Sample-Reports/IndividualReports/TeamsReport.json
[
{ "ReportSummary": { "Manual": 6, "Passes": 15, "Errors": 0, "Failures": 0, "Date": "06/05/2024 14:50:13 Central Daylight Time", "Warnings": 0 }, "Results": [ { "GroupName": "Meeting Policies", "GroupNumber": "1", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.3.0/PowerShell/ScubaGear/baselines/teams.md#1-meeting-policies", "Controls": [ { "Control ID": "MS.TEAMS.1.1v1", "Requirement": "External meeting participants SHOULD NOT be enabled to request control of shared desktops or windows.", "Result": "Pass", "Criticality": "Should", "Details": "Requirement met" }, { "Control ID": "MS.TEAMS.1.2v1", "Requirement": "Anonymous users SHALL NOT be enabled to start meetings.", "Result": "Pass", "Criticality": "Shall", "Details": "Requirement met" }, { "Control ID": "MS.TEAMS.1.3v1", "Requirement": "Anonymous users and dial-in callers SHOULD NOT be admitted automatically.", "Result": "Pass", "Criticality": "Should", "Details": "Requirement met" }, { "Control ID": "MS.TEAMS.1.4v1", "Requirement": "Internal users SHOULD be admitted automatically.", "Result": "Pass", "Criticality": "Should", "Details": "Requirement met" }, { "Control ID": "MS.TEAMS.1.5v1", "Requirement": "Dial-in users SHOULD NOT be enabled to bypass the lobby.", "Result": "Pass", "Criticality": "Should", "Details": "Requirement met" }, { "Control ID": "MS.TEAMS.1.6v1", "Requirement": "Meeting recording SHOULD be disabled.", "Result": "Pass", "Criticality": "Should", "Details": "Requirement met" }, { "Control ID": "MS.TEAMS.1.7v1", "Requirement": "Record an event SHOULD be set to Organizer can record.", "Result": "Pass", "Criticality": "Should", "Details": "Requirement met" } ] }, { "GroupName": "External User Access", "GroupNumber": "2", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.3.0/PowerShell/ScubaGear/baselines/teams.md#2-external-user-access", "Controls": [ { "Control ID": "MS.TEAMS.2.1v1", "Requirement": "External access for users SHALL only be enabled on a per-domain basis.", "Result": "Pass", "Criticality": "Shall", "Details": "Requirement met" }, { "Control ID": "MS.TEAMS.2.2v1", "Requirement": "Unmanaged users SHALL NOT be enabled to initiate contact with internal users.", "Result": "Pass", "Criticality": "Shall", "Details": "Requirement met" }, { "Control ID": "MS.TEAMS.2.3v1", "Requirement": "Internal users SHOULD NOT be enabled to initiate contact with unmanaged users.", "Result": "Pass", "Criticality": "Should", "Details": "Requirement met" } ] }, { "GroupName": "Skype Users", "GroupNumber": "3", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.3.0/PowerShell/ScubaGear/baselines/teams.md#3-skype-users", "Controls": [ { "Control ID": "MS.TEAMS.3.1v1", "Requirement": "Contact with Skype users SHALL be blocked.", "Result": "Pass", "Criticality": "Shall", "Details": "Requirement met" } ] }, { "GroupName": "Teams Email Integration", "GroupNumber": "4", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.3.0/PowerShell/ScubaGear/baselines/teams.md#4-teams-email-integration", "Controls": [ { "Control ID": "MS.TEAMS.4.1v1", "Requirement": "Teams email integration SHALL be disabled.", "Result": "Pass", "Criticality": "Shall", "Details": "N/A: Feature is unavailable in GCC environments" } ] }, { "GroupName": "App Management", "GroupNumber": "5", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.3.0/PowerShell/ScubaGear/baselines/teams.md#5-app-management", "Controls": [ { "Control ID": "MS.TEAMS.5.1v1", "Requirement": "Agencies SHOULD only allow installation of Microsoft apps approved by the agency.", "Result": "Pass", "Criticality": "Should", "Details": "Requirement met" }, { "Control ID": "MS.TEAMS.5.2v1", "Requirement": "Agencies SHOULD only allow installation of third-party apps approved by the agency.", "Result": "Pass", "Criticality": "Should", "Details": "Requirement met" }, { "Control ID": "MS.TEAMS.5.3v1", "Requirement": "Agencies SHOULD only allow installation of custom apps approved by the agency.", "Result": "Pass", "Criticality": "Should", "Details": "Requirement met" } ] }, { "GroupName": "Data Loss Prevention", "GroupNumber": "6", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.3.0/PowerShell/ScubaGear/baselines/teams.md#6-data-loss-prevention", "Controls": [ { "Control ID": "MS.TEAMS.6.1v1", "Requirement": "A DLP solution SHALL be enabled. The selected DLP solution SHOULD offer services comparable to the native DLP solution offered by Microsoft.", "Result": "N/A", "Criticality": "Shall/3rd Party", "Details": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See <a href=\"https://github.com/cisagov/ScubaGear/blob/v1.3.0/PowerShell/ScubaGear/baselines/teams.md#msteams61v1\" target=\"_blank\">Secure Configuration Baseline policy</a> for instructions on manual check." }, { "Control ID": "MS.TEAMS.6.2v1", "Requirement": "The DLP solution SHALL protect personally identifiable information (PII) and sensitive information, as defined by the agency. At a minimum, sharing of credit card numbers, taxpayer identification numbers (TINs), and Social Security numbers (SSNs) via email SHALL be restricted.", "Result": "N/A", "Criticality": "Shall/3rd Party", "Details": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See <a href=\"https://github.com/cisagov/ScubaGear/blob/v1.3.0/PowerShell/ScubaGear/baselines/teams.md#msteams62v1\" target=\"_blank\">Secure Configuration Baseline policy</a> for instructions on manual check." } ] }, { "GroupName": "Malware Scanning", "GroupNumber": "7", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.3.0/PowerShell/ScubaGear/baselines/teams.md#7-malware-scanning", "Controls": [ { "Control ID": "MS.TEAMS.7.1v1", "Requirement": "Attachments included with Teams messages SHOULD be scanned for malware.", "Result": "N/A", "Criticality": "Should/3rd Party", "Details": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See <a href=\"https://github.com/cisagov/ScubaGear/blob/v1.3.0/PowerShell/ScubaGear/baselines/teams.md#msteams71v1\" target=\"_blank\">Secure Configuration Baseline policy</a> for instructions on manual check." }, { "Control ID": "MS.TEAMS.7.2v1", "Requirement": "Users SHOULD be prevented from opening or downloading files detected as malware.", "Result": "N/A", "Criticality": "Should/3rd Party", "Details": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See <a href=\"https://github.com/cisagov/ScubaGear/blob/v1.3.0/PowerShell/ScubaGear/baselines/teams.md#msteams72v1\" target=\"_blank\">Secure Configuration Baseline policy</a> for instructions on manual check." } ] }, { "GroupName": "Link Protection", "GroupNumber": "8", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.3.0/PowerShell/ScubaGear/baselines/teams.md#8-link-protection", "Controls": [ { "Control ID": "MS.TEAMS.8.1v1", "Requirement": "URL comparison with a blocklist SHOULD be enabled.", "Result": "N/A", "Criticality": "Should/3rd Party", "Details": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See <a href=\"https://github.com/cisagov/ScubaGear/blob/v1.3.0/PowerShell/ScubaGear/baselines/teams.md#msteams81v1\" target=\"_blank\">Secure Configuration Baseline policy</a> for instructions on manual check." }, { "Control ID": "MS.TEAMS.8.2v1", "Requirement": "User click tracking SHOULD be enabled.", "Result": "N/A", "Criticality": "Should/3rd Party", "Details": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See <a href=\"https://github.com/cisagov/ScubaGear/blob/v1.3.0/PowerShell/ScubaGear/baselines/teams.md#msteams82v1\" target=\"_blank\">Secure Configuration Baseline policy</a> for instructions on manual check." } ] } ], "MetaData": { "Tenant Display Name": "tqhjy", "Report Date": "06/05/2024 14:50:13 Central Daylight Time", "Baseline Version": "1", "Module Version": "1.3.0" } } ] |