CIS Microsoft 365 Foundations E3 L1 v1.3.0

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS Microsoft 365 Foundations E3 L1 v1.3.0

Updated: 8/11/2022

Authority: Cloud Services

Plugin: microsoft_azure

Revision: 1.3

Estimated Item Count: 48

Audit Items

DescriptionCategories
1.1.1 Ensure multifactor authentication is enabled for all users in administrative roles
1.1.3 Ensure that between two and four global admins are designated
1.1.4 Ensure self-service password reset is enabled
1.1.5 Ensure that password protection is enabled for Active Directory
1.1.6 Enable Conditional Access policies to block legacy authentication
1.1.7 Ensure that password hash sync is enabled for resiliency and leaked credential detection
1.1.12 Ensure Security Defaults is disabled on Azure Active Directory
1.2 Ensure modern authentication for Exchange Online is enabled
1.3 Ensure modern authentication for Skype for Business Online is enabled
1.4 Ensure modern authentication for SharePoint applications is required
1.5 Ensure that Office 365 Passwords Are Not Set to Expire
2.9 - Ensure users installing Word, Excel, and PowerPoint add-ins is not allowed
2.10 Ensure internal phishing protection for Forms is enabled
2.11 Ensure that Sways cannot be shared with people outside of your organization
3.4 Ensure DLP policies are enabled
3.8 Ensure that Microsoft Teams is using OneDrive for Business and SharePoint for meeting recordings
4.1 Ensure the Common Attachment Types Filter is enabled
4.2 Ensure Exchange Online Spam Policies are set correctly
4.3 Ensure mail transport rules do not forward email to external domains
4.5 Ensure mail transport rules do not whitelist specific domains
4.11 Ensure that DKIM is enabled for all Exchange Online Domains
4.12 Ensure that SPF records are published for all Exchange Domains
4.13 Ensure DMARC Records for all Exchange Online domains are published
4.14 Ensure notifications for internal users sending malware is Enabled
5.1 Ensure Microsoft 365 audit log search is Enabled
5.2 Ensure mailbox auditing for all users is Enabled
5.3 Ensure the Azure AD 'Risky sign-ins' report is reviewed at least weekly
5.5 Ensure the self-service password reset activity report is reviewed at least weekly
5.6 Ensure user role group changes are reviewed at least weekly
5.7 Ensure mail forwarding rules are reviewed at least weekly
5.8 Ensure the Mailbox Access by Non-Owners Report is reviewed at least biweekly
5.9 Ensure the Malware Detections report is reviewed at least weekly
5.10 Ensure the Account Provisioning Activity report is reviewed at least weekly
5.11 Ensure non-global administrator role group assignments are reviewed at least weekly
5.14 Ensure the report of users who have had their email privileges restricted due to spamming is reviewed
5.15 Ensure Guest Users are reviewed at least biweekly
6.3 Ensure expiration time for external sharing links is set
7.1 Ensure mobile device management polices are set to require advanced security configurations to protect from basic internet attacks
7.2 Ensure that mobile device password reuse is prohibited
7.3 Ensure that mobile devices are set to never expire passwords
7.4 Ensure that users cannot connect from devices that are jail broken or rooted
7.6 Ensure that mobile devices require a complex password to prevent brute force attacks
7.7 Ensure that settings are enable to lock devices after a period of inactivity to prevent unauthorized access
7.8 Ensure that mobile device encryption is enabled to prevent unauthorized access to mobile data
7.9 Ensure that mobile devices require complex passwords (Type = Alphanumeric)
7.10 Ensure that mobile devices require complex passwords (Simple Passwords = Blocked)
7.11 Ensure that devices connecting have AV and a local firewall enabled
7.13 Ensure mobile devices require the use of a password