Accounts: Automatic logons must be disabled
5db60bfa-0318-430e-ab7e-c2ff3e749ae9
Accounts: Block Microsoft accounts
6e815a39-7aa8-42e4-88d3-1778dfe85333
Accounts: Built-in Administrator account must be renamed
b1981ae3-ba91-4758-a98c-a5937a0498f7
Accounts: Built-in Guest account must be renamed
20dbd0a4-0373-4913-9f75-4ab7f6fcbdb0
Accounts: Local Administrator account should be disabled
822e9bf2-405a-42cb-9566-8532df68939f
Accounts: Local Guest account should be disabled
538d811a-0a0a-4336-8294-63bc2c092ebb
Accounts: Reversible password encryption must be disabled
71ebd815-0ca9-44c9-b7b8-c96e155e7afb
Auditing: Policy subcategories should be enabled
2db4a73a-0e6d-4f25-80a0-49792a478308
Auditing: Removable Storage
af074caf-14a4-41f5-9ebd-e2214dc48240
Autoplay: should be disabled for all drives
2cb75d59-8ef3-4fa3-90e1-8bec9e51c703
Compliance: BitLocker should be configured in FIPS mode
330f6517-5c88-4086-b456-d3026307c001
Compliance: BitLocker should use AES 256 encryption
77de846e-473b-4c4d-8d70-85d27342fc45
Credentials: WDigest Authentication must be disabled
13cb0c87-4b9a-4923-9768-87bafab6ef87
Directory Size: WinSxs\Temp\PendingDeletes
233b6308-be50-487f-ad61-dec44a3d4402
Domain Controller: Must require LDAP access signing
9e1e28ee-d597-49db-b33d-cfee0ba15c69
Domain Member: LDAP client signing requirements
5c9b1fb7-3d92-4d13-be5f-13d7894e50d0
FIPS 140: Security Requirements for Cryptographic Modules
b6109218-a32b-479a-8465-055340a1759c
File System: Local volumes must be formatted with NTFS
b6493fb9-ad83-494c-93e3-3dbfaeb9b303
General: AntiVirus/Antimalware Status
6d48a68a-3e44-4a00-8d42-670e41c9942c
General: Printing over HTTP must be turned off
21735bdc-fd91-44a8-beca-9a48b6c5e166
General: Solicited Remote Assistance must not be allowed
ac242343-8a24-414b-8615-7de95dffd90d
General: Windows firewall status
1f229f09-4c15-4bfe-b9f7-ed63d03cd70e
Info: Check Windows 11 Upgrade Readiness
12613046-99bc-4bb7-acac-57456094bba1
Internet Browser: Check digital signature of executables
f09f451c-2ec0-4a03-b578-637db9c8ffbf
Logon: Enable Display Last Logon Info
a108b75a-f851-4e02-b377-1bc6a2698949
Logon: Network selection UI must not be displayed
3476077b-5d03-4819-9ef0-213402f37eed
Logon: Require CTRL+ALT+DEL for interactive logons
d2d523f6-4e7a-46e3-b553-ab395a7563e4
Microsoft Edge: SmartScreen filter must be enabled
7a337b09-3a6f-4270-8611-005b2a71cba4
Network Access: Disable SMBv1
78c4c60a-a039-4a47-b614-3138d7bcfe4f
Passwords: Enforce history
d0163b5f-23ab-4377-bc49-709e891a6b2b
Passwords: Maximum Age
794aed82-0f0a-46e0-8135-204c50b12462
Passwords: Minimum Password Age
c3b194cc-701a-43f4-bd84-86caada64337
Passwords: Minimum length
e352dda0-c735-4b4e-ba26-097f5dbab32c
Passwords: Storing LAN Manager hash
8fbc83d9-7409-41aa-bf3c-a2360a8d9749
PowerShell: Script block logging must be enabled
ab3e18c8-5f9b-4a08-8474-ff10619965bd
PowerShell: v2 should not be installed / enabled
f69ae077-386f-4543-9036-30e5b3377f62
Privacy: Windows Telemetry Should Be Disabled
7b982402-135c-44d3-a35d-3ab41833719f
Privacy: Windows location services should be disabled
902983b9-3aed-423a-971d-7c69668df490
Remote Desktop Services: Idle session time limit
a06670b6-460f-45ae-93ef-02d41f52d45e
Remote Desktop Services: Must prevent drive redirection
f412c653-14b4-4829-8fd8-0263d996cf04
TLS/SSL Insecure Ciphers (SCHANNEL)
78fcd8a8-18af-49f4-8a64-bccb901e5557
Threat Intel: Attack Vector: Disable LLMNR
3724e477-bdea-4a74-96b7-7ac79e157087
Threat Intel: Attack Vector: Disable Windows Event Logging
f1bc38dc-fbda-45cd-9ec9-7f69dfd7b00e
Threat Intel: Persistence - AppInit DLLs
bf92b536-95cc-4060-bea3-a61ba1e4c9bb
Tracking: The location feature must be turned off
b5e9fae5-f161-4c39-a915-7282a3896dd9
Tracking: Windows Telemetry must not be set to Full
0001b667-c79a-4486-802c-32d860cae99e
Windows OS: Build Version Check (End Of Life)
07b6c273-cdb3-4a4d-889d-d1d54dc0eb5f
Windows OS: Build Version Check (OS Updated)
c7b058ab-6360-4b5d-9cd2-45eafef8c489
Windows OS: Must not have the TFTP Client Installed
a5eca000-8a44-410e-ab8d-9f7eeae34216
Windows OS: Must not have the Telnet Client Installed
8fbc28fc-2d54-4b3c-af3f-9ec8d62e959b
Windows OS: Secure Boot must be enabled
e8bb4b60-e081-427e-924e-e99a1aacf387
Windows OS: Windows Activation Status
de96957d-bcf1-4d41-be46-aa14b00135f3
Windows Update: Windows Recovery Partition Size
d80aa4e9-fdce-477d-bd3a-ee056191d4ee