CIS Microsoft 365 Foundations E3 L1 v1.4.0

Audit Details

Name: CIS Microsoft 365 Foundations E3 L1 v1.4.0

Updated: 8/11/2022

Authority: CIS

Plugin: microsoft_azure

Revision: 1.0

Estimated Item Count: 49

File Details

Filename: CIS_Microsoft_365_v1.4.0_E3_Level_1.audit

Size: 112 kB

MD5: d128c78d0f9d0631461e624e75337940
SHA256: 3d911a6696f60b20db68ccdf2575d13a57df66c6aa13185d8553ec3cf148ff10

Audit Items

DescriptionCategories
1.1.1 Ensure multifactor authentication is enabled for all users in administrative roles

IDENTIFICATION AND AUTHENTICATION

1.1.3 Ensure that between two and four global admins are designated

ACCESS CONTROL

1.1.4 Ensure self-service password reset is enabled

AWARENESS AND TRAINING

1.1.5 Ensure that password protection is enabled for Active Directory

ACCESS CONTROL

1.1.6 Enable Conditional Access policies to block legacy authentication

IDENTIFICATION AND AUTHENTICATION

1.1.7 Ensure that password hash sync is enabled for resiliency and leaked credential detection

AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY

1.1.11 Ensure Security Defaults is disabled on Azure Active Directory

CONFIGURATION MANAGEMENT

1.1.15 Ensure Sign-in frequency is enabled and browser sessions are not persistent for Administrative users.

IDENTIFICATION AND AUTHENTICATION

1.2 Ensure modern authentication for Exchange Online is enabled

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

1.3 Ensure modern authentication for Skype for Business Online is enabled

IDENTIFICATION AND AUTHENTICATION

1.4 Ensure modern authentication for SharePoint applications is required

IDENTIFICATION AND AUTHENTICATION

1.5 Ensure that Office 365 Passwords Are Not Set to Expire

IDENTIFICATION AND AUTHENTICATION

1.6 Ensure Administrative accounts are separate, unassigned, and cloud-only

ACCESS CONTROL

2.9 - Ensure users installing Word, Excel, and PowerPoint add-ins is not allowed

CONFIGURATION MANAGEMENT, MAINTENANCE

2.10 Ensure internal phishing protection for Forms is enabled

AWARENESS AND TRAINING, SYSTEM AND INFORMATION INTEGRITY

2.11 Ensure that Sways cannot be shared with people outside of your organization

ACCESS CONTROL, MEDIA PROTECTION

3.4 Ensure DLP policies are enabled

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

4.1 Ensure the Common Attachment Types Filter is enabled

SYSTEM AND INFORMATION INTEGRITY

4.2 Ensure Exchange Online Spam Policies are set correctly

SYSTEM AND INFORMATION INTEGRITY

4.3 Ensure all forms of mail forwarding are blocked and/or disabled

ACCESS CONTROL

4.4 Ensure mail transport rules do not whitelist specific domains

SYSTEM AND INFORMATION INTEGRITY

4.8 Ensure that DKIM is enabled for all Exchange Online Domains

SYSTEM AND COMMUNICATIONS PROTECTION

4.9 Ensure that SPF records are published for all Exchange Domains

SYSTEM AND COMMUNICATIONS PROTECTION

4.10 Ensure DMARC Records for all Exchange Online domains are published

SYSTEM AND COMMUNICATIONS PROTECTION

4.11 Ensure notifications for internal users sending malware is Enabled

ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY

5.1 Ensure Microsoft 365 audit log search is Enabled

AUDIT AND ACCOUNTABILITY

5.2 Ensure mailbox auditing for all users is Enabled

AUDIT AND ACCOUNTABILITY

5.3 Ensure the Azure AD 'Risky sign-ins' report is reviewed at least weekly

AUDIT AND ACCOUNTABILITY

5.5 Ensure the self-service password reset activity report is reviewed at least weekly

AUDIT AND ACCOUNTABILITY

5.6 Ensure user role group changes are reviewed at least weekly

AUDIT AND ACCOUNTABILITY

5.7 Ensure mail forwarding rules are reviewed at least weekly

AUDIT AND ACCOUNTABILITY

5.8 Ensure the Mailbox Access by Non-Owners Report is reviewed at least biweekly

AUDIT AND ACCOUNTABILITY

5.9 Ensure the Malware Detections report is reviewed at least weekly

AUDIT AND ACCOUNTABILITY

5.10 Ensure the Account Provisioning Activity report is reviewed at least weekly

AUDIT AND ACCOUNTABILITY

5.11 Ensure non-global administrator role group assignments are reviewed at least weekly

AUDIT AND ACCOUNTABILITY

5.14 Ensure the report of users who have had their email privileges restricted due to spamming is reviewed

AUDIT AND ACCOUNTABILITY

5.15 Ensure Guest Users are reviewed at least biweekly

ACCESS CONTROL

6.3 Ensure expiration time for external sharing links is set

ACCESS CONTROL, CONFIGURATION MANAGEMENT

7.1 Ensure mobile device management polices are set to require advanced security configurations to protect from basic internet attacks

CONFIGURATION MANAGEMENT

7.2 Ensure that mobile device password reuse is prohibited

IDENTIFICATION AND AUTHENTICATION

7.3 Ensure that mobile devices are set to never expire passwords

IDENTIFICATION AND AUTHENTICATION

7.4 Ensure that users cannot connect from devices that are jail broken or rooted

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

7.6 Ensure that mobile devices require a minimum password length to prevent brute force attacks

IDENTIFICATION AND AUTHENTICATION

7.7 Ensure that settings are enable to lock devices after a period of inactivity to prevent unauthorized access

ACCESS CONTROL

7.8 Ensure that mobile device encryption is enabled to prevent unauthorized access to mobile data

SYSTEM AND COMMUNICATIONS PROTECTION

7.9 Ensure that mobile devices require complex passwords (Type = Alphanumeric)

IDENTIFICATION AND AUTHENTICATION

7.10 Ensure that mobile devices require complex passwords (Simple Passwords = Blocked)

IDENTIFICATION AND AUTHENTICATION

7.11 Ensure that devices connecting have AV and a local firewall enabled

SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

7.13 Ensure mobile devices require the use of a password

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION