7.1 Ensure mobile device management polices are set to require advanced security configurations to protect from basic internet attacks

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

You should configure your mobile device management policies to require advanced security configurations. If you do not require this, users will be able to connect from devices that are vulnerable to basic internet attacks, leading to potential breaches of accounts and data.

Rationale:

Managing mobile devices in your organization, helps provide a basic level of security to protect against attacks from these platforms. For example ensure that the device is up to date on patches or is not rooted. These configurations open those devices to vulnerabilities that are addressed in patched versions of the mobile OS.

Impact:

The impact associated with this change is dependent upon the settings specified in the mobile device configuration profile.

Solution

To set mobile device management profiles, use the Microsoft 365 Admin Center:

Under Admin Centers select Endpoint Management.

Select Devices and then under Policy select Configuration profiles

Select Create profile to create a new profile. Select the appropriate Platform and settings from the configuration screens.

See Also

https://workbench.cisecurity.org/files/3729