rules/findings/EntraID/SecurityDefaults/CIS3.0/entra-security-defaults-disabled.json
|
{
"args": [ ], "provider": "EntraID", "serviceType": "General", "serviceName": "Microsoft Entra ID", "displayName": "Ensure Security Defaults is enabled on Microsoft Entra ID", "description": " #### IMPORTANT - Please read the section overview If your organization pays for Microsoft Entra ID licensing (included in Microsoft 365 E3, E5, or F5, and EM&S E3 or E5 licenses) and CAN use Conditional Access, ignore the recommendations in this section and proceed to the Conditional Access section. <br/> Security defaults in Microsoft Entra ID make it easier to be secure and help protect your organization. Security defaults contain preconfigured security settings for common attacks. <br/> Security defaults is available to everyone. The goal is to ensure that all organizations have a basic level of security enabled at no extra cost. You may turn on security defaults in the Azure portal.", "rationale": "Security defaults provide secure default settings that we manage on behalf of organizations to keep customers safe until they are ready to manage their own identity security settings. <br/> For example, doing the following: <br/> * Requiring all users and admins to register for MFA. <br/> * Challenging users with MFA - when necessary, based on factors such as location, device, role, and task. <br/> * Disabling authentication from legacy authentication clients, which can’t do MFA.", "impact": "This recommendation should be implemented initially and then may be overridden by other service/product specific CIS Benchmarks. Administrators should also be aware that certain configurations in Microsoft Entra ID may impact other Microsoft services such as Microsoft 365.", "remediation": { "text": "###### From Azure Portal <br/> To enable security defaults in your directory: <br/> 1. From Azure Home select the Portal Menu. <br/> 2. Browse to `Microsoft Entra ID` > Properties <br/> 3. Select `Manage security defaults` <br/> 4. Under `Security defaults`, select `Enabled (recommended)`. <br/> 5. Select `Save`", "code": { "powerShell": null, "iac": null, "terraform": null, "other": null } }, "recommendation": null, "references": [ "https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/users-default-permissions", "http://www.rebeladmin.com/2019/04/step-step-guide-restrict-azure-ad-administration-portal/", "https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/concept-fundamentals-security-defaults", "https://techcommunity.microsoft.com/t5/azure-active-directory-identity/introducing-security-defaults/ba-p/1061414" ], "compliance": [ { "name": "CIS Microsoft 365 Foundations", "version": "3.0.0", "reference": "2.1.1", "Profile": "Level 1" } ], "level": "medium", "tags": [ ], "rule": { "path": "aad_security_default_status", "subPath": null, "selectCondition": { }, "query": [ { "filter": [ { "conditions": [ [ "securityDefaultsEnabled", "eq", "False" ] ] } ] } ], "shouldExist": null, "returnObject": null, "removeIfNotExists": null }, "output": { "html": { "data": { "properties": { }, "expandObject": null }, "table": null, "decorate": [ ], "emphasis": [ ], "actions": { "objectData": { "properties": [ "*" ], "expandObject": null, "limit": null }, "showGoToButton": false, "showModalButton": false, "directLink": null } }, "text": { "data": { "properties": { }, "expandObject": null }, "status": { "keyName": [ ], "message": "Security Defaults is disabled", "defaultMessage": null }, "properties": { "resourceName": null, "resourceId": null, "resourceType": null }, "onlyStatus": false } }, "idSuffix": "aad_sbd_disabled", "notes": [ ], "categories": [ ] } |