| 3.1 Ensure 'Allow simple passwords' is set to 'False' | IDENTIFICATION AND AUTHENTICATION |
| 3.2 Ensure 'Allow unmanaged devices' is set to 'False' | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 3.3 Ensure 'Enforce password history' is set to '4' or greater | IDENTIFICATION AND AUTHENTICATION |
| 3.4 Ensure 'Minimum password length' is set to '4' or more | IDENTIFICATION AND AUTHENTICATION |
| 3.5 Ensure 'Number of attempts allowed' is set to '10' | ACCESS CONTROL |
| 3.6 Ensure 'Password expiration' is set to '365' or less | IDENTIFICATION AND AUTHENTICATION |
| 3.7 Ensure 'Refresh interval' is set to '1' | ACCESS CONTROL |
| 3.8 Ensure 'Require alphanumeric password' is set to 'True' | IDENTIFICATION AND AUTHENTICATION |
| 3.9 Ensure 'Require encryption on device' is set to 'True' | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 3.10 Ensure 'Require password' is set to 'True' | IDENTIFICATION AND AUTHENTICATION |
| 3.11 Ensure 'Time without user input before password must be re-entered' is set to '15' | ACCESS CONTROL |
| Authentication Failure | |
| CIS_Microsoft_Exchange_Server_2019_v1.0.0_Level_1_MDM.audit from CIS Microsoft Exchange Server 2019 Benchmark v1.0.0 | SYSTEM AND INFORMATION INTEGRITY |
