Nov 24, 2025 Informational Update- 1.2.1 (L2) Ensure that only organizationally managed/approved public groups exist
- 1.3.2 (L2) Ensure 'Idle session timeout' is set to '3 hours (or less)' for unmanaged devices
- 1.3.3 (L2) Ensure 'External sharing' of calendars is not available
- 1.3.6 (L2) Ensure the customer lockbox feature is enabled
- 1.3.8 (L2) Ensure that Sways cannot be shared with people outside of your organization
- 2.1.1 (L2) Ensure Safe Links for Office Applications is Enabled
- 2.1.11 (L2) Ensure comprehensive attachment filtering is applied
- 2.1.4 (L2) Ensure Safe Attachments policy is enabled
- 2.1.5 (L2) Ensure Safe Attachments for SharePoint, OneDrive, and Microsoft Teams is Enabled
- 2.1.7 (L2) Ensure that an anti-phishing policy has been created
- 2.4.3 (L2) Ensure Microsoft Defender for Cloud Apps is enabled and configured
- 4.1 (L2) Ensure devices without a compliance policy are marked 'not compliant'
- 4.2 (L2) Ensure device enrollment for personally owned devices is blocked by default
- 5.1.2.2 (L2) Ensure third party integrated applications are not allowed
- 5.1.2.5 (L2) Ensure the option to remain signed in is hidden
- 5.1.2.6 (L2) Ensure 'LinkedIn account connections' is disabled
- 5.1.5.1 (L2) Ensure user consent to apps accessing company data on their behalf is not allowed
- 5.1.6.1 (L2) Ensure that collaboration invitations are sent to allowed domains only
- 5.1.6.3 (L2) Ensure guest user invitations are limited to the Guest Inviter role
- 5.2.2.5 (L2) Ensure 'Phishing-resistant MFA strength' is required for Administrators
- 5.2.2.8 (L2) Ensure 'sign-in risk' is blocked for medium and high risk
- 5.3.1 (L2) Ensure 'Privileged Identity Management' is used to manage roles
- 6.3.1 (L2) Ensure users installing Outlook add-ins is not allowed
- 6.5.3 (L2) Ensure additional storage providers are restricted in Outlook on the web
- 7.2.4 (L2) Ensure OneDrive content sharing is restricted
- 7.2.5 (L2) Ensure that SharePoint guest users cannot share items they don't own
- 7.2.6 (L2) Ensure SharePoint external sharing is managed through domain whitelist/blacklists
- 7.2.8 (L2) Ensure external sharing is restricted by security group
- 7.3.1 (L2) Ensure Office 365 SharePoint infected files are disallowed for download
- 7.3.2 (L2) Ensure OneDrive sync is restricted for unmanaged devices
- 8.1.1 (L2) Ensure external file sharing in Teams is enabled for only approved cloud storage services
- 8.2.1 (L2) Ensure external domains are restricted in the Teams admin center
- 8.5.1 (L2) Ensure anonymous users can't join a meeting
- 8.5.5 (L2) Ensure meeting chat does not allow anonymous users
- 8.5.6 (L2) Ensure only organizers and co-organizers can present
- 8.5.8 (L2) Ensure external meeting chat is off
- 8.5.9 (L2) Ensure meeting recording is off by default
- 9.1.5 (L2) Ensure 'Interact with and share R and Python' visuals is 'Disabled'
|
Oct 22, 2025 Informational Update- 1.2.1 (L2) Ensure that only organizationally managed/approved public groups exist
- 1.3.2 (L2) Ensure 'Idle session timeout' is set to '3 hours (or less)' for unmanaged devices
- 1.3.3 (L2) Ensure 'External sharing' of calendars is not available
- 1.3.6 (L2) Ensure the customer lockbox feature is enabled
- 1.3.7 (L2) Ensure 'third-party storage services' are restricted in 'Microsoft 365 on the web'
- 1.3.8 (L2) Ensure that Sways cannot be shared with people outside of your organization
- 2.1.1 (L2) Ensure Safe Links for Office Applications is Enabled
- 2.1.11 (L2) Ensure comprehensive attachment filtering is applied
- 2.1.4 (L2) Ensure Safe Attachments policy is enabled
- 2.1.5 (L2) Ensure Safe Attachments for SharePoint, OneDrive, and Microsoft Teams is Enabled
- 2.1.7 (L2) Ensure that an anti-phishing policy has been created
- 2.4.3 (L2) Ensure Microsoft Defender for Cloud Apps is enabled and configured
- 4.1 (L2) Ensure devices without a compliance policy are marked 'not compliant'
- 4.2 (L2) Ensure device enrollment for personally owned devices is blocked by default
- 5.1.2.2 (L2) Ensure third party integrated applications are not allowed
- 5.1.2.5 (L2) Ensure the option to remain signed in is hidden
- 5.1.2.6 (L2) Ensure 'LinkedIn account connections' is disabled
- 5.1.5.1 (L2) Ensure user consent to apps accessing company data on their behalf is not allowed
- 5.1.6.1 (L2) Ensure that collaboration invitations are sent to allowed domains only
- 5.1.6.3 (L2) Ensure guest user invitations are limited to the Guest Inviter role
- 5.2.2.5 (L2) Ensure 'Phishing-resistant MFA strength' is required for Administrators
- 5.2.2.8 (L2) Ensure 'sign-in risk' is blocked for medium and high risk
- 5.3.1 (L2) Ensure 'Privileged Identity Management' is used to manage roles
- 6.3.1 (L2) Ensure users installing Outlook add-ins is not allowed
- 7.2.4 (L2) Ensure OneDrive content sharing is restricted
- 7.2.5 (L2) Ensure that SharePoint guest users cannot share items they don't own
- 7.2.6 (L2) Ensure SharePoint external sharing is managed through domain whitelist/blacklists
- 7.2.8 (L2) Ensure external sharing is restricted by security group
- 7.3.2 (L2) Ensure OneDrive sync is restricted for unmanaged devices
- 8.1.1 (L2) Ensure external file sharing in Teams is enabled for only approved cloud storage services
- 8.2.1 (L2) Ensure external domains are restricted in the Teams admin center
- 8.5.1 (L2) Ensure anonymous users can't join a meeting
- 8.5.5 (L2) Ensure meeting chat does not allow anonymous users
- 8.5.6 (L2) Ensure only organizers and co-organizers can present
- 8.5.8 (L2) Ensure external meeting chat is off
- 8.5.9 (L2) Ensure meeting recording is off by default
- 9.1.5 (L2) Ensure 'Interact with and share R and Python' visuals is 'Disabled'
|
