18.8.1.1 (L2) Ensure 'Turn off notifications network usage' is set to 'Enabled'

Information

This policy setting blocks applications from using the network to send notifications to update tiles, tile badges, toast, or raw notifications. This policy setting turns off the connection between Windows and the Windows Push Notification Service (WNS). This policy setting also stops applications from being able to poll application services to update tiles.

The recommended state for this setting is: Enabled

Windows Push Notification Services (WNS) is a mechanism to receive third-party notifications and updates from the cloud/Internet. In a high security environment, external systems, especially those hosted outside the organization, should be prevented from having an impact on the secure workstations.

Solution

To establish the recommended configuration via GP, set the following UI path to Enabled :

Computer Configuration\Policies\Administrative Templates\Start Menu and Taskbar\Notifications\Turn off notifications network usage

Note: This Group Policy path is provided by the Group Policy template WPN.admx/adml that is included with the Microsoft Windows 10 Release 1607 & Server 2016 Administrative Templates (or newer).

Impact:

Applications and system features will not be able receive notifications from the network from WNS or via notification polling APIs.

See Also

https://workbench.cisecurity.org/benchmarks/17129

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-4, CSCv7|9.2

Plugin: Windows

Control ID: 98d11c6bc582344b2a802f62b254db0f23da59b03d3352c8c988eae77c17d183