5.8 Ensure all security threats in the Threat protection status report are reviewed at least weekly

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

You should review all the security threats in the Threat protection status report at least weekly. This report shows specific instances of Microsoft blocking a malware attachment from reaching your users, phishing being blocked, impersonation attempts, etc.

Rationale:

While this report isn't strictly actionable, reviewing it will give you a sense of the overall volume of various security threats targeting your users, which may prompt you to adopt more aggressive threat mitigations.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

To review the report, use the Microsoft 365 Admin Center:

Select Security.

Click on Reports and under Email & collaboration select Email & collaboration reports.

Under Threat protection status click on View details

Review the chart and look for Email Malware statistics.

See Also

https://workbench.cisecurity.org/files/4073