CIS Microsoft 365 Foundations E3 L2 v3.0.0

Audit Details

Name: CIS Microsoft 365 Foundations E3 L2 v3.0.0

Updated: 12/4/2023

Authority: CIS

Plugin: microsoft_azure

Revision: 1.0

Estimated Item Count: 22

File Details

Filename: CIS_Microsoft_365_v3.0.0_E3_Level_2.audit

Size: 58.7 kB

MD5: a032926f33342507bf9dbe4fb20fc9de
SHA256: 4fff4f4999c44ed3ba74bc27059d5d68d434340898a5d18fab91eab02f1cfbce

Audit Items

DescriptionCategories
1.2.1 Ensure that only organizationally managed/approved public groups exist

ACCESS CONTROL, MEDIA PROTECTION

1.3.3 Ensure 'External sharing' of calendars is not available

CONFIGURATION MANAGEMENT

1.3.7 Ensure 'third-party storage services' are restricted in 'Microsoft 365 on the web'

ACCESS CONTROL, MEDIA PROTECTION

1.3.8 Ensure that Sways cannot be shared with people outside of your organization

CONFIGURATION MANAGEMENT

5.1.2.2 Ensure third party integrated applications are not allowed

CONFIGURATION MANAGEMENT

5.1.2.5 Ensure the option to remain signed in is hidden

IDENTIFICATION AND AUTHENTICATION

5.1.2.6 Ensure 'LinkedIn account connections' is disabled

CONFIGURATION MANAGEMENT

5.1.5.2 Ensure user consent to apps accessing company data on their behalf is not allowed

ACCESS CONTROL, MEDIA PROTECTION

5.1.6.1 Ensure that collaboration invitations are sent to allowed domains only

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION

5.2.2.5 Ensure 'Phishing-resistant MFA strength' is required for Administrators

IDENTIFICATION AND AUTHENTICATION

6.3.1 Ensure users installing Outlook add-ins is not allowed

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

6.5.2 Ensure MailTips are enabled for end users

CONFIGURATION MANAGEMENT

6.5.3 Ensure additional storage providers are restricted in Outlook on the web

ACCESS CONTROL, MEDIA PROTECTION

7.2.4 Ensure OneDrive content sharing is restricted

ACCESS CONTROL, MEDIA PROTECTION

7.2.5 Ensure that SharePoint guest users cannot share items they don't own

ACCESS CONTROL, MEDIA PROTECTION

7.2.6 Ensure SharePoint external sharing is managed through domain whitelist/blacklists

ACCESS CONTROL, MEDIA PROTECTION

7.2.8 Ensure external sharing is restricted by security group

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

7.3.2 Ensure OneDrive sync is restricted for unmanaged devices

CONFIGURATION MANAGEMENT

8.1.1 Ensure external file sharing in Teams is enabled for only approved cloud storage services

ACCESS CONTROL, MEDIA PROTECTION

8.2.1 Ensure 'external access' is restricted in the Teams admin center

CONFIGURATION MANAGEMENT

8.5.1 Ensure anonymous users can't join a meeting

ACCESS CONTROL

9.1.5 Ensure 'Interact with and share R and Python' visuals is 'Disabled'

CONFIGURATION MANAGEMENT