zowel monitoring (-Monitoring) als remediation (-Remediation).

PowerShell
# Control: O365-CO-000018 - Users must not be allowed to submit feedback to Microsoft #Requires -Version 5.1 # DISA STIG Microsoft Office 365 ProPlus v3r3 param( [string]$RegistryPath = "HKCU:\Software\Policies\Microsoft\Office\16.0\Common\Feedback", [switch]$Monitoring, [switch]$Remediation, [switch]$Revert, [switch]$WhatIf ) function Invoke-Monitoring { Write-Host "Monitoring O365-CO-000018: Users must not be allowed to submit feedback to Microsoft" -ForegroundColor Green try { $valueName = "UserContentDisabled" $expectedValue = 1 # 1 = Disabled, 0 = Enabled if (-not (Test-Path $RegistryPath)) { Write-Host "βœ— Registry path does not exist: $RegistryPath" -ForegroundColor Red return $false } $currentValue = Get-ItemProperty -Path $RegistryPath -Name $valueName -ErrorAction SilentlyContinue if ($currentValue -and $currentValue.$valueName -eq $expectedValue) { Write-Host "βœ“ Control compliant: UserContentDisabled = $expectedValue (Feedback disabled)" -ForegroundColor Green return $true } else { $actualValue = if ($currentValue) { $currentValue.$valueName } else { "Not Set" } Write-Host "βœ— Control non-compliant: UserContentDisabled = $actualValue (Expected: $expectedValue)" -ForegroundColor Red return $false } } catch { Write-Host "βœ— Error checking registry setting: $($_.Exception.Message)" -ForegroundColor Red return $false } } function Invoke-Remediation { Write-Host "Remediating O365-CO-000018: Users must not be allowed to submit feedback to Microsoft" -ForegroundColor Yellow try { if (-not (Test-Path $RegistryPath)) { New-Item -Path $RegistryPath -Force | Out-Null } Set-ItemProperty -Path $RegistryPath -Name "UserContentDisabled" -Value 1 -Type DWord -Force Write-Host "βœ“ Registry value set successfully: UserContentDisabled = 1 (Feedback disabled)" -ForegroundColor Green Start-Sleep -Seconds 1 return Invoke-Monitoring } catch { Write-Host "βœ— Error configuring registry setting: $($_.Exception.Message)" -ForegroundColor Red return $false } } function Invoke-Revert { Write-Host "Reverting O365-CO-000018: Users must not be allowed to submit feedback to Microsoft " -ForegroundColor Yellow try { if ($WhatIf) { Write-Host " [WhatIf] Would remove registry value" -ForegroundColor Cyan return $true } $valueName = "UserContentDisabled" if (Test-Path $RegistryPath) { Remove-ItemProperty -Path $RegistryPath -Name $valueName -ErrorAction SilentlyContinue Write-Host " Removed registry value: $valueName" -ForegroundColor Green } return $true } catch { Write-Host " Error during revert: # Control: O365-CO-000018 - Users must not be allowed to submit feedback to Microsoft #Requires -Version 5.1 # DISA STIG Microsoft Office 365 ProPlus v3r3 param( [string]$RegistryPath = "HKCU:\Software\Policies\Microsoft\Office\16.0\Common\Feedback", [switch]$Monitoring, [switch]$Remediation, [switch]$Revert, [switch]$WhatIf ) function Invoke-Monitoring { Write-Host "Monitoring O365-CO-000018: Users must not be allowed to submit feedback to Microsoft" -ForegroundColor Green try { $valueName = "UserContentDisabled" $expectedValue = 1 # 1 = Disabled, 0 = Enabled if (-not (Test-Path $RegistryPath)) { Write-Host "βœ— Registry path does not exist: $RegistryPath" -ForegroundColor Red return $false } $currentValue = Get-ItemProperty -Path $RegistryPath -Name $valueName -ErrorAction SilentlyContinue if ($currentValue -and $currentValue.$valueName -eq $expectedValue) { Write-Host "βœ“ Control compliant: UserContentDisabled = $expectedValue (Feedback disabled)" -ForegroundColor Green return $true } else { $actualValue = if ($currentValue) { $currentValue.$valueName } else { "Not Set" } Write-Host "βœ— Control non-compliant: UserContentDisabled = $actualValue (Expected: $expectedValue)" -ForegroundColor Red return $false } } catch { Write-Host "βœ— Error checking registry setting: $($_.Exception.Message)" -ForegroundColor Red return $false } } function Invoke-Remediation { Write-Host "Remediating O365-CO-000018: Users must not be allowed to submit feedback to Microsoft" -ForegroundColor Yellow try { if (-not (Test-Path $RegistryPath)) { New-Item -Path $RegistryPath -Force | Out-Null } Set-ItemProperty -Path $RegistryPath -Name "UserContentDisabled" -Value 1 -Type DWord -Force Write-Host "βœ“ Registry value set successfully: UserContentDisabled = 1 (Feedback disabled)" -ForegroundColor Green Start-Sleep -Seconds 1 return Invoke-Monitoring } catch { Write-Host "βœ— Error configuring registry setting: $($_.Exception.Message)" -ForegroundColor Red return $false } } if ($Monitoring) { $result = Invoke-Monitoring exit $(if ($result) { 0 } else { 1 }) } elseif ($Remediation) { $result = Invoke-Remediation exit $(if ($result) { 0 } else { 1 }) } elseif ($Revert) { $result = Invoke-Revert exit $(if ($result) { 0 } else { 1 }) } else { Write-Host "Usage: [-Monitoring] [-Remediation] [-Revert] [-WhatIf]" -ForegroundColor Yellow } } catch { Write-Host "Script execution error: # Control: O365-CO-000018 - Users must not be allowed to submit feedback to Microsoft #Requires -Version 5.1 # DISA STIG Microsoft Office 365 ProPlus v3r3 param( [string]$RegistryPath = "HKCU:\Software\Policies\Microsoft\Office\16.0\Common\Feedback", [switch]$Monitoring, [switch]$Remediation, [switch]$Revert, [switch]$WhatIf ) function Invoke-Monitoring { Write-Host "Monitoring O365-CO-000018: Users must not be allowed to submit feedback to Microsoft" -ForegroundColor Green try { $valueName = "UserContentDisabled" $expectedValue = 1 # 1 = Disabled, 0 = Enabled if (-not (Test-Path $RegistryPath)) { Write-Host "βœ— Registry path does not exist: $RegistryPath" -ForegroundColor Red return $false } $currentValue = Get-ItemProperty -Path $RegistryPath -Name $valueName -ErrorAction SilentlyContinue if ($currentValue -and $currentValue.$valueName -eq $expectedValue) { Write-Host "βœ“ Control compliant: UserContentDisabled = $expectedValue (Feedback disabled)" -ForegroundColor Green return $true } else { $actualValue = if ($currentValue) { $currentValue.$valueName } else { "Not Set" } Write-Host "βœ— Control non-compliant: UserContentDisabled = $actualValue (Expected: $expectedValue)" -ForegroundColor Red return $false } } catch { Write-Host "βœ— Error checking registry setting: $($_.Exception.Message)" -ForegroundColor Red return $false } } function Invoke-Remediation { Write-Host "Remediating O365-CO-000018: Users must not be allowed to submit feedback to Microsoft" -ForegroundColor Yellow try { if (-not (Test-Path $RegistryPath)) { New-Item -Path $RegistryPath -Force | Out-Null } Set-ItemProperty -Path $RegistryPath -Name "UserContentDisabled" -Value 1 -Type DWord -Force Write-Host "βœ“ Registry value set successfully: UserContentDisabled = 1 (Feedback disabled)" -ForegroundColor Green Start-Sleep -Seconds 1 return Invoke-Monitoring } catch { Write-Host "βœ— Error configuring registry setting: $($_.Exception.Message)" -ForegroundColor Red return $false } } function Invoke-Revert { Write-Host "Reverting O365-CO-000018: Users must not be allowed to submit feedback to Microsoft " -ForegroundColor Yellow try { if ($WhatIf) { Write-Host " [WhatIf] Would remove registry value" -ForegroundColor Cyan return $true } $valueName = "UserContentDisabled" if (Test-Path $RegistryPath) { Remove-ItemProperty -Path $RegistryPath -Name $valueName -ErrorAction SilentlyContinue Write-Host " Removed registry value: $valueName" -ForegroundColor Green } return $true } catch { Write-Host " Error during revert: # Control: O365-CO-000018 - Users must not be allowed to submit feedback to Microsoft #Requires -Version 5.1 # DISA STIG Microsoft Office 365 ProPlus v3r3 param( [string]$RegistryPath = "HKCU:\Software\Policies\Microsoft\Office\16.0\Common\Feedback", [switch]$Monitoring, [switch]$Remediation, [switch]$Revert, [switch]$WhatIf ) function Invoke-Monitoring { Write-Host "Monitoring O365-CO-000018: Users must not be allowed to submit feedback to Microsoft" -ForegroundColor Green try { $valueName = "UserContentDisabled" $expectedValue = 1 # 1 = Disabled, 0 = Enabled if (-not (Test-Path $RegistryPath)) { Write-Host "βœ— Registry path does not exist: $RegistryPath" -ForegroundColor Red return $false } $currentValue = Get-ItemProperty -Path $RegistryPath -Name $valueName -ErrorAction SilentlyContinue if ($currentValue -and $currentValue.$valueName -eq $expectedValue) { Write-Host "βœ“ Control compliant: UserContentDisabled = $expectedValue (Feedback disabled)" -ForegroundColor Green return $true } else { $actualValue = if ($currentValue) { $currentValue.$valueName } else { "Not Set" } Write-Host "βœ— Control non-compliant: UserContentDisabled = $actualValue (Expected: $expectedValue)" -ForegroundColor Red return $false } } catch { Write-Host "βœ— Error checking registry setting: $($_.Exception.Message)" -ForegroundColor Red return $false } } function Invoke-Remediation { Write-Host "Remediating O365-CO-000018: Users must not be allowed to submit feedback to Microsoft" -ForegroundColor Yellow try { if (-not (Test-Path $RegistryPath)) { New-Item -Path $RegistryPath -Force | Out-Null } Set-ItemProperty -Path $RegistryPath -Name "UserContentDisabled" -Value 1 -Type DWord -Force Write-Host "βœ“ Registry value set successfully: UserContentDisabled = 1 (Feedback disabled)" -ForegroundColor Green Start-Sleep -Seconds 1 return Invoke-Monitoring } catch { Write-Host "βœ— Error configuring registry setting: $($_.Exception.Message)" -ForegroundColor Red return $false } } if ($Monitoring) { $result = Invoke-Monitoring exit $(if ($result) { 0 } else { 1 }) } elseif ($Remediation) { $result = Invoke-Remediation exit $(if ($result) { 0 } else { 1 }) } else { Write-Host "Usage: .\feedback-disabled.ps1 [-Monitoring] [-Remediation]" -ForegroundColor Yellow Write-Host "Manual configuration: Group Policy > User Configuration > Administrative Templates" -ForegroundColor Cyan Write-Host "> Microsoft Office 2016 > Privacy > Trust Center > Allow users to submit feedback: Disabled" -ForegroundColor White } " -ForegroundColor Red return $false } } # Main execution try { if ($Monitoring) { $result = Invoke-Monitoring exit $(if ($result) { 0 } else { 1 }) } elseif ($Remediation) { $result = Invoke-Remediation exit $(if ($result) { 0 } else { 1 }) } else { Write-Host "Usage: .\feedback-disabled.ps1 [-Monitoring] [-Remediation]" -ForegroundColor Yellow Write-Host "Manual configuration: Group Policy > User Configuration > Administrative Templates" -ForegroundColor Cyan Write-Host "> Microsoft Office 2016 > Privacy > Trust Center > Allow users to submit feedback: Disabled" -ForegroundColor White } " -ForegroundColor Red exit 1 } " -ForegroundColor Red return $false } } # Main execution try { if ($Monitoring) { $result = Invoke-Monitoring exit $(if ($result) { 0 } else { 1 }) } elseif ($Remediation) { $result = Invoke-Remediation exit $(if ($result) { 0 } else { 1 }) } elseif ($Revert) { $result = Invoke-Revert exit $(if ($result) { 0 } else { 1 }) } else { Write-Host "Usage: [-Monitoring] [-Remediation] [-Revert] [-WhatIf]" -ForegroundColor Yellow } } catch { Write-Host "Script execution error: # Control: O365-CO-000018 - Users must not be allowed to submit feedback to Microsoft #Requires -Version 5.1 # DISA STIG Microsoft Office 365 ProPlus v3r3 param( [string]$RegistryPath = "HKCU:\Software\Policies\Microsoft\Office\16.0\Common\Feedback", [switch]$Monitoring, [switch]$Remediation, [switch]$Revert, [switch]$WhatIf ) function Invoke-Monitoring { Write-Host "Monitoring O365-CO-000018: Users must not be allowed to submit feedback to Microsoft" -ForegroundColor Green try { $valueName = "UserContentDisabled" $expectedValue = 1 # 1 = Disabled, 0 = Enabled if (-not (Test-Path $RegistryPath)) { Write-Host "βœ— Registry path does not exist: $RegistryPath" -ForegroundColor Red return $false } $currentValue = Get-ItemProperty -Path $RegistryPath -Name $valueName -ErrorAction SilentlyContinue if ($currentValue -and $currentValue.$valueName -eq $expectedValue) { Write-Host "βœ“ Control compliant: UserContentDisabled = $expectedValue (Feedback disabled)" -ForegroundColor Green return $true } else { $actualValue = if ($currentValue) { $currentValue.$valueName } else { "Not Set" } Write-Host "βœ— Control non-compliant: UserContentDisabled = $actualValue (Expected: $expectedValue)" -ForegroundColor Red return $false } } catch { Write-Host "βœ— Error checking registry setting: $($_.Exception.Message)" -ForegroundColor Red return $false } } function Invoke-Remediation { Write-Host "Remediating O365-CO-000018: Users must not be allowed to submit feedback to Microsoft" -ForegroundColor Yellow try { if (-not (Test-Path $RegistryPath)) { New-Item -Path $RegistryPath -Force | Out-Null } Set-ItemProperty -Path $RegistryPath -Name "UserContentDisabled" -Value 1 -Type DWord -Force Write-Host "βœ“ Registry value set successfully: UserContentDisabled = 1 (Feedback disabled)" -ForegroundColor Green Start-Sleep -Seconds 1 return Invoke-Monitoring } catch { Write-Host "βœ— Error configuring registry setting: $($_.Exception.Message)" -ForegroundColor Red return $false } } function Invoke-Revert { Write-Host "Reverting O365-CO-000018: Users must not be allowed to submit feedback to Microsoft " -ForegroundColor Yellow try { if ($WhatIf) { Write-Host " [WhatIf] Would remove registry value" -ForegroundColor Cyan return $true } $valueName = "UserContentDisabled" if (Test-Path $RegistryPath) { Remove-ItemProperty -Path $RegistryPath -Name $valueName -ErrorAction SilentlyContinue Write-Host " Removed registry value: $valueName" -ForegroundColor Green } return $true } catch { Write-Host " Error during revert: # Control: O365-CO-000018 - Users must not be allowed to submit feedback to Microsoft #Requires -Version 5.1 # DISA STIG Microsoft Office 365 ProPlus v3r3 param( [string]$RegistryPath = "HKCU:\Software\Policies\Microsoft\Office\16.0\Common\Feedback", [switch]$Monitoring, [switch]$Remediation, [switch]$Revert, [switch]$WhatIf ) function Invoke-Monitoring { Write-Host "Monitoring O365-CO-000018: Users must not be allowed to submit feedback to Microsoft" -ForegroundColor Green try { $valueName = "UserContentDisabled" $expectedValue = 1 # 1 = Disabled, 0 = Enabled if (-not (Test-Path $RegistryPath)) { Write-Host "βœ— Registry path does not exist: $RegistryPath" -ForegroundColor Red return $false } $currentValue = Get-ItemProperty -Path $RegistryPath -Name $valueName -ErrorAction SilentlyContinue if ($currentValue -and $currentValue.$valueName -eq $expectedValue) { Write-Host "βœ“ Control compliant: UserContentDisabled = $expectedValue (Feedback disabled)" -ForegroundColor Green return $true } else { $actualValue = if ($currentValue) { $currentValue.$valueName } else { "Not Set" } Write-Host "βœ— Control non-compliant: UserContentDisabled = $actualValue (Expected: $expectedValue)" -ForegroundColor Red return $false } } catch { Write-Host "βœ— Error checking registry setting: $($_.Exception.Message)" -ForegroundColor Red return $false } } function Invoke-Remediation { Write-Host "Remediating O365-CO-000018: Users must not be allowed to submit feedback to Microsoft" -ForegroundColor Yellow try { if (-not (Test-Path $RegistryPath)) { New-Item -Path $RegistryPath -Force | Out-Null } Set-ItemProperty -Path $RegistryPath -Name "UserContentDisabled" -Value 1 -Type DWord -Force Write-Host "βœ“ Registry value set successfully: UserContentDisabled = 1 (Feedback disabled)" -ForegroundColor Green Start-Sleep -Seconds 1 return Invoke-Monitoring } catch { Write-Host "βœ— Error configuring registry setting: $($_.Exception.Message)" -ForegroundColor Red return $false } } if ($Monitoring) { $result = Invoke-Monitoring exit $(if ($result) { 0 } else { 1 }) } elseif ($Remediation) { $result = Invoke-Remediation exit $(if ($result) { 0 } else { 1 }) } else { Write-Host "Usage: .\feedback-disabled.ps1 [-Monitoring] [-Remediation]" -ForegroundColor Yellow Write-Host "Manual configuration: Group Policy > User Configuration > Administrative Templates" -ForegroundColor Cyan Write-Host "> Microsoft Office 2016 > Privacy > Trust Center > Allow users to submit feedback: Disabled" -ForegroundColor White } " -ForegroundColor Red return $false } } # Main execution try { if ($Monitoring) { $result = Invoke-Monitoring exit $(if ($result) { 0 } else { 1 }) } elseif ($Remediation) { $result = Invoke-Remediation exit $(if ($result) { 0 } else { 1 }) } else { Write-Host "Usage: .\feedback-disabled.ps1 [-Monitoring] [-Remediation]" -ForegroundColor Yellow Write-Host "Manual configuration: Group Policy > User Configuration > Administrative Templates" -ForegroundColor Cyan Write-Host "> Microsoft Office 2016 > Privacy > Trust Center > Allow users to submit feedback: Disabled" -ForegroundColor White } " -ForegroundColor Red exit 1 }

Risico zonder implementatie

Risico zonder implementatie
High: No auth tracking.

Management Samenvatting

Schakel in audit logging.