MSFT-11-005200 - The mobile operating system must allow only the Administrator (MDM) to perform the following management function: Enable/disable location services.

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version


If a user is able to configure the security setting, the user could inadvertently or maliciously set it to a value that poses unacceptable risk to DOD information systems. An adversary could exploit vulnerabilities created by the weaker configuration to compromise DOD sensitive information.



Configure the Microsoft Android 11 device to enable/disable location services.

On the EMM console:
1. Open 'Set user restrictions on parent'.
2. Toggle 'Disallow config location' to 'On'.
3. Toggle 'Disallow share location' to 'On'.

See Also

Item Details

References: CAT|III, CCI|CCI-002235, Rule-ID|SV-255185r870803_rule, STIG-ID|MSFT-11-005200, Vuln-ID|V-255185

Plugin: MDM

Control ID: 828de99a3047a121b32c846508014efc0b20c141aa0b6c8a68bdc2c9fc5604aa