Sample-Reports/IndividualReports/DefenderReport.json

[
    {
        "ReportSummary": {
                              "Failures": 3,
                              "Errors": 0,
                              "Passes": 10,
                              "Warnings": 3,
                              "Manual": 4,
                              "Date": "12/18/2024 09:40:27 Central Standard Time",
                              "Omits": 0
                          },
        "Results": [
                        {
                            "GroupName": "Preset Security Profiles",
                            "GroupNumber": "1",
                            "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/defender.md#1-preset-security-profiles",
                            "Controls": [
                                             {
                                                 "Control ID": "MS.DEFENDER.1.1v1",
                                                 "Requirement": "The standard and strict preset security policies SHALL be enabled.",
                                                 "Result": "Pass",
                                                 "Criticality": "Shall",
                                                 "Details": "Requirement met"
                                             },
                                             {
                                                 "Control ID": "MS.DEFENDER.1.2v1",
                                                 "Requirement": "All users SHALL be added to Exchange Online Protection (EOP) in either the standard or strict preset security policy.",
                                                 "Result": "Pass",
                                                 "Criticality": "Shall",
                                                 "Details": "Requirement met"
                                             },
                                             {
                                                 "Control ID": "MS.DEFENDER.1.3v1",
                                                 "Requirement": "All users SHALL be added to Defender for Office 365 protection in either the standard or strict preset security policy.",
                                                 "Result": "Pass",
                                                 "Criticality": "Shall",
                                                 "Details": "Requirement met"
                                             },
                                             {
                                                 "Control ID": "MS.DEFENDER.1.4v1",
                                                 "Requirement": "Sensitive accounts SHALL be added to Exchange Online Protection in the strict preset security policy.",
                                                 "Result": "Fail",
                                                 "Criticality": "Shall",
                                                 "Details": "Requirement not met"
                                             },
                                             {
                                                 "Control ID": "MS.DEFENDER.1.5v1",
                                                 "Requirement": "Sensitive accounts SHALL be added to Defender for Office 365 protection in the strict preset security policy.",
                                                 "Result": "Fail",
                                                 "Criticality": "Shall",
                                                 "Details": "Requirement not met"
                                             }
                                         ]
                        },
                        {
                            "GroupName": "Impersonation Protection",
                            "GroupNumber": "2",
                            "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/defender.md#2-impersonation-protection",
                            "Controls": [
                                             {
                                                 "Control ID": "MS.DEFENDER.2.1v1",
                                                 "Requirement": "User impersonation protection SHOULD be enabled for sensitive accounts in both the standard and strict preset policies.",
                                                 "Result": "Pass",
                                                 "Criticality": "Should",
                                                 "Details": "Requirement met"
                                             },
                                             {
                                                 "Control ID": "MS.DEFENDER.2.2v1",
                                                 "Requirement": "Domain impersonation protection SHOULD be enabled for domains owned by the agency in both the standard and strict preset policies.",
                                                 "Result": "Warning",
                                                 "Criticality": "Should",
                                                 "Details": "Not all agency domains are included for targeted protection in Strict or Standard policy."
                                             },
                                             {
                                                 "Control ID": "MS.DEFENDER.2.3v1",
                                                 "Requirement": "Domain impersonation protection SHOULD be added for important partners in both the standard and strict preset policies.",
                                                 "Result": "Warning",
                                                 "Criticality": "Should",
                                                 "Details": "Not all partner domains are included for targeted protection in Strict or Standard policy."
                                             }
                                         ]
                        },
                        {
                            "GroupName": "Safe Attachments",
                            "GroupNumber": "3",
                            "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/defender.md#3-safe-attachments",
                            "Controls": [
                                             {
                                                 "Control ID": "MS.DEFENDER.3.1v1",
                                                 "Requirement": "Safe attachments SHOULD be enabled for SharePoint, OneDrive, and Microsoft Teams.",
                                                 "Result": "Pass",
                                                 "Criticality": "Should",
                                                 "Details": "Requirement met"
                                             }
                                         ]
                        },
                        {
                            "GroupName": "Data Loss Prevention",
                            "GroupNumber": "4",
                            "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/defender.md#4-data-loss-prevention",
                            "Controls": [
                                             {
                                                 "Control ID": "MS.DEFENDER.4.1v2",
                                                 "Requirement": "A custom policy SHALL be configured to protect PII and sensitive information, as defined by the agency, blocking at a minimum: credit card numbers, U.S. Individual Taxpayer Identification Numbers (ITIN), and U.S. Social Security numbers (SSN).",
                                                 "Result": "Pass",
                                                 "Criticality": "Shall",
                                                 "Details": "Requirement met"
                                             },
                                             {
                                                 "Control ID": "MS.DEFENDER.4.2v1",
                                                 "Requirement": "The custom policy SHOULD be applied to Exchange, OneDrive, SharePoint, Teams chat, and Devices.",
                                                 "Result": "Warning",
                                                 "Criticality": "Should",
                                                 "Details": "DLP custom policy applied to the following locations: Exchange, OneDrive, SharePoint, Teams. Custom policy protecting sensitive info types NOT applied to: Devices. Devices location requires DLP for Endpoint licensing and at least one registered device. For full policy details, see the ActualValue field in the results file: ./TestResults.json"
                                             },
                                             {
                                                 "Control ID": "MS.DEFENDER.4.3v1",
                                                 "Requirement": "The action for the custom policy SHOULD be set to block sharing sensitive information with everyone.",
                                                 "Result": "Pass",
                                                 "Criticality": "Should",
                                                 "Details": "Requirement met"
                                             },
                                             {
                                                 "Control ID": "MS.DEFENDER.4.4v1",
                                                 "Requirement": "Notifications to inform users and help educate them on the proper use of sensitive information SHOULD be enabled in the custom policy.",
                                                 "Result": "Pass",
                                                 "Criticality": "Should",
                                                 "Details": "Requirement met"
                                             },
                                             {
                                                 "Control ID": "MS.DEFENDER.4.5v1",
                                                 "Requirement": "A list of apps that are restricted from accessing files protected by DLP policy SHOULD be defined.",
                                                 "Result": "N/A",
                                                 "Criticality": "Should/Not-Implemented",
                                                 "Details": "This product does not currently have the capability to check compliance for this policy. See <a href=\"https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/defender.md#msdefender45v1\" target=\"_blank\">Secure Configuration Baseline policy</a> for instructions on manual check"
                                             },
                                             {
                                                 "Control ID": "MS.DEFENDER.4.6v1",
                                                 "Requirement": "The custom policy SHOULD include an action to block access to sensitive information by restricted apps and unwanted Bluetooth applications.",
                                                 "Result": "N/A",
                                                 "Criticality": "Should/Not-Implemented",
                                                 "Details": "This product does not currently have the capability to check compliance for this policy. See <a href=\"https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/defender.md#msdefender46v1\" target=\"_blank\">Secure Configuration Baseline policy</a> for instructions on manual check"
                                             }
                                         ]
                        },
                        {
                            "GroupName": "Alerts",
                            "GroupNumber": "5",
                            "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/defender.md#5-alerts",
                            "Controls": [
                                             {
                                                 "Control ID": "MS.DEFENDER.5.1v1",
                                                 "Requirement": "At a minimum, the alerts required by the CISA M365 Secure Configuration Baseline for Exchange Online SHALL be enabled.",
                                                 "Result": "Pass",
                                                 "Criticality": "Shall",
                                                 "Details": "Requirement met"
                                             },
                                             {
                                                 "Control ID": "MS.DEFENDER.5.2v1",
                                                 "Requirement": "The alerts SHOULD be sent to a monitored address or incorporated into a Security Information and Event Management (SIEM).",
                                                 "Result": "N/A",
                                                 "Criticality": "Should/Not-Implemented",
                                                 "Details": "This product does not currently have the capability to check compliance for this policy. See <a href=\"https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/defender.md#msdefender52v1\" target=\"_blank\">Secure Configuration Baseline policy</a> for instructions on manual check"
                                             }
                                         ]
                        },
                        {
                            "GroupName": "Audit Logging",
                            "GroupNumber": "6",
                            "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/defender.md#6-audit-logging",
                            "Controls": [
                                             {
                                                 "Control ID": "MS.DEFENDER.6.1v1",
                                                 "Requirement": "Microsoft Purview Audit (Standard) logging SHALL be enabled.",
                                                 "Result": "Pass",
                                                 "Criticality": "Shall",
                                                 "Details": "Requirement met"
                                             },
                                             {
                                                 "Control ID": "MS.DEFENDER.6.2v1",
                                                 "Requirement": "Microsoft Purview Audit (Premium) logging SHALL be enabled for ALL users.",
                                                 "Result": "Fail",
                                                 "Criticality": "Shall",
                                                 "Details": "Requirement not met. 81 tenant users without M365 Advanced Auditing feature assigned. To review and assign users the Microsoft 365 Advanced Auditing feature, see <a href=\"https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/defender.md#msdefender62v1\" target=\"_blank\">Secure Configuration Baseline policy</a>. To get a list of all users without the license feature run the following: Get-MgBetaUser -Filter \"not assignedPlans/any(a:a/servicePlanId eq 2f442157-a11c-46b9-ae5b-6e39ff4e5849 and a/capabilityStatus eq 'Enabled')\" -ConsistencyLevel eventual -Count UserCount -All | Select-Object DisplayName,UserPrincipalName"
                                             },
                                             {
                                                 "Control ID": "MS.DEFENDER.6.3v1",
                                                 "Requirement": "Audit logs SHALL be maintained for at least the minimum duration dictated by OMB M-21-31.",
                                                 "Result": "N/A",
                                                 "Criticality": "Shall/Not-Implemented",
                                                 "Details": "This product does not currently have the capability to check compliance for this policy. See <a href=\"https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/defender.md#msdefender63v1\" target=\"_blank\">Secure Configuration Baseline policy</a> for instructions on manual check"
                                             }
                                         ]
                        }
                    ],
        "MetaData": {
                         "Tenant Display Name": "tqhjy",
                         "Report Date": "12/18/2024 09:40:27 Central Standard Time",
                         "Baseline Version": "1",
                         "Module Version": "1.5.0"
                     }
    }
]