CIS Microsoft 365 Foundations E3 L1 v2.0.0

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS Microsoft 365 Foundations E3 L1 v2.0.0

Updated: 12/4/2023

Authority: CIS

Plugin: microsoft_azure

Revision: 1.1

Estimated Item Count: 45

Audit Items

DescriptionCategories
1.1.1 Ensure Security Defaults is disabled on Azure Active Directory
1.1.2 Ensure multifactor authentication is enabled for all users in administrative roles
1.1.3 Ensure Sign-in frequency is enabled and browser sessions are not persistent for Administrative users
1.1.4 Ensure multifactor authentication is enabled for all users
1.1.5 Ensure Microsoft Authenticator is configured to protect against MFA fatigue
1.1.7 Ensure that between two and four global admins are designated
1.1.8 Ensure 'Self service password reset enabled' is set to 'All'

AWARENESS AND TRAINING

1.1.9 Ensure custom banned passwords lists are used
1.1.10 Ensure password protection is enabled for on-prem Active Directory
1.1.11 Enable Conditional Access policies to block legacy authentication
1.1.12 Ensure that password hash sync is enabled for hybrid deployments
1.1.20 Ensure 'Restrict access to the Azure AD administration portal' is set to 'Yes'
1.1.21 Ensure 'Microsoft Azure Management' is limited to administrative roles

ACCESS CONTROL

1.1.22 Ensure 'Restrict non-admin users from creating tenants' is set to 'Yes'

ACCESS CONTROL

1.2 Ensure modern authentication for Exchange Online is enabled
1.3 Ensure modern authentication for SharePoint applications is required
1.4 Ensure the 'Password expiration policy' is set to 'Set passwords to never expire (recommended)'
1.5 Ensure Administrative accounts are separate and cloud-only
1.6 Ensure two emergency access accounts have been defined
1.7 Ensure 'Idle session timeout' is set to '1 hour (or less)' for unmanaged devices
2.1 Ensure the admin consent workflow is enabled
2.9 Ensure 'User owned apps and services' is restricted
2.10 Ensure internal phishing protection for Forms is enabled
2.11 Ensure that Sways cannot be shared with people outside of your organization
2.12 Ensure SharePoint and OneDrive integration with Azure AD B2B is enabled

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION

3.4 Ensure DLP policies are enabled
4.1 Ensure the Common Attachment Types Filter is enabled
4.2 Ensure Exchange Online Spam Policies are set to notify administrators
4.3 Ensure all forms of mail forwarding are blocked and/or disabled

CONFIGURATION MANAGEMENT

4.4 Ensure mail transport rules do not whitelist specific domains
4.7 Ensure that DKIM is enabled for all Exchange Online Domains
4.8 Ensure that SPF records are published for all Exchange Domains
4.9 Ensure DMARC Records for all Exchange Online domains are published
4.10 Ensure notifications for internal users sending malware is Enabled
5.2 Ensure Microsoft 365 audit log search is Enabled
5.3 Ensure mailbox auditing for all users is Enabled
5.6 Ensure the self-service password reset activity report is reviewed at least weekly
5.7 Ensure user role group changes are reviewed at least weekly
5.8 Ensure mail forwarding rules are reviewed at least weekly
5.9 Ensure all security threats in the Threat protection status report are reviewed at least weekly
5.10 Ensure the Account Provisioning Activity report is reviewed at least weekly
5.11 Ensure non-global administrator role group assignments are reviewed at least weekly
5.14 Ensure the 'Restricted entities' report is reviewed weekly
5.15 Ensure Guest Users are reviewed at least biweekly
6.3 Ensure expiration time for external sharing links is set