cis_v6_0_1_controls_manifest.json
|
{
"benchmark": "CIS Microsoft 365 Foundations Benchmark", "version": "6.0.1", "source_pdf": "c:\\Users\\omaro\\Downloads\\CIS_Microsoft_365_Foundations_Benchmark_v6.0.1.pdf", "generated_at_utc": "2026-02-28T03:20:15Z", "severity_note": "Severity is derived from CIS level: L1=Medium, L2=High.", "entries": [ { "id": "1.1.1", "level": "L1", "severity": "Medium", "title": "Ensure Administrative accounts are cloud-only", "type": "Automated", "start_page": 21, "end_page": 23, "all_detected_pages": [ 3, 21, 497 ] }, { "id": "1.1.2", "level": "L1", "severity": "Medium", "title": "Ensure two emergency access accounts have been defined", "type": "Manual", "start_page": 24, "end_page": 27, "all_detected_pages": [ 3, 24, 497 ] }, { "id": "1.1.3", "level": "L1", "severity": "Medium", "title": "Ensure that between two and four global admins are designated", "type": "Automated", "start_page": 28, "end_page": 30, "all_detected_pages": [ 3, 28, 497 ] }, { "id": "1.1.4", "level": "L1", "severity": "Medium", "title": "Ensure administrative accounts use licenses with a reduced application footprint", "type": "Automated", "start_page": 31, "end_page": 36, "all_detected_pages": [ 4, 31, 497 ] }, { "id": "1.2.1", "level": "L2", "severity": "High", "title": "Ensure that only organizationally managed/approved public groups exist", "type": "Automated", "start_page": 37, "end_page": 39, "all_detected_pages": [ 4, 37, 497 ] }, { "id": "1.2.2", "level": "L1", "severity": "Medium", "title": "Ensure sign-in to shared mailboxes is blocked", "type": "Automated", "start_page": 40, "end_page": 43, "all_detected_pages": [ 4, 40, 497 ] }, { "id": "1.3.1", "level": "L1", "severity": "Medium", "title": "Ensure the 'Password expiration policy' is set to 'Set passwords to never expire (recommended)'", "type": "Automated", "start_page": 44, "end_page": 46, "all_detected_pages": [ 4, 44, 497 ] }, { "id": "1.3.2", "level": "L2", "severity": "High", "title": "Ensure 'Idle session timeout' is set to '3 hours (or less)' for unmanaged devices", "type": "Automated", "start_page": 47, "end_page": 53, "all_detected_pages": [ 4, 47, 497 ] }, { "id": "1.3.3", "level": "L2", "severity": "High", "title": "Ensure 'External sharing' of calendars is not available", "type": "Automated", "start_page": 54, "end_page": 56, "all_detected_pages": [ 4, 54, 497 ] }, { "id": "1.3.4", "level": "L1", "severity": "Medium", "title": "Ensure 'User owned apps and services' is restricted", "type": "Automated", "start_page": 57, "end_page": 59, "all_detected_pages": [ 4, 57, 497 ] }, { "id": "1.3.5", "level": "L1", "severity": "Medium", "title": "Ensure internal phishing protection for Forms is enabled", "type": "Automated", "start_page": 60, "end_page": 61, "all_detected_pages": [ 4, 60, 498 ] }, { "id": "1.3.6", "level": "L2", "severity": "High", "title": "Ensure the customer lockbox feature is enabled", "type": "Automated", "start_page": 62, "end_page": 63, "all_detected_pages": [ 4, 62, 498 ] }, { "id": "1.3.7", "level": "L2", "severity": "High", "title": "Ensure 'third-party storage services' are restricted in 'Microsoft 365 on the web'", "type": "Automated", "start_page": 64, "end_page": 66, "all_detected_pages": [ 4, 64, 498 ] }, { "id": "1.3.8", "level": "L2", "severity": "High", "title": "Ensure that Sways cannot be shared with people outside of your organization", "type": "Manual", "start_page": 67, "end_page": 68, "all_detected_pages": [ 4, 67, 498 ] }, { "id": "1.3.9", "level": "L1", "severity": "Medium", "title": "Ensure shared bookings pages are restricted to select users", "type": "Automated", "start_page": 69, "end_page": 73, "all_detected_pages": [ 4, 69, 498 ] }, { "id": "2.1.1", "level": "L2", "severity": "High", "title": "Ensure Safe Links for Office Applications is Enabled", "type": "Automated", "start_page": 74, "end_page": 78, "all_detected_pages": [ 4, 74, 498 ] }, { "id": "2.1.2", "level": "L1", "severity": "Medium", "title": "Ensure the Common Attachment Types Filter is enabled", "type": "Automated", "start_page": 79, "end_page": 81, "all_detected_pages": [ 4, 79, 498 ] }, { "id": "2.1.3", "level": "L1", "severity": "Medium", "title": "Ensure notifications for internal users sending malware is Enabled", "type": "Automated", "start_page": 82, "end_page": 84, "all_detected_pages": [ 4, 82, 498 ] }, { "id": "2.1.4", "level": "L2", "severity": "High", "title": "Ensure Safe Attachments policy is enabled", "type": "Automated", "start_page": 85, "end_page": 88, "all_detected_pages": [ 4, 85, 498 ] }, { "id": "2.1.5", "level": "L2", "severity": "High", "title": "Ensure Safe Attachments for SharePoint, OneDrive, and Microsoft Teams is Enabled", "type": "Automated", "start_page": 89, "end_page": 91, "all_detected_pages": [ 4, 89, 498 ] }, { "id": "2.1.6", "level": "L1", "severity": "Medium", "title": "Ensure Exchange Online Spam Policies are set to notify administrators", "type": "Automated", "start_page": 92, "end_page": 94, "all_detected_pages": [ 4, 92, 498 ] }, { "id": "2.1.7", "level": "L2", "severity": "High", "title": "Ensure that an anti-phishing policy has been created", "type": "Automated", "start_page": 95, "end_page": 100, "all_detected_pages": [ 4, 95, 498 ] }, { "id": "2.1.8", "level": "L1", "severity": "Medium", "title": "Ensure that SPF records are published for all Exchange Domains", "type": "Automated", "start_page": 101, "end_page": 102, "all_detected_pages": [ 4, 101, 498 ] }, { "id": "2.1.9", "level": "L1", "severity": "Medium", "title": "Ensure that DKIM is enabled for all Exchange Online Domains", "type": "Automated", "start_page": 103, "end_page": 106, "all_detected_pages": [ 4, 103, 499 ] }, { "id": "2.1.10", "level": "L1", "severity": "Medium", "title": "Ensure DMARC Records for all Exchange Online domains are published", "type": "Automated", "start_page": 107, "end_page": 109, "all_detected_pages": [ 4, 107, 499 ] }, { "id": "2.1.11", "level": "L2", "severity": "High", "title": "Ensure comprehensive attachment filtering is applied", "type": "Automated", "start_page": 110, "end_page": 116, "all_detected_pages": [ 4, 110, 499 ] }, { "id": "2.1.12", "level": "L1", "severity": "Medium", "title": "Ensure the connection filter IP allow list is not used", "type": "Automated", "start_page": 117, "end_page": 119, "all_detected_pages": [ 4, 117, 499 ] }, { "id": "2.1.13", "level": "L1", "severity": "Medium", "title": "Ensure the connection filter safe list is off", "type": "Automated", "start_page": 120, "end_page": 122, "all_detected_pages": [ 4, 120, 499 ] }, { "id": "2.1.14", "level": "L1", "severity": "Medium", "title": "Ensure inbound anti-spam policies do not contain allowed domains", "type": "Automated", "start_page": 123, "end_page": 125, "all_detected_pages": [ 4, 123, 499 ] }, { "id": "2.1.15", "level": "L1", "severity": "Medium", "title": "Ensure outbound anti-spam message limits are in place", "type": "Automated", "start_page": 126, "end_page": 130, "all_detected_pages": [ 4, 126, 499 ] }, { "id": "2.2.1", "level": "L1", "severity": "Medium", "title": "Ensure emergency access account activity is monitored", "type": "Manual", "start_page": 131, "end_page": 135, "all_detected_pages": [ 4, 131, 499 ] }, { "id": "2.4.1", "level": "L1", "severity": "Medium", "title": "Ensure Priority account protection is enabled and configured", "type": "Automated", "start_page": 136, "end_page": 139, "all_detected_pages": [ 4, 136, 499 ] }, { "id": "2.4.2", "level": "L1", "severity": "Medium", "title": "Ensure Priority accounts have 'Strict protection' presets applied", "type": "Automated", "start_page": 140, "end_page": 142, "all_detected_pages": [ 4, 140, 499 ] }, { "id": "2.4.3", "level": "L2", "severity": "High", "title": "Ensure Microsoft Defender for Cloud Apps is enabled and configured", "type": "Manual", "start_page": 143, "end_page": 145, "all_detected_pages": [ 4, 143, 499 ] }, { "id": "2.4.4", "level": "L1", "severity": "Medium", "title": "Ensure Zero-hour auto purge for Microsoft Teams is on", "type": "Automated", "start_page": 146, "end_page": 149, "all_detected_pages": [ 4, 146, 499 ] }, { "id": "3.1.1", "level": "L1", "severity": "Medium", "title": "Ensure Microsoft 365 audit log search is Enabled", "type": "Automated", "start_page": 150, "end_page": 152, "all_detected_pages": [ 4, 150, 500 ] }, { "id": "3.2.1", "level": "L1", "severity": "Medium", "title": "Ensure DLP policies are enabled", "type": "Automated", "start_page": 153, "end_page": 154, "all_detected_pages": [ 4, 153, 500 ] }, { "id": "3.2.2", "level": "L1", "severity": "Medium", "title": "Ensure DLP policies are enabled for Microsoft Teams", "type": "Automated", "start_page": 155, "end_page": 158, "all_detected_pages": [ 4, 155, 500 ] }, { "id": "3.3.1", "level": "L1", "severity": "Medium", "title": "Ensure Information Protection sensitivity label policies are published", "type": "Automated", "start_page": 159, "end_page": 162, "all_detected_pages": [ 5, 159, 500 ] }, { "id": "4.1", "level": "L2", "severity": "High", "title": "Ensure devices without a compliance policy are marked 'not compliant'", "type": "Automated", "start_page": 163, "end_page": 165, "all_detected_pages": [ 5, 163, 500 ] }, { "id": "4.2", "level": "L2", "severity": "High", "title": "Ensure device enrollment for personally owned devices is blocked by default", "type": "Automated", "start_page": 166, "end_page": 171, "all_detected_pages": [ 5, 166, 500 ] }, { "id": "5.1.2.1", "level": "L1", "severity": "Medium", "title": "Ensure 'Per-user MFA' is disabled", "type": "Automated", "start_page": 172, "end_page": 173, "all_detected_pages": [ 5, 172, 500 ] }, { "id": "5.1.2.2", "level": "L2", "severity": "High", "title": "Ensure third party integrated applications are not allowed", "type": "Automated", "start_page": 174, "end_page": 175, "all_detected_pages": [ 5, 174, 500 ] }, { "id": "5.1.2.3", "level": "L1", "severity": "Medium", "title": "Ensure 'Restrict non-admin users from creating tenants' is set to 'Yes'", "type": "Automated", "start_page": 176, "end_page": 178, "all_detected_pages": [ 5, 176, 500 ] }, { "id": "5.1.2.4", "level": "L1", "severity": "Medium", "title": "Ensure access to the Entra admin center is restricted", "type": "Manual", "start_page": 179, "end_page": 180, "all_detected_pages": [ 5, 179, 501 ] }, { "id": "5.1.2.5", "level": "L2", "severity": "High", "title": "Ensure the option to remain signed in is hidden", "type": "Manual", "start_page": 181, "end_page": 182, "all_detected_pages": [ 5, 181, 501 ] }, { "id": "5.1.2.6", "level": "L2", "severity": "High", "title": "Ensure 'LinkedIn account connections' is disabled", "type": "Manual", "start_page": 183, "end_page": 185, "all_detected_pages": [ 5, 183, 501 ] }, { "id": "5.1.3.1", "level": "L1", "severity": "Medium", "title": "Ensure a dynamic group for guest users is created", "type": "Automated", "start_page": 186, "end_page": 188, "all_detected_pages": [ 5, 186, 501 ] }, { "id": "5.1.3.2", "level": "L1", "severity": "Medium", "title": "Ensure users cannot create security groups", "type": "Automated", "start_page": 189, "end_page": 192, "all_detected_pages": [ 5, 189, 501 ] }, { "id": "5.1.4.1", "level": "L2", "severity": "High", "title": "Ensure the ability to join devices to Entra is restricted", "type": "Automated", "start_page": 193, "end_page": 195, "all_detected_pages": [ 5, 193, 501 ] }, { "id": "5.1.4.2", "level": "L1", "severity": "Medium", "title": "Ensure the maximum number of devices per user is limited", "type": "Automated", "start_page": 196, "end_page": 198, "all_detected_pages": [ 5, 196, 501 ] }, { "id": "5.1.4.3", "level": "L1", "severity": "Medium", "title": "Ensure the GA role is not added as a local administrator during Entra join", "type": "Automated", "start_page": 199, "end_page": 201, "all_detected_pages": [ 5, 199, 501 ] }, { "id": "5.1.4.4", "level": "L1", "severity": "Medium", "title": "Ensure local administrator assignment is limited during Entra join", "type": "Automated", "start_page": 202, "end_page": 204, "all_detected_pages": [ 5, 202, 501 ] }, { "id": "5.1.4.5", "level": "L1", "severity": "Medium", "title": "Ensure Local Administrator Password Solution is enabled", "type": "Automated", "start_page": 205, "end_page": 207, "all_detected_pages": [ 5, 205, 501 ] }, { "id": "5.1.4.6", "level": "L2", "severity": "High", "title": "Ensure users are restricted from recovering BitLocker keys", "type": "Automated", "start_page": 208, "end_page": 211, "all_detected_pages": [ 5, 208, 501 ] }, { "id": "5.1.5.1", "level": "L2", "severity": "High", "title": "Ensure user consent to apps accessing company data on their behalf is not allowed", "type": "Automated", "start_page": 212, "end_page": 214, "all_detected_pages": [ 5, 212, 501 ] }, { "id": "5.1.5.2", "level": "L1", "severity": "Medium", "title": "Ensure the admin consent workflow is enabled", "type": "Automated", "start_page": 215, "end_page": 218, "all_detected_pages": [ 5, 215, 502 ] }, { "id": "5.1.6.1", "level": "L2", "severity": "High", "title": "Ensure that collaboration invitations are sent to allowed domains only", "type": "Automated", "start_page": 219, "end_page": 221, "all_detected_pages": [ 5, 219, 502 ] }, { "id": "5.1.6.2", "level": "L1", "severity": "Medium", "title": "Ensure that guest user access is restricted", "type": "Automated", "start_page": 222, "end_page": 225, "all_detected_pages": [ 5, 222, 502 ] }, { "id": "5.1.6.3", "level": "L2", "severity": "High", "title": "Ensure guest user invitations are limited to the Guest Inviter role", "type": "Automated", "start_page": 226, "end_page": 230, "all_detected_pages": [ 5, 226, 502 ] }, { "id": "5.1.8.1", "level": "L1", "severity": "Medium", "title": "Ensure that password hash sync is enabled for hybrid deployments", "type": "Manual", "start_page": 231, "end_page": 235, "all_detected_pages": [ 5, 231, 502 ] }, { "id": "5.2.2.1", "level": "L1", "severity": "Medium", "title": "Ensure multifactor authentication is enabled for all users in administrative roles", "type": "Automated", "start_page": 236, "end_page": 239, "all_detected_pages": [ 5, 236, 502 ] }, { "id": "5.2.2.2", "level": "L1", "severity": "Medium", "title": "Ensure multifactor authentication is enabled for all users", "type": "Automated", "start_page": 240, "end_page": 242, "all_detected_pages": [ 5, 240, 502 ] }, { "id": "5.2.2.3", "level": "L1", "severity": "Medium", "title": "Enable Conditional Access policies to block legacy authentication", "type": "Automated", "start_page": 243, "end_page": 245, "all_detected_pages": [ 5, 243, 502 ] }, { "id": "5.2.2.4", "level": "L1", "severity": "Medium", "title": "Ensure Sign-in frequency is enabled and browser sessions are not persistent for Administrative users", "type": "Automated", "start_page": 246, "end_page": 249, "all_detected_pages": [ 5, 246, 502 ] }, { "id": "5.2.2.5", "level": "L2", "severity": "High", "title": "Ensure 'Phishing-resistant MFA strength' is required for Administrators", "type": "Automated", "start_page": 250, "end_page": 253, "all_detected_pages": [ 5, 250, 502 ] }, { "id": "5.2.2.6", "level": "L1", "severity": "Medium", "title": "Enable Identity Protection user risk policies", "type": "Automated", "start_page": 254, "end_page": 256, "all_detected_pages": [ 5, 254, 503 ] }, { "id": "5.2.2.7", "level": "L1", "severity": "Medium", "title": "Enable Identity Protection sign-in risk policies", "type": "Automated", "start_page": 257, "end_page": 259, "all_detected_pages": [ 5, 257, 503 ] }, { "id": "5.2.2.8", "level": "L2", "severity": "High", "title": "Ensure 'sign-in risk' is blocked for medium and high risk", "type": "Automated", "start_page": 260, "end_page": 262, "all_detected_pages": [ 6, 260, 503 ] }, { "id": "5.2.2.9", "level": "L1", "severity": "Medium", "title": "Ensure a managed device is required for authentication", "type": "Automated", "start_page": 263, "end_page": 265, "all_detected_pages": [ 6, 263, 503 ] }, { "id": "5.2.2.10", "level": "L1", "severity": "Medium", "title": "Ensure a managed device is required to register security information", "type": "Automated", "start_page": 266, "end_page": 268, "all_detected_pages": [ 6, 266, 503 ] }, { "id": "5.2.2.11", "level": "L1", "severity": "Medium", "title": "Ensure sign-in frequency for Intune Enrollment is set to 'Every time'", "type": "Automated", "start_page": 269, "end_page": 271, "all_detected_pages": [ 6, 269, 503 ] }, { "id": "5.2.2.12", "level": "L1", "severity": "Medium", "title": "Ensure the device code sign-in flow is blocked", "type": "Automated", "start_page": 272, "end_page": 275, "all_detected_pages": [ 6, 272, 503 ] }, { "id": "5.2.3.1", "level": "L1", "severity": "Medium", "title": "Ensure Microsoft Authenticator is configured to protect against MFA fatigue", "type": "Automated", "start_page": 276, "end_page": 278, "all_detected_pages": [ 6, 276, 503 ] }, { "id": "5.2.3.2", "level": "L1", "severity": "Medium", "title": "Ensure custom banned passwords lists are used", "type": "Automated", "start_page": 279, "end_page": 281, "all_detected_pages": [ 6, 279, 503 ] }, { "id": "5.2.3.3", "level": "L1", "severity": "Medium", "title": "Ensure password protection is enabled for on-prem Active Directory", "type": "Automated", "start_page": 282, "end_page": 284, "all_detected_pages": [ 6, 282, 503 ] }, { "id": "5.2.3.4", "level": "L1", "severity": "Medium", "title": "Ensure all member users are 'MFA capable'", "type": "Automated", "start_page": 285, "end_page": 288, "all_detected_pages": [ 6, 285, 503 ] }, { "id": "5.2.3.5", "level": "L1", "severity": "Medium", "title": "Ensure weak authentication methods are disabled", "type": "Automated", "start_page": 289, "end_page": 291, "all_detected_pages": [ 6, 289, 503 ] }, { "id": "5.2.3.6", "level": "L1", "severity": "Medium", "title": "Ensure system-preferred multifactor authentication is enabled", "type": "Automated", "start_page": 292, "end_page": 294, "all_detected_pages": [ 6, 292, 503 ] }, { "id": "5.2.3.7", "level": "L2", "severity": "High", "title": "Ensure the email OTP authentication method is disabled", "type": "Automated", "start_page": 295, "end_page": 298, "all_detected_pages": [ 6, 295, 504 ] }, { "id": "5.2.4.1", "level": "L1", "severity": "Medium", "title": "Ensure 'Self service password reset enabled' is set to 'All'", "type": "Manual", "start_page": 299, "end_page": 301, "all_detected_pages": [ 6, 299, 504 ] }, { "id": "5.3.1", "level": "L2", "severity": "High", "title": "Ensure 'Privileged Identity Management' is used to manage roles", "type": "Automated", "start_page": 302, "end_page": 305, "all_detected_pages": [ 6, 302, 504 ] }, { "id": "5.3.2", "level": "L1", "severity": "Medium", "title": "Ensure 'Access reviews' for Guest Users are configured", "type": "Automated", "start_page": 306, "end_page": 310, "all_detected_pages": [ 6, 306, 504 ] }, { "id": "5.3.3", "level": "L1", "severity": "Medium", "title": "Ensure 'Access reviews' for privileged roles are configured", "type": "Automated", "start_page": 311, "end_page": 314, "all_detected_pages": [ 6, 311, 504 ] }, { "id": "5.3.4", "level": "L1", "severity": "Medium", "title": "Ensure approval is required for Global Administrator role activation", "type": "Automated", "start_page": 315, "end_page": 317, "all_detected_pages": [ 6, 315, 504 ] }, { "id": "5.3.5", "level": "L1", "severity": "Medium", "title": "Ensure approval is required for Privileged Role Administrator activation", "type": "Automated", "start_page": 318, "end_page": 322, "all_detected_pages": [ 6, 318, 504 ] }, { "id": "6.1.1", "level": "L1", "severity": "Medium", "title": "Ensure 'AuditDisabled' organizationally is set to 'False'", "type": "Automated", "start_page": 323, "end_page": 324, "all_detected_pages": [ 6, 323, 504 ] }, { "id": "6.1.2", "level": "L1", "severity": "Medium", "title": "Ensure mailbox audit actions are configured", "type": "Automated", "start_page": 325, "end_page": 331, "all_detected_pages": [ 6, 325, 504 ] }, { "id": "6.1.3", "level": "L1", "severity": "Medium", "title": "Ensure 'AuditBypassEnabled' is not enabled on mailboxes", "type": "Automated", "start_page": 332, "end_page": 335, "all_detected_pages": [ 6, 332, 504 ] }, { "id": "6.2.1", "level": "L1", "severity": "Medium", "title": "Ensure all forms of mail forwarding are blocked and/or disabled", "type": "Automated", "start_page": 336, "end_page": 340, "all_detected_pages": [ 6, 336, 504 ] }, { "id": "6.2.2", "level": "L1", "severity": "Medium", "title": "Ensure mail transport rules do not whitelist specific domains", "type": "Automated", "start_page": 341, "end_page": 342, "all_detected_pages": [ 6, 341, 505 ] }, { "id": "6.2.3", "level": "L1", "severity": "Medium", "title": "Ensure email from external senders is identified", "type": "Automated", "start_page": 343, "end_page": 345, "all_detected_pages": [ 6, 343, 505 ] }, { "id": "6.3.1", "level": "L2", "severity": "High", "title": "Ensure users installing Outlook add-ins is not allowed", "type": "Automated", "start_page": 346, "end_page": 351, "all_detected_pages": [ 6, 346, 505 ] }, { "id": "6.5.1", "level": "L1", "severity": "Medium", "title": "Ensure modern authentication for Exchange Online is enabled", "type": "Automated", "start_page": 352, "end_page": 354, "all_detected_pages": [ 6, 352, 505 ] }, { "id": "6.5.2", "level": "L1", "severity": "Medium", "title": "Ensure MailTips are enabled for end users", "type": "Automated", "start_page": 355, "end_page": 356, "all_detected_pages": [ 6, 355, 505 ] }, { "id": "6.5.3", "level": "L2", "severity": "High", "title": "Ensure additional storage providers are restricted in Outlook on the web", "type": "Automated", "start_page": 357, "end_page": 358, "all_detected_pages": [ 6, 357, 505 ] }, { "id": "6.5.4", "level": "L1", "severity": "Medium", "title": "Ensure SMTP AUTH is disabled", "type": "Automated", "start_page": 359, "end_page": 360, "all_detected_pages": [ 6, 359, 505 ] }, { "id": "6.5.5", "level": "L2", "severity": "High", "title": "Ensure Direct Send submissions are rejected", "type": "Automated", "start_page": 361, "end_page": 365, "all_detected_pages": [ 6, 361, 505 ] }, { "id": "7.2.1", "level": "L1", "severity": "Medium", "title": "Ensure modern authentication for SharePoint applications is required", "type": "Automated", "start_page": 366, "end_page": 368, "all_detected_pages": [ 6, 366, 505 ] }, { "id": "7.2.2", "level": "L1", "severity": "Medium", "title": "Ensure SharePoint and OneDrive integration with Azure AD B2B is enabled", "type": "Automated", "start_page": 369, "end_page": 370, "all_detected_pages": [ 6, 369, 505 ] }, { "id": "7.2.3", "level": "L1", "severity": "Medium", "title": "Ensure external content sharing is restricted", "type": "Automated", "start_page": 371, "end_page": 373, "all_detected_pages": [ 6, 371, 506 ] }, { "id": "7.2.4", "level": "L2", "severity": "High", "title": "Ensure OneDrive content sharing is restricted", "type": "Automated", "start_page": 374, "end_page": 376, "all_detected_pages": [ 6, 374, 506 ] }, { "id": "7.2.5", "level": "L2", "severity": "High", "title": "Ensure that SharePoint guest users cannot share items they don't own", "type": "Automated", "start_page": 377, "end_page": 378, "all_detected_pages": [ 7, 377, 506 ] }, { "id": "7.2.6", "level": "L2", "severity": "High", "title": "Ensure SharePoint external sharing is restricted", "type": "Automated", "start_page": 379, "end_page": 381, "all_detected_pages": [ 7, 379, 506 ] }, { "id": "7.2.7", "level": "L1", "severity": "Medium", "title": "Ensure link sharing is restricted in SharePoint and OneDrive", "type": "Automated", "start_page": 382, "end_page": 383, "all_detected_pages": [ 7, 382, 506 ] }, { "id": "7.2.8", "level": "L2", "severity": "High", "title": "Ensure external sharing is restricted by security group", "type": "Manual", "start_page": 384, "end_page": 385, "all_detected_pages": [ 7, 384, 506 ] }, { "id": "7.2.9", "level": "L1", "severity": "Medium", "title": "Ensure guest access to a site or OneDrive will expire automatically", "type": "Automated", "start_page": 386, "end_page": 388, "all_detected_pages": [ 7, 386, 506 ] }, { "id": "7.2.10", "level": "L1", "severity": "Medium", "title": "Ensure reauthentication with verification code is restricted", "type": "Automated", "start_page": 389, "end_page": 391, "all_detected_pages": [ 7, 389, 506 ] }, { "id": "7.2.11", "level": "L1", "severity": "Medium", "title": "Ensure the SharePoint default sharing link permission is set", "type": "Automated", "start_page": 392, "end_page": 394, "all_detected_pages": [ 7, 392, 506 ] }, { "id": "7.3.1", "level": "L2", "severity": "High", "title": "Ensure Office 365 SharePoint infected files are disallowed for download", "type": "Automated", "start_page": 395, "end_page": 396, "all_detected_pages": [ 7, 395, 506 ] }, { "id": "7.3.2", "level": "L2", "severity": "High", "title": "Ensure OneDrive sync is restricted for unmanaged devices", "type": "Automated", "start_page": 397, "end_page": 401, "all_detected_pages": [ 7, 397, 506 ] }, { "id": "8.1.1", "level": "L2", "severity": "High", "title": "Ensure external file sharing in Teams is enabled for only approved cloud storage services", "type": "Automated", "start_page": 402, "end_page": 405, "all_detected_pages": [ 7, 402, 506 ] }, { "id": "8.1.2", "level": "L1", "severity": "Medium", "title": "Ensure users can't send emails to a channel email address", "type": "Automated", "start_page": 406, "end_page": 409, "all_detected_pages": [ 7, 406, 507 ] }, { "id": "8.2.1", "level": "L2", "severity": "High", "title": "Ensure external domains are restricted in the Teams admin center", "type": "Automated", "start_page": 410, "end_page": 413, "all_detected_pages": [ 7, 410, 507 ] }, { "id": "8.2.2", "level": "L1", "severity": "Medium", "title": "Ensure communication with unmanaged Teams users is disabled", "type": "Automated", "start_page": 414, "end_page": 416, "all_detected_pages": [ 7, 414, 507 ] }, { "id": "8.2.3", "level": "L1", "severity": "Medium", "title": "Ensure external Teams users cannot initiate conversations", "type": "Automated", "start_page": 417, "end_page": 420, "all_detected_pages": [ 7, 417, 507 ] }, { "id": "8.2.4", "level": "L1", "severity": "Medium", "title": "Ensure the organization cannot communicate with accounts in trial Teams tenants", "type": "Automated", "start_page": 421, "end_page": 425, "all_detected_pages": [ 7, 421, 507 ] }, { "id": "8.4.1", "level": "L1", "severity": "Medium", "title": "Ensure app permission policies are configured", "type": "Manual", "start_page": 426, "end_page": 428, "all_detected_pages": [ 7, 426, 507 ] }, { "id": "8.5.1", "level": "L2", "severity": "High", "title": "Ensure anonymous users can't join a meeting", "type": "Automated", "start_page": 429, "end_page": 431, "all_detected_pages": [ 7, 429, 507 ] }, { "id": "8.5.2", "level": "L1", "severity": "Medium", "title": "Ensure anonymous users and dial-in callers can't start a meeting", "type": "Automated", "start_page": 432, "end_page": 434, "all_detected_pages": [ 7, 432, 507 ] }, { "id": "8.5.3", "level": "L1", "severity": "Medium", "title": "Ensure only people in my org can bypass the lobby", "type": "Automated", "start_page": 435, "end_page": 437, "all_detected_pages": [ 7, 435, 507 ] }, { "id": "8.5.4", "level": "L1", "severity": "Medium", "title": "Ensure users dialing in can't bypass the lobby", "type": "Automated", "start_page": 438, "end_page": 439, "all_detected_pages": [ 7, 438, 507 ] }, { "id": "8.5.5", "level": "L2", "severity": "High", "title": "Ensure meeting chat does not allow anonymous users", "type": "Automated", "start_page": 440, "end_page": 441, "all_detected_pages": [ 7, 440, 507 ] }, { "id": "8.5.6", "level": "L2", "severity": "High", "title": "Ensure only organizers and co-organizers can present", "type": "Automated", "start_page": 442, "end_page": 443, "all_detected_pages": [ 7, 442, 508 ] }, { "id": "8.5.7", "level": "L1", "severity": "Medium", "title": "Ensure external participants can't give or request control", "type": "Automated", "start_page": 444, "end_page": 446, "all_detected_pages": [ 7, 444, 508 ] }, { "id": "8.5.8", "level": "L2", "severity": "High", "title": "Ensure external meeting chat is off", "type": "Automated", "start_page": 447, "end_page": 448, "all_detected_pages": [ 7, 447, 508 ] }, { "id": "8.5.9", "level": "L2", "severity": "High", "title": "Ensure meeting recording is off by default", "type": "Automated", "start_page": 449, "end_page": 451, "all_detected_pages": [ 7, 449, 508 ] }, { "id": "8.6.1", "level": "L1", "severity": "Medium", "title": "Ensure users can report security concerns in Teams", "type": "Automated", "start_page": 452, "end_page": 461, "all_detected_pages": [ 7, 452, 508 ] }, { "id": "9.1.1", "level": "L1", "severity": "Medium", "title": "Ensure guest user access is restricted", "type": "Automated", "start_page": 462, "end_page": 464, "all_detected_pages": [ 7, 462, 508 ] }, { "id": "9.1.2", "level": "L1", "severity": "Medium", "title": "Ensure external user invitations are restricted", "type": "Automated", "start_page": 465, "end_page": 467, "all_detected_pages": [ 7, 465, 508 ] }, { "id": "9.1.3", "level": "L1", "severity": "Medium", "title": "Ensure guest access to content is restricted", "type": "Automated", "start_page": 468, "end_page": 470, "all_detected_pages": [ 7, 468, 508 ] }, { "id": "9.1.4", "level": "L1", "severity": "Medium", "title": "Ensure 'Publish to web' is restricted", "type": "Automated", "start_page": 471, "end_page": 473, "all_detected_pages": [ 7, 471, 508 ] }, { "id": "9.1.5", "level": "L2", "severity": "High", "title": "Ensure 'Interact with and share R and Python' visuals is 'Disabled'", "type": "Automated", "start_page": 474, "end_page": 475, "all_detected_pages": [ 7, 474, 508 ] }, { "id": "9.1.6", "level": "L1", "severity": "Medium", "title": "Ensure 'Allow users to apply sensitivity labels for content' is 'Enabled'", "type": "Automated", "start_page": 476, "end_page": 478, "all_detected_pages": [ 7, 476, 508 ] }, { "id": "9.1.7", "level": "L1", "severity": "Medium", "title": "Ensure shareable links are restricted", "type": "Automated", "start_page": 479, "end_page": 481, "all_detected_pages": [ 7, 479, 508 ] }, { "id": "9.1.8", "level": "L1", "severity": "Medium", "title": "Ensure enabling of external data sharing is restricted", "type": "Automated", "start_page": 482, "end_page": 484, "all_detected_pages": [ 7, 482, 508 ] }, { "id": "9.1.9", "level": "L1", "severity": "Medium", "title": "Ensure 'Block ResourceKey Authentication' is 'Enabled'", "type": "Automated", "start_page": 485, "end_page": 487, "all_detected_pages": [ 7, 485, 509 ] }, { "id": "9.1.10", "level": "L1", "severity": "Medium", "title": "Ensure access to APIs by service principals is restricted", "type": "Automated", "start_page": 488, "end_page": 490, "all_detected_pages": [ 7, 488, 509 ] }, { "id": "9.1.11", "level": "L1", "severity": "Medium", "title": "Ensure service principals cannot create and use profiles", "type": "Automated", "start_page": 491, "end_page": 493, "all_detected_pages": [ 7, 491, 509 ] }, { "id": "9.1.12", "level": "L1", "severity": "Medium", "title": "Ensure service principals ability to create workspaces, connections and deployment pipelines is restricted", "type": "Automated", "start_page": 494, "end_page": 515, "all_detected_pages": [ 7, 494, 509 ] } ] } |