MS.DEFENDER.1.5v1 - Sensitive accounts SHALL be added to Defender for Office 365 protection in the strict preset security policy.

Information

Unauthorized access to a sensitive account may result in greater harm than to a standard user account. Adding sensitive accounts to the strict preset security policy, with its increased protections, better mitigates their elevated risk.

Solution

1. Sign in to Microsoft 365 Defender.
2. In the left-hand menu, go to Email & Collaboration > Policies & Rules.
3. Select Threat Policies.
4. From the Templated policies section, select Preset Security Policies.
5. Under Strict protection, select Manage protection settings.
6. Select Next until you reach the Apply Defender for Office 365 protection page.
7. On the Apply Defender for Office 365 protection page, select Specific recipients or Previously selected recipients if sensitive accounts were already set on the EOP page.
8. If adding sensitive accounts separately via Specific recipients, add all sensitive accounts via the User and Group boxes using the names of mailboxes, users, contacts, M365 groups, and distribution groups.
9. (Optional) Under Exclude these recipients, add Users and Groups to be exempted from the preset policies.
10. Select Next on each page until the Review and confirm your changes page.
11. On the Review and confirm your changes page, select Confirm.

See Also

https://github.com/cisagov/ScubaGear/tree/v1.5.0/

Item Details

Category: ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

References: 800-53|AC-4, 800-53|CA-7, 800-53|CM-2, 800-53|CM-6, 800-53|IA-9, 800-53|SC-7, 800-53|SC-20, 800-53|SC-44, 800-53|SI-3, 800-53|SI-4, 800-53|SI-8

Plugin: microsoft_azure

Control ID: b869a771e3b607213c8039eb564dc9eb056a5a0499faa62ac9d4f3805ea2dd94