Detections
Analytics

CIS Microsoft 365 Foundations v4.0.0 L2 E5

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS Microsoft 365 Foundations v4.0.0 L2 E5

Updated: 7/8/2025

Authority: CIS

Plugin: microsoft_azure

Revision: 1.1

Estimated Item Count: 37

File Details

Filename: CIS_Microsoft_365_Foundations_v4.0.0_L2_E5.audit

Size: 100 kB

MD5: 463a1ac11d8db169c6cb44a9f4014da4
SHA256: 47fec24f164f1d54547e637da2742dabf3f521c8425e16e862a6c0c7349ea66e

Audit Items

DescriptionCategories
1.2.1 (L2) Ensure that only organizationally managed/approved public groups exist
1.3.3 (L2) Ensure 'External sharing' of calendars is not available
1.3.6 (L2) Ensure the customer lockbox feature is enabled
1.3.7 (L2) Ensure 'third-party storage services' are restricted in 'Microsoft 365 on the web'
1.3.8 (L2) Ensure that Sways cannot be shared with people outside of your organization
2.1.1 (L2) Ensure Safe Links for Office Applications is Enabled
2.1.4 (L2) Ensure Safe Attachments policy is enabled
2.1.5 (L2) Ensure Safe Attachments for SharePoint, OneDrive, and Microsoft Teams is Enabled
2.1.7 (L2) Ensure that an anti-phishing policy has been created
2.1.11 (L2) Ensure comprehensive attachment filtering is applied
2.4.3 (L2) Ensure Microsoft Defender for Cloud Apps is enabled and configured
5.1.2.2 (L2) Ensure third party integrated applications are not allowed
5.1.2.5 (L2) Ensure the option to remain signed in is hidden
5.1.2.6 (L2) Ensure 'LinkedIn account connections' is disabled
5.1.5.1 (L2) Ensure user consent to apps accessing company data on their behalf is not allowed
5.1.6.1 (L2) Ensure that collaboration invitations are sent to allowed domains only
5.1.6.3 (L2) Ensure guest user invitations are limited to the Guest Inviter role
5.2.2.5 (L2) Ensure 'Phishing-resistant MFA strength' is required for Administrators
5.2.2.8 (L2) Ensure admin center access is limited to administrative roles
5.2.2.9 (L2) Ensure 'sign-in risk' is blocked for medium and high risk
5.3.1 (L2) Ensure 'Privileged Identity Management' is used to manage roles
6.3.1 (L2) Ensure users installing Outlook add-ins is not allowed
6.5.3 (L2) Ensure additional storage providers are restricted in Outlook on the web
7.2.4 (L2) Ensure OneDrive content sharing is restricted
7.2.5 (L2) Ensure that SharePoint guest users cannot share items they don't own
7.2.6 (L2) Ensure SharePoint external sharing is managed through domain whitelist/blacklists
7.2.8 (L2) Ensure external sharing is restricted by security group
7.3.1 (L2) Ensure Office 365 SharePoint infected files are disallowed for download
7.3.2 (L2) Ensure OneDrive sync is restricted for unmanaged devices
8.1.1 (L2) Ensure external file sharing in Teams is enabled for only approved cloud storage services
8.2.1 (L2) Ensure external domains are restricted in the Teams admin center
8.5.1 (L2) Ensure anonymous users can't join a meeting
8.5.5 (L2) Ensure meeting chat does not allow anonymous users
8.5.6 (L2) Ensure only organizers and co-organizers can present
8.5.8 (L2) Ensure external meeting chat is off
8.5.9 (L2) Ensure meeting recording is off by default
9.1.5 (L2) Ensure 'Interact with and share R and Python' visuals is 'Disabled'