5.14 Ensure the report of users who have had their email privileges restricted due to spamming is reviewed

Information

Review and unblock users who have been blocked for sending too many messages marked as spam/bulk.

Rationale:

Users who are found on the restricted users list have a high probability of having been compromised. Review of this list will allow an organization to remediate these user accounts, and then unblock them.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

To review the report, use the Microsoft 365 Admin Center:

Click Security to open the Security portal.

Under Email & collaboration navigate to Review.

Click Restricted Users.

Review alerts and take appropriate action (unblocking) after account has been remediated.

See Also

https://workbench.cisecurity.org/files/3729

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-6, 800-53|AU-6(1), 800-53|AU-7(1), CSCv7|6.2

Plugin: microsoft_azure

Control ID: f90112a35aed8508adadf77bdd64998173a61a3973d60207c1208ac8dd5578d3