Sample-Reports/IndividualReports/DefenderReport.json
[
{ "ReportSummary": { "Failures": 3, "Errors": 0, "Passes": 10, "Warnings": 3, "Manual": 4, "Date": "12/18/2024 09:40:27 Central Standard Time", "Omits": 0 }, "Results": [ { "GroupName": "Preset Security Profiles", "GroupNumber": "1", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/defender.md#1-preset-security-profiles", "Controls": [ { "Control ID": "MS.DEFENDER.1.1v1", "Requirement": "The standard and strict preset security policies SHALL be enabled.", "Result": "Pass", "Criticality": "Shall", "Details": "Requirement met" }, { "Control ID": "MS.DEFENDER.1.2v1", "Requirement": "All users SHALL be added to Exchange Online Protection (EOP) in either the standard or strict preset security policy.", "Result": "Pass", "Criticality": "Shall", "Details": "Requirement met" }, { "Control ID": "MS.DEFENDER.1.3v1", "Requirement": "All users SHALL be added to Defender for Office 365 protection in either the standard or strict preset security policy.", "Result": "Pass", "Criticality": "Shall", "Details": "Requirement met" }, { "Control ID": "MS.DEFENDER.1.4v1", "Requirement": "Sensitive accounts SHALL be added to Exchange Online Protection in the strict preset security policy.", "Result": "Fail", "Criticality": "Shall", "Details": "Requirement not met" }, { "Control ID": "MS.DEFENDER.1.5v1", "Requirement": "Sensitive accounts SHALL be added to Defender for Office 365 protection in the strict preset security policy.", "Result": "Fail", "Criticality": "Shall", "Details": "Requirement not met" } ] }, { "GroupName": "Impersonation Protection", "GroupNumber": "2", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/defender.md#2-impersonation-protection", "Controls": [ { "Control ID": "MS.DEFENDER.2.1v1", "Requirement": "User impersonation protection SHOULD be enabled for sensitive accounts in both the standard and strict preset policies.", "Result": "Pass", "Criticality": "Should", "Details": "Requirement met" }, { "Control ID": "MS.DEFENDER.2.2v1", "Requirement": "Domain impersonation protection SHOULD be enabled for domains owned by the agency in both the standard and strict preset policies.", "Result": "Warning", "Criticality": "Should", "Details": "Not all agency domains are included for targeted protection in Strict or Standard policy." }, { "Control ID": "MS.DEFENDER.2.3v1", "Requirement": "Domain impersonation protection SHOULD be added for important partners in both the standard and strict preset policies.", "Result": "Warning", "Criticality": "Should", "Details": "Not all partner domains are included for targeted protection in Strict or Standard policy." } ] }, { "GroupName": "Safe Attachments", "GroupNumber": "3", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/defender.md#3-safe-attachments", "Controls": [ { "Control ID": "MS.DEFENDER.3.1v1", "Requirement": "Safe attachments SHOULD be enabled for SharePoint, OneDrive, and Microsoft Teams.", "Result": "Pass", "Criticality": "Should", "Details": "Requirement met" } ] }, { "GroupName": "Data Loss Prevention", "GroupNumber": "4", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/defender.md#4-data-loss-prevention", "Controls": [ { "Control ID": "MS.DEFENDER.4.1v2", "Requirement": "A custom policy SHALL be configured to protect PII and sensitive information, as defined by the agency, blocking at a minimum: credit card numbers, U.S. Individual Taxpayer Identification Numbers (ITIN), and U.S. Social Security numbers (SSN).", "Result": "Pass", "Criticality": "Shall", "Details": "Requirement met" }, { "Control ID": "MS.DEFENDER.4.2v1", "Requirement": "The custom policy SHOULD be applied to Exchange, OneDrive, SharePoint, Teams chat, and Devices.", "Result": "Warning", "Criticality": "Should", "Details": "DLP custom policy applied to the following locations: Exchange, OneDrive, SharePoint, Teams. Custom policy protecting sensitive info types NOT applied to: Devices. Devices location requires DLP for Endpoint licensing and at least one registered device. For full policy details, see the ActualValue field in the results file: ./TestResults.json" }, { "Control ID": "MS.DEFENDER.4.3v1", "Requirement": "The action for the custom policy SHOULD be set to block sharing sensitive information with everyone.", "Result": "Pass", "Criticality": "Should", "Details": "Requirement met" }, { "Control ID": "MS.DEFENDER.4.4v1", "Requirement": "Notifications to inform users and help educate them on the proper use of sensitive information SHOULD be enabled in the custom policy.", "Result": "Pass", "Criticality": "Should", "Details": "Requirement met" }, { "Control ID": "MS.DEFENDER.4.5v1", "Requirement": "A list of apps that are restricted from accessing files protected by DLP policy SHOULD be defined.", "Result": "N/A", "Criticality": "Should/Not-Implemented", "Details": "This product does not currently have the capability to check compliance for this policy. See <a href=\"https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/defender.md#msdefender45v1\" target=\"_blank\">Secure Configuration Baseline policy</a> for instructions on manual check" }, { "Control ID": "MS.DEFENDER.4.6v1", "Requirement": "The custom policy SHOULD include an action to block access to sensitive information by restricted apps and unwanted Bluetooth applications.", "Result": "N/A", "Criticality": "Should/Not-Implemented", "Details": "This product does not currently have the capability to check compliance for this policy. See <a href=\"https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/defender.md#msdefender46v1\" target=\"_blank\">Secure Configuration Baseline policy</a> for instructions on manual check" } ] }, { "GroupName": "Alerts", "GroupNumber": "5", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/defender.md#5-alerts", "Controls": [ { "Control ID": "MS.DEFENDER.5.1v1", "Requirement": "At a minimum, the alerts required by the CISA M365 Secure Configuration Baseline for Exchange Online SHALL be enabled.", "Result": "Pass", "Criticality": "Shall", "Details": "Requirement met" }, { "Control ID": "MS.DEFENDER.5.2v1", "Requirement": "The alerts SHOULD be sent to a monitored address or incorporated into a Security Information and Event Management (SIEM).", "Result": "N/A", "Criticality": "Should/Not-Implemented", "Details": "This product does not currently have the capability to check compliance for this policy. See <a href=\"https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/defender.md#msdefender52v1\" target=\"_blank\">Secure Configuration Baseline policy</a> for instructions on manual check" } ] }, { "GroupName": "Audit Logging", "GroupNumber": "6", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/defender.md#6-audit-logging", "Controls": [ { "Control ID": "MS.DEFENDER.6.1v1", "Requirement": "Microsoft Purview Audit (Standard) logging SHALL be enabled.", "Result": "Pass", "Criticality": "Shall", "Details": "Requirement met" }, { "Control ID": "MS.DEFENDER.6.2v1", "Requirement": "Microsoft Purview Audit (Premium) logging SHALL be enabled for ALL users.", "Result": "Fail", "Criticality": "Shall", "Details": "Requirement not met. 81 tenant users without M365 Advanced Auditing feature assigned. To review and assign users the Microsoft 365 Advanced Auditing feature, see <a href=\"https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/defender.md#msdefender62v1\" target=\"_blank\">Secure Configuration Baseline policy</a>. To get a list of all users without the license feature run the following: Get-MgBetaUser -Filter \"not assignedPlans/any(a:a/servicePlanId eq 2f442157-a11c-46b9-ae5b-6e39ff4e5849 and a/capabilityStatus eq 'Enabled')\" -ConsistencyLevel eventual -Count UserCount -All | Select-Object DisplayName,UserPrincipalName" }, { "Control ID": "MS.DEFENDER.6.3v1", "Requirement": "Audit logs SHALL be maintained for at least the minimum duration dictated by OMB M-21-31.", "Result": "N/A", "Criticality": "Shall/Not-Implemented", "Details": "This product does not currently have the capability to check compliance for this policy. See <a href=\"https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/defender.md#msdefender63v1\" target=\"_blank\">Secure Configuration Baseline policy</a> for instructions on manual check" } ] } ], "MetaData": { "Tenant Display Name": "tqhjy", "Report Date": "12/18/2024 09:40:27 Central Standard Time", "Baseline Version": "1", "Module Version": "1.5.0" } } ] |