Sample-Reports/IndividualReports/EXOReport.json
|
[
{ "ReportSummary": { "Manual": 23, "Passes": 9, "Errors": 0, "Failures": 3, "Date": "06/05/2024 14:50:13 Central Daylight Time", "Warnings": 2 }, "Results": [ { "GroupName": "Automatic Forwarding to External Domains", "GroupNumber": "1", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.3.0/PowerShell/ScubaGear/baselines/exo.md#1-automatic-forwarding-to-external-domains", "Controls": [ { "Control ID": "MS.EXO.1.1v1", "Requirement": "Automatic forwarding to external domains SHALL be disabled.", "Result": "Pass", "Criticality": "Shall", "Details": "Requirement met" } ] }, { "GroupName": "Sender Policy Framework", "GroupNumber": "2", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.3.0/PowerShell/ScubaGear/baselines/exo.md#2-sender-policy-framework", "Controls": [ { "Control ID": "MS.EXO.2.1v1", "Requirement": "A list of approved IP addresses for sending mail SHALL be maintained.", "Result": "N/A", "Criticality": "Shall/Not-Implemented", "Details": "This product does not currently have the capability to check compliance for this policy. See <a href=\"https://github.com/cisagov/ScubaGear/blob/v1.3.0/PowerShell/ScubaGear/baselines/exo.md#msexo21v1\" target=\"_blank\">Secure Configuration Baseline policy</a> for instructions on manual check" }, { "Control ID": "MS.EXO.2.2v1", "Requirement": "An SPF policy SHALL be published for each domain, designating only these addresses as approved senders.", "Result": "Pass", "Criticality": "Shall", "Details": "Requirement met" } ] }, { "GroupName": "DomainKeys Identified Mail", "GroupNumber": "3", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.3.0/PowerShell/ScubaGear/baselines/exo.md#3-domainkeys-identified-mail", "Controls": [ { "Control ID": "MS.EXO.3.1v1", "Requirement": "DKIM SHOULD be enabled for all domains.", "Result": "Warning", "Criticality": "Should", "Details": "1 agency domain(s) found in violation: tqhjy.onmicrosoft.com" } ] }, { "GroupName": "Domain-Based Message Authentication, Reporting, and Conformance (DMARC)", "GroupNumber": "4", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.3.0/PowerShell/ScubaGear/baselines/exo.md#4-domain-based-message-authentication,-reporting,-and-conformance-(dmarc)", "Controls": [ { "Control ID": "MS.EXO.4.1v1", "Requirement": "A DMARC policy SHALL be published for every second-level domain.", "Result": "Fail", "Criticality": "Shall", "Details": "1 agency domain(s) found in violation: tqhjy.onmicrosoft.com" }, { "Control ID": "MS.EXO.4.2v1", "Requirement": "The DMARC message rejection option SHALL be p=reject.", "Result": "Fail", "Criticality": "Shall", "Details": "1 agency domain(s) found in violation: tqhjy.onmicrosoft.com" }, { "Control ID": "MS.EXO.4.3v1", "Requirement": "The DMARC point of contact for aggregate reports SHALL include `reports@dmarc.cyber.dhs.gov`.", "Result": "Fail", "Criticality": "Shall", "Details": "1 agency domain(s) found in violation: tqhjy.onmicrosoft.com" }, { "Control ID": "MS.EXO.4.4v1", "Requirement": "An agency point of contact SHOULD be included for aggregate and failure reports.", "Result": "Warning", "Criticality": "Should", "Details": "1 agency domain(s) found in violation: tqhjy.onmicrosoft.com" } ] }, { "GroupName": "Simple Mail Transfer Protocol Authentication", "GroupNumber": "5", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.3.0/PowerShell/ScubaGear/baselines/exo.md#5-simple-mail-transfer-protocol-authentication", "Controls": [ { "Control ID": "MS.EXO.5.1v1", "Requirement": "SMTP AUTH SHALL be disabled.", "Result": "Pass", "Criticality": "Shall", "Details": "Requirement met" } ] }, { "GroupName": "Calendar and Contact Sharing", "GroupNumber": "6", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.3.0/PowerShell/ScubaGear/baselines/exo.md#6-calendar-and-contact-sharing", "Controls": [ { "Control ID": "MS.EXO.6.1v1", "Requirement": "Contact folders SHALL NOT be shared with all domains.", "Result": "Pass", "Criticality": "Shall", "Details": "Requirement met" }, { "Control ID": "MS.EXO.6.2v1", "Requirement": "Calendar details SHALL NOT be shared with all domains.", "Result": "Pass", "Criticality": "Shall", "Details": "Requirement met" } ] }, { "GroupName": "External Sender Warnings", "GroupNumber": "7", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.3.0/PowerShell/ScubaGear/baselines/exo.md#7-external-sender-warnings", "Controls": [ { "Control ID": "MS.EXO.7.1v1", "Requirement": "External sender warnings SHALL be implemented.", "Result": "Pass", "Criticality": "Shall", "Details": "Requirement met" } ] }, { "GroupName": "Data Loss Prevention Solutions", "GroupNumber": "8", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.3.0/PowerShell/ScubaGear/baselines/exo.md#8-data-loss-prevention-solutions", "Controls": [ { "Control ID": "MS.EXO.8.1v1", "Requirement": "A DLP solution SHALL be used. The selected DLP solution SHOULD offer services comparable to the native DLP solution offered by Microsoft.", "Result": "N/A", "Criticality": "Shall/3rd Party", "Details": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See <a href=\"https://github.com/cisagov/ScubaGear/blob/v1.3.0/PowerShell/ScubaGear/baselines/exo.md#msexo81v1\" target=\"_blank\">Secure Configuration Baseline policy</a> for instructions on manual check." }, { "Control ID": "MS.EXO.8.2v1", "Requirement": "The DLP solution SHALL protect personally identifiable information (PII) and sensitive information, as defined by the agency. At a minimum, sharing credit card numbers, Taxpayer Identification Numbers (TIN), and Social Security numbers (SSN) via email SHALL be restricted.", "Result": "N/A", "Criticality": "Shall/3rd Party", "Details": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See <a href=\"https://github.com/cisagov/ScubaGear/blob/v1.3.0/PowerShell/ScubaGear/baselines/exo.md#msexo82v1\" target=\"_blank\">Secure Configuration Baseline policy</a> for instructions on manual check." } ] }, { "GroupName": "Attachment File Type", "GroupNumber": "9", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.3.0/PowerShell/ScubaGear/baselines/exo.md#9-attachment-file-type", "Controls": [ { "Control ID": "MS.EXO.9.1v1", "Requirement": "Emails SHALL be filtered by attachment file types. The selected filtering solution SHOULD offer services comparable to Microsoft Defender's Common Attachment Filter.", "Result": "N/A", "Criticality": "Shall/3rd Party", "Details": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See <a href=\"https://github.com/cisagov/ScubaGear/blob/v1.3.0/PowerShell/ScubaGear/baselines/exo.md#msexo91v1\" target=\"_blank\">Secure Configuration Baseline policy</a> for instructions on manual check." }, { "Control ID": "MS.EXO.9.2v1", "Requirement": "The attachment filter SHOULD attempt to determine the true file type and assess the file extension.", "Result": "N/A", "Criticality": "Should/3rd Party", "Details": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See <a href=\"https://github.com/cisagov/ScubaGear/blob/v1.3.0/PowerShell/ScubaGear/baselines/exo.md#msexo92v1\" target=\"_blank\">Secure Configuration Baseline policy</a> for instructions on manual check." }, { "Control ID": "MS.EXO.9.3v1", "Requirement": "Disallowed file types SHALL be determined and set. At a minimum, click-to-run files SHOULD be blocked (e.g., .exe, .cmd, and .vbe).", "Result": "N/A", "Criticality": "Shall/3rd Party", "Details": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See <a href=\"https://github.com/cisagov/ScubaGear/blob/v1.3.0/PowerShell/ScubaGear/baselines/exo.md#msexo93v1\" target=\"_blank\">Secure Configuration Baseline policy</a> for instructions on manual check." } ] }, { "GroupName": "Malware Scanning", "GroupNumber": "10", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.3.0/PowerShell/ScubaGear/baselines/exo.md#10-malware-scanning", "Controls": [ { "Control ID": "MS.EXO.10.1v1", "Requirement": "Emails SHALL be scanned for malware.", "Result": "N/A", "Criticality": "Shall/3rd Party", "Details": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See <a href=\"https://github.com/cisagov/ScubaGear/blob/v1.3.0/PowerShell/ScubaGear/baselines/exo.md#msexo101v1\" target=\"_blank\">Secure Configuration Baseline policy</a> for instructions on manual check." }, { "Control ID": "MS.EXO.10.2v1", "Requirement": "Emails identified as containing malware SHALL be quarantined or dropped.", "Result": "N/A", "Criticality": "Shall/3rd Party", "Details": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See <a href=\"https://github.com/cisagov/ScubaGear/blob/v1.3.0/PowerShell/ScubaGear/baselines/exo.md#msexo102v1\" target=\"_blank\">Secure Configuration Baseline policy</a> for instructions on manual check." }, { "Control ID": "MS.EXO.10.3v1", "Requirement": "Email scanning SHALL be capable of reviewing emails after delivery.", "Result": "N/A", "Criticality": "Should/3rd Party", "Details": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See <a href=\"https://github.com/cisagov/ScubaGear/blob/v1.3.0/PowerShell/ScubaGear/baselines/exo.md#msexo103v1\" target=\"_blank\">Secure Configuration Baseline policy</a> for instructions on manual check." } ] }, { "GroupName": "Phishing Protections", "GroupNumber": "11", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.3.0/PowerShell/ScubaGear/baselines/exo.md#11-phishing-protections", "Controls": [ { "Control ID": "MS.EXO.11.1v1", "Requirement": "Impersonation protection checks SHOULD be used.", "Result": "N/A", "Criticality": "Should/3rd Party", "Details": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See <a href=\"https://github.com/cisagov/ScubaGear/blob/v1.3.0/PowerShell/ScubaGear/baselines/exo.md#msexo111v1\" target=\"_blank\">Secure Configuration Baseline policy</a> for instructions on manual check." }, { "Control ID": "MS.EXO.11.2v1", "Requirement": "User warnings, comparable to the user safety tips included with EOP, SHOULD be displayed.", "Result": "N/A", "Criticality": "Should/3rd Party", "Details": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See <a href=\"https://github.com/cisagov/ScubaGear/blob/v1.3.0/PowerShell/ScubaGear/baselines/exo.md#msexo112v1\" target=\"_blank\">Secure Configuration Baseline policy</a> for instructions on manual check." }, { "Control ID": "MS.EXO.11.3v1", "Requirement": "The phishing protection solution SHOULD include an AI-based phishing detection tool comparable to EOP Mailbox Intelligence.", "Result": "N/A", "Criticality": "Should/3rd Party", "Details": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See <a href=\"https://github.com/cisagov/ScubaGear/blob/v1.3.0/PowerShell/ScubaGear/baselines/exo.md#msexo113v1\" target=\"_blank\">Secure Configuration Baseline policy</a> for instructions on manual check." } ] }, { "GroupName": "IP Allow Lists", "GroupNumber": "12", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.3.0/PowerShell/ScubaGear/baselines/exo.md#12-ip-allow-lists", "Controls": [ { "Control ID": "MS.EXO.12.1v1", "Requirement": "IP allow lists SHOULD NOT be created.", "Result": "Pass", "Criticality": "Should", "Details": "Requirement met" }, { "Control ID": "MS.EXO.12.2v1", "Requirement": "Safe lists SHOULD NOT be enabled.", "Result": "Pass", "Criticality": "Should", "Details": "Requirement met" } ] }, { "GroupName": "Mailbox Auditing", "GroupNumber": "13", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.3.0/PowerShell/ScubaGear/baselines/exo.md#13-mailbox-auditing", "Controls": [ { "Control ID": "MS.EXO.13.1v1", "Requirement": "Mailbox auditing SHALL be enabled.", "Result": "Pass", "Criticality": "Shall", "Details": "Requirement met" } ] }, { "GroupName": "Inbound Anti-Spam Protections", "GroupNumber": "14", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.3.0/PowerShell/ScubaGear/baselines/exo.md#14-inbound-anti-spam-protections", "Controls": [ { "Control ID": "MS.EXO.14.1v1", "Requirement": "A spam filter SHALL be enabled. The filtering solution selected SHOULD offer services comparable to the native spam filtering offered by Microsoft.", "Result": "N/A", "Criticality": "Shall/3rd Party", "Details": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See <a href=\"https://github.com/cisagov/ScubaGear/blob/v1.3.0/PowerShell/ScubaGear/baselines/exo.md#msexo141v1\" target=\"_blank\">Secure Configuration Baseline policy</a> for instructions on manual check." }, { "Control ID": "MS.EXO.14.2v1", "Requirement": "Spam and high confidence spam SHALL be moved to either the junk email folder or the quarantine folder.", "Result": "N/A", "Criticality": "Shall/3rd Party", "Details": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See <a href=\"https://github.com/cisagov/ScubaGear/blob/v1.3.0/PowerShell/ScubaGear/baselines/exo.md#msexo142v1\" target=\"_blank\">Secure Configuration Baseline policy</a> for instructions on manual check." }, { "Control ID": "MS.EXO.14.3v1", "Requirement": "Allowed domains SHALL NOT be added to inbound anti-spam protection policies.", "Result": "N/A", "Criticality": "Shall/3rd Party", "Details": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See <a href=\"https://github.com/cisagov/ScubaGear/blob/v1.3.0/PowerShell/ScubaGear/baselines/exo.md#msexo143v1\" target=\"_blank\">Secure Configuration Baseline policy</a> for instructions on manual check." } ] }, { "GroupName": "Link Protection", "GroupNumber": "15", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.3.0/PowerShell/ScubaGear/baselines/exo.md#15-link-protection", "Controls": [ { "Control ID": "MS.EXO.15.1v1", "Requirement": "URL comparison with a block-list SHOULD be enabled.", "Result": "N/A", "Criticality": "Should/3rd Party", "Details": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See <a href=\"https://github.com/cisagov/ScubaGear/blob/v1.3.0/PowerShell/ScubaGear/baselines/exo.md#msexo151v1\" target=\"_blank\">Secure Configuration Baseline policy</a> for instructions on manual check." }, { "Control ID": "MS.EXO.15.2v1", "Requirement": "Direct download links SHOULD be scanned for malware.", "Result": "N/A", "Criticality": "Should/3rd Party", "Details": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See <a href=\"https://github.com/cisagov/ScubaGear/blob/v1.3.0/PowerShell/ScubaGear/baselines/exo.md#msexo152v1\" target=\"_blank\">Secure Configuration Baseline policy</a> for instructions on manual check." }, { "Control ID": "MS.EXO.15.3v1", "Requirement": "User click tracking SHOULD be enabled.", "Result": "N/A", "Criticality": "Should/3rd Party", "Details": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See <a href=\"https://github.com/cisagov/ScubaGear/blob/v1.3.0/PowerShell/ScubaGear/baselines/exo.md#msexo153v1\" target=\"_blank\">Secure Configuration Baseline policy</a> for instructions on manual check." } ] }, { "GroupName": "Alerts", "GroupNumber": "16", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.3.0/PowerShell/ScubaGear/baselines/exo.md#16-alerts", "Controls": [ { "Control ID": "MS.EXO.16.1v1", "Requirement": "At a minimum, the following alerts SHALL be enabled:\na. <b>Suspicious email sending patterns detected.</b>\nb. <b>Suspicious Connector Activity.</b>\nc. <b>Suspicious Email Forwarding Activity.</b>\nd. <b>Messages have been delayed.</b>\ne. <b>Tenant restricted from sending unprovisioned email.</b>\nf. <b>Tenant restricted from sending email.</b>\ng. <b>A potentially malicious URL click was detected.</b>\n<!--Policy: MS.EXO.16.1v1; Criticality: SHALL -->", "Result": "N/A", "Criticality": "Shall/3rd Party", "Details": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See <a href=\"https://github.com/cisagov/ScubaGear/blob/v1.3.0/PowerShell/ScubaGear/baselines/exo.md#msexo161v1\" target=\"_blank\">Secure Configuration Baseline policy</a> for instructions on manual check." }, { "Control ID": "MS.EXO.16.2v1", "Requirement": "The alerts SHOULD be sent to a monitored address or incorporated into a security information and event management (SIEM) system.", "Result": "N/A", "Criticality": "Should/3rd Party", "Details": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See <a href=\"https://github.com/cisagov/ScubaGear/blob/v1.3.0/PowerShell/ScubaGear/baselines/exo.md#msexo162v1\" target=\"_blank\">Secure Configuration Baseline policy</a> for instructions on manual check." } ] }, { "GroupName": "Audit Logging", "GroupNumber": "17", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.3.0/PowerShell/ScubaGear/baselines/exo.md#17-audit-logging", "Controls": [ { "Control ID": "MS.EXO.17.1v1", "Requirement": "Microsoft Purview Audit (Standard) logging SHALL be enabled.", "Result": "N/A", "Criticality": "Shall/3rd Party", "Details": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See <a href=\"https://github.com/cisagov/ScubaGear/blob/v1.3.0/PowerShell/ScubaGear/baselines/exo.md#msexo171v1\" target=\"_blank\">Secure Configuration Baseline policy</a> for instructions on manual check." }, { "Control ID": "MS.EXO.17.2v1", "Requirement": "Microsoft Purview Audit (Premium) logging SHALL be enabled.", "Result": "N/A", "Criticality": "Shall/3rd Party", "Details": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See <a href=\"https://github.com/cisagov/ScubaGear/blob/v1.3.0/PowerShell/ScubaGear/baselines/exo.md#msexo172v1\" target=\"_blank\">Secure Configuration Baseline policy</a> for instructions on manual check." }, { "Control ID": "MS.EXO.17.3v1", "Requirement": "Audit logs SHALL be maintained for at least the minimum duration dictated by OMB M-21-31 (Appendix C).", "Result": "N/A", "Criticality": "Shall/3rd Party", "Details": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See <a href=\"https://github.com/cisagov/ScubaGear/blob/v1.3.0/PowerShell/ScubaGear/baselines/exo.md#msexo173v1\" target=\"_blank\">Secure Configuration Baseline policy</a> for instructions on manual check." } ] } ], "MetaData": { "Tenant Display Name": "tqhjy", "Report Date": "06/05/2024 14:50:13 Central Daylight Time", "Baseline Version": "1", "Module Version": "1.3.0" } } ] |