CIS Microsoft 365 Foundations v5.0.0 L2 E5

Audit Details

Name: CIS Microsoft 365 Foundations v5.0.0 L2 E5

Updated: 7/8/2025

Authority: CIS

Plugin: microsoft_azure

Revision: 1.0

Estimated Item Count: 39

File Details

Filename: CIS_Microsoft_365_Foundations_v5.0.0_L2_E5.audit

Size: 140 kB

MD5: fb4554732f85bce19434aeec033319dd
SHA256: 88448aaa6922c0b14a3310250fff85c2fa8d34c9f05fe36581c21fe47d1c0f35

Audit Items

DescriptionCategories
1.2.1 (L2) Ensure that only organizationally managed/approved public groups exist

ACCESS CONTROL, MEDIA PROTECTION

1.3.2 (L2) Ensure 'Idle session timeout' is set to '3 hours (or less)' for unmanaged devices

ACCESS CONTROL

1.3.3 (L2) Ensure 'External sharing' of calendars is not available

CONFIGURATION MANAGEMENT

1.3.6 (L2) Ensure the customer lockbox feature is enabled

CONFIGURATION MANAGEMENT

1.3.7 (L2) Ensure 'third-party storage services' are restricted in 'Microsoft 365 on the web'

ACCESS CONTROL, MEDIA PROTECTION

1.3.8 (L2) Ensure that Sways cannot be shared with people outside of your organization

CONFIGURATION MANAGEMENT

2.1.1 (L2) Ensure Safe Links for Office Applications is Enabled

SYSTEM AND INFORMATION INTEGRITY

2.1.4 (L2) Ensure Safe Attachments policy is enabled

SYSTEM AND INFORMATION INTEGRITY

2.1.5 (L2) Ensure Safe Attachments for SharePoint, OneDrive, and Microsoft Teams is Enabled

SYSTEM AND INFORMATION INTEGRITY

2.1.7 (L2) Ensure that an anti-phishing policy has been created

SYSTEM AND INFORMATION INTEGRITY

2.1.11 (L2) Ensure comprehensive attachment filtering is applied

SYSTEM AND INFORMATION INTEGRITY

2.4.3 (L2) Ensure Microsoft Defender for Cloud Apps is enabled and configured

SYSTEM AND INFORMATION INTEGRITY

4.1 (L2) Ensure devices without a compliance policy are marked 'not compliant'

CONFIGURATION MANAGEMENT

4.2 (L2) Ensure device enrollment for personally owned devices is blocked by default

ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

5.1.2.2 (L2) Ensure third party integrated applications are not allowed

CONFIGURATION MANAGEMENT

5.1.2.5 (L2) Ensure the option to remain signed in is hidden

ACCESS CONTROL

5.1.2.6 (L2) Ensure 'LinkedIn account connections' is disabled

CONFIGURATION MANAGEMENT

5.1.5.1 (L2) Ensure user consent to apps accessing company data on their behalf is not allowed

ACCESS CONTROL, MEDIA PROTECTION

5.1.6.1 (L2) Ensure that collaboration invitations are sent to allowed domains only

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION

5.1.6.3 (L2) Ensure guest user invitations are limited to the Guest Inviter role

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION

5.2.2.5 (L2) Ensure 'Phishing-resistant MFA strength' is required for Administrators

IDENTIFICATION AND AUTHENTICATION

5.2.2.8 (L2) Ensure 'sign-in risk' is blocked for medium and high risk

SYSTEM AND INFORMATION INTEGRITY

5.3.1 (L2) Ensure 'Privileged Identity Management' is used to manage roles

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION

6.3.1 (L2) Ensure users installing Outlook add-ins is not allowed

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

6.5.3 (L2) Ensure additional storage providers are restricted in Outlook on the web

ACCESS CONTROL, MEDIA PROTECTION

7.2.4 (L2) Ensure OneDrive content sharing is restricted

ACCESS CONTROL, MEDIA PROTECTION

7.2.5 (L2) Ensure that SharePoint guest users cannot share items they don't own

ACCESS CONTROL, MEDIA PROTECTION

7.2.6 (L2) Ensure SharePoint external sharing is managed through domain whitelist/blacklists

ACCESS CONTROL, MEDIA PROTECTION

7.2.8 (L2) Ensure external sharing is restricted by security group

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

7.3.1 (L2) Ensure Office 365 SharePoint infected files are disallowed for download

SYSTEM AND INFORMATION INTEGRITY

7.3.2 (L2) Ensure OneDrive sync is restricted for unmanaged devices

CONFIGURATION MANAGEMENT

8.1.1 (L2) Ensure external file sharing in Teams is enabled for only approved cloud storage services

ACCESS CONTROL, MEDIA PROTECTION

8.2.1 (L2) Ensure external domains are restricted in the Teams admin center

CONFIGURATION MANAGEMENT

8.5.1 (L2) Ensure anonymous users can't join a meeting

ACCESS CONTROL

8.5.5 (L2) Ensure meeting chat does not allow anonymous users

ACCESS CONTROL

8.5.6 (L2) Ensure only organizers and co-organizers can present

ACCESS CONTROL

8.5.8 (L2) Ensure external meeting chat is off

PLANNING, SYSTEM AND SERVICES ACQUISITION

8.5.9 (L2) Ensure meeting recording is off by default

PLANNING, SYSTEM AND SERVICES ACQUISITION

9.1.5 (L2) Ensure 'Interact with and share R and Python' visuals is 'Disabled'

CONFIGURATION MANAGEMENT