CIS Microsoft 365 Foundations E3 L1 v1.5.0

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS Microsoft 365 Foundations E3 L1 v1.5.0

Updated: 10/6/2023

Authority: CIS

Plugin: microsoft_azure

Revision: 1.4

Estimated Item Count: 47

Audit Items

1.1.1 Ensure multifactor authentication is enabled for all users in administrative roles
1.1.3 Ensure that between two and four global admins are designated
1.1.4 Ensure self-service password reset is enabled
1.1.5 Ensure that password protection is enabled for Active Directory
1.1.6 Enable Conditional Access policies to block legacy authentication
1.1.7 Ensure that password hash sync is enabled for hybrid deployments
1.1.11 Ensure Security Defaults is disabled on Azure Active Directory
1.1.15 Ensure Sign-in frequency is enabled and browser sessions are not persistent for Administrative users.
1.2 Ensure modern authentication for Exchange Online is enabled
1.3 Ensure modern authentication for SharePoint applications is required
1.4 Ensure that Office 365 Passwords Are Not Set to Expire
1.5 Ensure Administrative accounts are separate and cloud-only
2.9 - Ensure users installing Word, Excel, and PowerPoint add-ins is not allowed
2.10 Ensure internal phishing protection for Forms is enabled
2.11 Ensure that Sways cannot be shared with people outside of your organization
3.4 Ensure DLP policies are enabled
4.1 Ensure the Common Attachment Types Filter is enabled
4.2 Ensure Exchange Online Spam Policies are set to notify administrators
4.3 Ensure all forms of mail forwarding are blocked and/or disabled
4.4 Ensure mail transport rules do not whitelist specific domains
4.7 Ensure that DKIM is enabled for all Exchange Online Domains
4.8 Ensure that SPF records are published for all Exchange Domains
4.9 Ensure DMARC Records for all Exchange Online domains are published
4.10 Ensure notifications for internal users sending malware is Enabled
5.1 Ensure Microsoft 365 audit log search is Enabled
5.2 Ensure mailbox auditing for all users is Enabled
5.3 Ensure the Azure AD 'Risky sign-ins' report is reviewed at least weekly
5.5 Ensure the self-service password reset activity report is reviewed at least weekly
5.6 Ensure user role group changes are reviewed at least weekly
5.7 Ensure mail forwarding rules are reviewed at least weekly
5.8 Ensure all security threats in the Threat protection status report are reviewed at least weekly
5.9 Ensure the Account Provisioning Activity report is reviewed at least weekly
5.10 Ensure non-global administrator role group assignments are reviewed at least weekly
5.13 Ensure the report of users who have had their email privileges restricted due to spamming is reviewed
5.14 Ensure Guest Users are reviewed at least biweekly
6.3 Ensure expiration time for external sharing links is set
7.1 Ensure mobile device management policies are set to require advanced security configurations
7.2 Ensure that mobile device password reuse is prohibited
7.3 Ensure that mobile devices are set to never expire passwords
7.4 Ensure that users cannot connect from devices that are jail broken or rooted
7.6 Ensure that mobile devices require a minimum password length to prevent brute force attacks
7.7 Ensure devices lock after a period of inactivity to prevent unauthorized access
7.8 Ensure that mobile device encryption is enabled to prevent unauthorized access to mobile data
7.9 Ensure that mobile devices require complex passwords (Type = Alphanumeric)
7.10 Ensure that mobile devices require complex passwords (Simple Passwords = Blocked)
7.11 Ensure that devices connecting have AV and a local firewall enabled
7.13 Ensure mobile devices require the use of a password