MS.DEFENDER.1.4v1 - Sensitive accounts SHALL be added to Exchange Online Protection in the strict preset security policy.

Information

Unauthorized access to a sensitive account may result in greater harm than a standard user account. Adding sensitive accounts to the strict preset security policy, with its increased protections, better mitigates their elevated risk to email threats.

Solution

1. Sign in to Microsoft 365 Defender.
2. In the left-hand menu, go to Email & Collaboration > Policies & Rules.
3. Select Threat Policies.
4. From the Templated policies section, select Preset Security Policies.
5. Under Strict protection, select Manage protection settings.
6. On the Apply Exchange Online Protection page, select Specific recipients.
7. Add all sensitive accounts via the User and Group boxes using the names of mailboxes, users, contacts, M365 groups, and distribution groups.
8. Select Next on each page until the Review and confirm your changes page.
9. On the Review and confirm your changes page, select Confirm.

See Also

https://github.com/cisagov/ScubaGear/tree/v1.5.0/

Item Details

Category: ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

References: 800-53|AC-4, 800-53|CA-7, 800-53|CM-2, 800-53|CM-6, 800-53|IA-9, 800-53|SC-7, 800-53|SC-20, 800-53|SC-44, 800-53|SI-3, 800-53|SI-4, 800-53|SI-8

Plugin: microsoft_azure

Control ID: 0a8bde02692f7d9833fe5033d5696c5917e74720e226063ac3a325668c9ddbd2