OS,Policy name,Policy,Settings,Note
macOS,JC Light Security - Allow Standard Users To Approve Screen Sharing & Recording,Allow Standard Users To Approve Screen Sharing & Recording,"AnyDesk :FALSE,
BlueJeans :FALSE,
Camtasia 2020 :FALSE,
Cisco Webex Meeting Manager :TRUE,
Cisco Webex Meetings :TRUE,
Firefox :TRUE,
Google Chrome :TRUE,
GoToMeeting :FALSE,
LogMeIn Ignition :FALSE,
Microsoft Edge :TRUE,
Microsoft Teams :TRUE,
QuickTime Player :TRUE,
Skype :TRUE,
Skype for Business :TRUE,
Slack :TRUE,
Snagit 2020 :TRUE,
TeamViewer :FALSE,
Zoho Assist :FALSE,
Zoho Cliq :FALSE,
Zoho Join :FALSE,
Zoho Meeting :FALSE,
Zoom :TRUE,
",
Windows,JC Light Security - Allow The Use of Biometrics,Allow The Use of Biometrics,Allow The Use Of Biometrics :TRUE,
MacOS,JC Light Security - Application Privacy Preferences,Application Privacy Preferences,Requires Admin Setup,"We CAN provide some common examples here: Chrome, access to downloads and desktop; Firefox, access to downloads and desktop; Safari, access to downloads and desktop"
Linux,JC Light Security - Check Disk Encryption,Check Disk Encryption,Check if all managed users home directories are encrypted:TRUE,
Linux,JC Light Security - Lock Screen - Linux,Lock Screen - Linux,Value: 900 Seconds,
macOS,JC Light Security - App Store Restrictions,App Store Restrictions,"Restrict App Store installs to Admin only: FALSE,
Restrict App Store to Updates only: TRUE,",
macOS,JC Light Security - Disable Guest Account,Disable Guest Account,"Show the FileVault Recovery Key to the user when enabled: FALSE
Do not prompt the user to enable FileVault at logout: FALSE
Number of times the user can bypass enabling FileVault: VALUE 0",
macOS,JC Light Security - FileVault 2,FileVault 2,,
macOS,JC Light Security - Local Firewall Controls,Local Firewall Controls,"Enable Firewall :TRUE,
Block All Incoming Connections :FALSE,
Enable Stealth Mode :FALSE,
Enable Logging :TRUE,
Logging Option: BRIEF, 
Enable Private Data Collection :TRUE",These policies are too aggressive
macOS,JC Light Security - Lock Screen - macOS,Lock Screen,VALUE: 900 Seconds,"This value is too aggressive, should be 900 seconds"
Windows,JC Light Security - BitLocker Full Disk Encryption,Encrypt All Non-Removable Drives.,Encrypt All Non-Removable Drives :TRUE ,
Windows,JC Light Security - Built-in Administrator Account Status,Built-in Administrator Account Status,Disable Built-in Administrator Account :TRUE,
Windows,JC Light Security - Built-in Guest Account Status,Built-in Guest Account Status,Disable Built-in Guest Account :TRUE,
Windows,JC Light Security - Display User Info When The Session Is Locked,Display User Info When The Session Is Locked,"Do Not Display User Information :TRUE,",
Windows,JC Light Security - Do Not Display Last Username on Logon Screen,Do Not Display Last Username on Logon Screen,"Do Not Display Last Username: TRUE,",
Windows,JC Light Security - Lock Screen Windows,Lock Screen Windows,VALUE: 900 Seconds,
Windows,JC Light Security - Restrict Control Panel Access,Restrict Control Panel Access,"Completely disable the control panel :FALSE,
Action Center :FALSE,
Add features to Windows 8.1 :FALSE,
Administrative Tools :FALSE,
AutoPlay :FALSE,
Backup and Restore :FALSE,
BitLocker Drive Encryption :TRUE,
Color Management :FALSE,
Credential Manager :FALSE,
Date and Time :FALSE,
Default Programs :FALSE,
Desktop Gadgets :FALSE,
Device Manager :FALSE,
Devices and Printers :FALSE,
Display :FALSE,
Ease of Access Center :FALSE,
Family Safety :FALSE,
Folder Options :FALSE,
File Explorer Options :FALSE,
File History :FALSE,
Flash Player (32-bit) :FALSE,
Fonts :FALSE,
Getting Started :FALSE,
HomeGroup :FALSE,
Indexing Options :FALSE,
Infrared :FALSE,
Internet Options :FALSE,
iSCSI Initiator :FALSE,
Keyboard :FALSE,
Language :FALSE,
Location Settings/Other Sensors :FALSE,
Mouse :FALSE,
Network and Sharing Center :FALSE,
Notification Area Icons :FALSE,
Parental Controls :FALSE,
Performance Information and Tools :FALSE,
Personalization :FALSE,
Phone and Modem :FALSE,
Power Options :FALSE,
Programs and Features :FALSE,
Recovery :FALSE,
Region :FALSE,
RemoteApp and Desktop Connections :FALSE,
Security and Maintenance :FALSE,
Sound :FALSE,
Speech Recognition/Text to Speech :FALSE,
Storage Spaces :FALSE,
Sync Center :FALSE,
System :FALSE,
Taskbar and Navigation :FALSE,
Troubleshooting :FALSE,
User Accounts :FALSE,
Windows Anytime Upgrade :TRUE,
Windows CardSpace :FALSE,
Windows Defender (Windows Server 2016) :FALSE,
Windows Defender Firewall (Windows 10 & 11) :TRUE,
Windows Firewall (Windows Server 2012 R2/2016) :FALSE,
Windows Mobility Center, Windows To Go :FALSE,
Windows Update (Windows Server 2012 R2) :FALSE,
Work Folders :FALSE,",
Windows,JC Light Security - Windows Defender,Windows Defender,"Allow antimalware service to remain running always :FALSE,
Allow antimalware service to startup with normal priority :FALSE,
Allow definition updates from Microsoft Update :FALSE,
Allow definition updates when running on battery power :FALSE,
Allow notifications to disable definitions based reports to Microsoft MAPS :FALSE,
Allow real-time definition updates based on reports to Microsoft MAPS :FALSE,
Allow users to pause scan :FALSE,
Check for the latest virus and spyware definitions before running a scheduled scan :FALSE,
Check for the latest virus and spyware definitions on startup :FALSE,
Configure Watson events :FALSE,
Configure local administrator merge behavior for lists :FALSE,
Configure local setting override for maximum percentage of CPU utilization :FALSE,
Configure local setting override for monitoring file and program activity on your computer :FALSE,
Configure local setting override for monitoring for incoming and outgoing file activity :FALSE,
Configure local setting override for reporting to Microsoft MAPS :FALSE,
Configure local setting override for scanning all downloaded files and attachments :FALSE,
Configure local setting override for schedule scan day :FALSE,
Configure local setting override for scheduled quick scan time :FALSE,
Configure local setting override for scheduled scan time :FALSE,
Configure local setting override for the removal of items from Quarantine folder :FALSE,
Configure local setting override for the scan type to use for a scheduled scan :FALSE,
Configure local setting override for the time of day to run a scheduled full scan to complete remediation :FALSE,
Configure local setting override for turn on behavior monitoring :FALSE,
Configure local setting override to turn on real-time protection :FALSE,
Configure the 'Block at First Sight' feature :TRUE,
Create a system restore point :FALSE,
Enable headless UI mode :FALSE,
Initiate definition update on startup :FALSE,
Monitor file and program activity on your computer :TRUE,
Randomize scheduled task times :FALSE,
Run full scan on mapped network drives :FALSE,
Scan all downloaded files and attachments :TRUE,
Scan archive files :FALSE,
Scan network files :FALSE,
Scan packed executables :FALSE,
Scan removable drives :FALSE,
Start the scheduled scan only when computer is on but not in use :FALSE,
Suppress all notifications :FALSE,
Suppresses reboot notifications :FALSE,
Turn off Auto Exclusions :FALSE,
Turn off Windows Defender Antivirus :FALSE,
Turn off enhanced notifications :FALSE,
Turn off real-time protection :FALSE,
Turn off routine remediation :FALSE,
Turn on behavior monitoring :TRUE,
Turn on catch-up full scan :FALSE,
Turn on catch-up quick scan :FALSE,
Turn on definition retirement :FALSE,
Turn on e-mail scanning :FALSE,
Turn on heuristics :FALSE,
Turn on process scanning whenever real-time protection is enabled :TRUE,
Turn on protocol recognition :FALSE,
Turn on raw volume write notifications :FALSE,
Turn on reparse point scanning :FALSE,
Turn on scan after signature update :FALSE,",
Windows,JC Light Security - Windows Firewall,Windows Firewall,"Windows Firewall: Allow local port exceptions (domain profile) :FALSE,
Windows Firewall: Allow local port exceptions (standard profile) :FALSE,
Windows Firewall: Allow local program exceptions (standard profile) :FALSE,
Windows Firewall: Allow local program exceptions (domain profile) :FALSE,
Windows Firewall: Do not allow exceptions (standard profile) :FALSE,
Windows Firewall: Do not allow exceptions (domain profile) :FALSE,
Windows Firewall: Prohibit notifications (standard profile) :FALSE,
Windows Firewall: Prohibit notifications (domain profile) :FALSE,
Windows Firewall: Prohibit unicast response to multicast or broadcast requests (domain profile) :FALSE,
Windows Firewall: Prohibit unicast response to multicast or broadcast requests (standard profile) :TRUE,
Windows Firewall: Protect all network connections (domain profile) :TRUE,
Windows Firewall: Protect all network connections (standard profile) :TRUE,",
macOS,JC Light Security - Allow Activation Lock, Mac - Allow Activation Lock Policy ,TRUE,
iOS,JC Light Security - Allow Activation Lock - iOS, iOS - Allow Activation Lock Policy ,TRUE,
iOS,JC Light Security - Passcode Restrictions, iOS - Passcode Restrictions Policy ,"Allow simple passcodes: FALSE,
Require alphanumeric: FALSE,
Force PIN: TRUE
Set max failed attempts: TRUE
Max failed attempts: 10,
Set max grace period: FALSE
Set max inactivity: TRUE,
Max inactivity: 2,
Set max PIN age: FALSE
Minimum complex characters: 0,
Minimum length: 6,
Set PIN history length: TRUE,
PIN history length: 3",
iOS,JC Light Security - Require Passcode for User-Enrolled Devices, iOS - Require Passcode for User-Enrolled Devices Policy ,TRUE,