| 1.2.1 Ensure that only organizationally managed/approved public groups exist | ACCESS CONTROL, MEDIA PROTECTION |
| 1.3.3 Ensure 'External sharing' of calendars is not available | CONFIGURATION MANAGEMENT |
| 1.3.7 Ensure 'third-party storage services' are restricted in 'Microsoft 365 on the web' | ACCESS CONTROL, MEDIA PROTECTION |
| 1.3.8 Ensure that Sways cannot be shared with people outside of your organization | CONFIGURATION MANAGEMENT |
| 2.1.14 Ensure comprehensive attachment filtering is applied | SYSTEM AND INFORMATION INTEGRITY |
| 5.1.2.2 Ensure third party integrated applications are not allowed | CONFIGURATION MANAGEMENT |
| 5.1.2.5 Ensure the option to remain signed in is hidden | CONFIGURATION MANAGEMENT |
| 5.1.2.6 Ensure 'LinkedIn account connections' is disabled | CONFIGURATION MANAGEMENT |
| 5.1.5.2 Ensure user consent to apps accessing company data on their behalf is not allowed | ACCESS CONTROL, MEDIA PROTECTION |
| 5.1.6.1 Ensure that collaboration invitations are sent to allowed domains only | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 5.2.2.5 Ensure 'Phishing-resistant MFA strength' is required for Administrators | IDENTIFICATION AND AUTHENTICATION |
| 6.3.1 Ensure users installing Outlook add-ins is not allowed | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.5.3 Ensure additional storage providers are restricted in Outlook on the web | ACCESS CONTROL, MEDIA PROTECTION |
| 7.2.4 Ensure OneDrive content sharing is restricted | ACCESS CONTROL, MEDIA PROTECTION |
| 7.2.5 Ensure that SharePoint guest users cannot share items they don't own | ACCESS CONTROL, MEDIA PROTECTION |
| 7.2.6 Ensure SharePoint external sharing is managed through domain whitelist/blacklists | ACCESS CONTROL, MEDIA PROTECTION |
| 7.2.8 Ensure external sharing is restricted by security group | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 7.3.2 Ensure OneDrive sync is restricted for unmanaged devices | CONFIGURATION MANAGEMENT |
| 8.1.1 Ensure external file sharing in Teams is enabled for only approved cloud storage services | ACCESS CONTROL, MEDIA PROTECTION |
| 8.5.1 Ensure anonymous users can't join a meeting | ACCESS CONTROL |
| 8.5.5 Ensure meeting chat does not allow anonymous users | ACCESS CONTROL |
| 8.5.6 Ensure only organizers and co-organizers can present | ACCESS CONTROL |
| 8.5.8 Ensure external meeting chat is off | PLANNING, SYSTEM AND SERVICES ACQUISITION |
| 9.1.5 Ensure 'Interact with and share R and Python' visuals is 'Disabled' | CONFIGURATION MANAGEMENT |
