turbot/microsoft365_compliance

Benchmark: CIS v1.4.0

To obtain the latest version of the official guide, please visit http://benchmarks.cisecurity.org.

Overview

This document, Security Configuration Benchmark for Microsoft 365, provides prescriptive guidance for establishing a secure configuration posture for Microsoft 365 Cloud offerings running on any OS. This guide was tested against Microsoft 365, and includes recommendations for Exchange Online, SharePoint Online, OneDrive for Business, Skype/Teams, Azure Active Directory, and inTune. If you have questions, comments, or have identified ways to improve this guide, please write us at feedback@cisecurity.org.

Profiles

The following configuration profiles are defined by this Benchmark:

E3 Level 1

Items in this profile apply to customer deployments of Microsoft M365 with an E3 license and intend to:

  • be practical and prudent;
  • provide a clear security benefit; and
  • not inhibit the utility of the technology beyond acceptable means.

E3 Level 2

This profile extends the "E3 Level 1" profile. Items in this profile exhibit one or more of the following characteristics and is focused on customer deployments of Microsoft M365 E3:

  • are intended for environments or use cases where security is paramount
  • acts as defense in depth measure
  • may negatively inhibit the utility or performance of the technology.

E5 Level 1

Items in this profile extend what is provided by the "E3 Level 1" profile for customer deployments of Microsoft M365 with an E5 license and intend to:

  • be practical and prudent;
  • provide a clear security benefit; and
  • not inhibit the utility of the technology beyond acceptable means.

E5 Level 2

This profile extends the "E3 Level 1" and "E5 Level 1" profiles. Items in this profile exhibit one or more of the following characteristics and is focused on customer deployments of Microsoft M365 E5:

  • are intended for environments or use cases where security is paramount
  • acts as defense in depth measure
  • may negatively inhibit the utility or performance of the technology.

Usage

Install the mod:

mkdir dashboards
cd dashboards
powerpipe mod init
powerpipe mod install github.com/turbot/steampipe-mod-microsoft365-compliance

Start the Powerpipe server:

steampipe service start
powerpipe server

Open http://localhost:9033 in your browser and select CIS v1.4.0.

Run this benchmark in your terminal:

powerpipe benchmark run microsoft365_compliance.benchmark.cis_v140

Snapshot and share results via Turbot Pipes:

powerpipe benchmark run microsoft365_compliance.benchmark.cis_v140 --share

Benchmarks

Tags