18.5.11.3 Ensure 'Prohibit use of Internet Connection Sharing on your DNS domain network' is set to 'Enabled'
Info
Although this 'legacy' setting traditionally applied to the use of Internet Connection Sharing (ICS) in Windows 2000, Windows XP & Server 2003, this setting now freshly applies to the Mobile Hotspot feature in Windows 10 & Server 2016.
The recommended state for this setting is: 'Enabled'.
Rationale:
Non-administrators should not be able to turn on the Mobile Hotspot feature and open their Internet connectivity up to nearby mobile devices.
Solution
To establish the recommended configuration via GP, set the following UI path to 'Enabled':
Computer Configuration\Policies\Administrative Templates\Network\Network Connections\Prohibit use of Internet Connection Sharing on your DNS domain network
Note: This Group Policy path is provided by the Group Policy template 'NetworkConnections.admx/adml' that is included with all versions of the Microsoft Windows Administrative Templates.
Impact:
Mobile Hotspot cannot be enabled or configured by Administrators and non-Administrators alike.
18.5.11.3 Ensure 'Prohibit use of Internet Connection Sharing on your DNS domain network' is set to 'Enabled'
Info
Solution