| Critical |
MISC-090 |
User: MFA Not Registered
User has not registered for multi-factor authentication. Account vulnerable to credential theft.
|
2,049
|
EntraID |
L
4-8 hrs
|
Why This Matters
A critical security feature has been turned off, leaving your organization exposed. Security features exist for a reason - disabling them creates exploitable gaps that attackers actively look for.
What Is The Risk
IMMEDIATE THREAT: This issue is actively exploitable and could lead to complete system compromise, massive data breach, or organization-wide ransomware attack. Attackers are likely already scanning for this weakness. Expected impact: $1M+ in losses, potential business closure.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: SOC2, NIST, CIS, CMMC, ISO27001, HIPAA, GDPR, FedRAMP, HITRUST
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Critical |
MISC-092 |
Guest User with Admin Role
Guest user assigned administrative role. Violates least privilege principle.
|
2,049
|
EntraID |
L
4-8 hrs
|
Why This Matters
A critical security feature has been turned off, leaving your organization exposed. Security features exist for a reason - disabling them creates exploitable gaps that attackers actively look for.
What Is The Risk
IMMEDIATE THREAT: This issue is actively exploitable and could lead to complete system compromise, massive data breach, or organization-wide ransomware attack. Attackers are likely already scanning for this weakness. Expected impact: $1M+ in losses, potential business closure.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: SOC2, NIST, CIS, CMMC, ISO27001, GDPR, FedRAMP, HITRUST
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Critical |
APP-095 |
Service Principal: High-Risk Application Permissions
Service principal granted high-risk application permissions (Mail.ReadWrite.All, Files.ReadWrite.All).
|
1,226
|
MicrosoftGraph.Applications |
L
4-8 hrs
|
Why This Matters
A critical security feature has been turned off, leaving your organization exposed. Security features exist for a reason - disabling them creates exploitable gaps that attackers actively look for.
What Is The Risk
IMMEDIATE THREAT: This issue is actively exploitable and could lead to complete system compromise, massive data breach, or organization-wide ransomware attack. Attackers are likely already scanning for this weakness. Expected impact: $1M+ in losses, potential business closure.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: SOC2, NIST, ISO27001, GDPR, FedRAMP
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Critical |
EXO-002 |
External Mailbox Forwarding Enabled
Mailbox is configured to forward emails to an external address. This is a common data exfiltration technique.
|
499
|
ExchangeOnline |
S
1-2 hrs
|
Why This Matters
Sensitive data (customer info, financials, IP) could be leaked or stolen. Data breaches result in regulatory fines, lawsuits, and irreparable reputation damage.
What Is The Risk
IMMEDIATE THREAT: This issue is actively exploitable and could lead to complete system compromise, massive data breach, or organization-wide ransomware attack. Attackers are likely already scanning for this weakness. Expected impact: $1M+ in losses, potential business closure.
What To Do
Automated Fix Available: This can be remediated using PowerShell. Your IT team can run the command shown below to fix this issue.
Recommended Action: Schedule this fix with your IT team. For Critical/High severity items, consider expedited change procedures.
Compliance Impact: This finding affects: NIST, CIS, HIPAA, ISO27001, GDPR, FedRAMP, HITRUST
Technical Remediation:
Set-Mailbox -Identity '<UserPrincipalName>' -ForwardingSmtpAddress $null
|
| Critical |
SECURESCORE-M365-scid_2012 |
Turn on real-time protection
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
IMMEDIATE THREAT: This issue is actively exploitable and could lead to complete system compromise, massive data breach, or organization-wide ransomware attack. Attackers are likely already scanning for this weakness. Expected impact: $1M+ in losses, potential business closure.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Critical |
SECURESCORE-M365-scid_6090 |
Turn on Microsoft Defender Antivirus real-time protection for Linux
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
IMMEDIATE THREAT: This issue is actively exploitable and could lead to complete system compromise, massive data breach, or organization-wide ransomware attack. Attackers are likely already scanning for this weakness. Expected impact: $1M+ in losses, potential business closure.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Critical |
SECURESCORE-M365-scid_6002 |
Fix Microsoft Defender for Endpoint impaired communications for Linux
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
IMMEDIATE THREAT: This issue is actively exploitable and could lead to complete system compromise, massive data breach, or organization-wide ransomware attack. Attackers are likely already scanning for this weakness. Expected impact: $1M+ in losses, potential business closure.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Critical |
SECURESCORE-M365-scid_6001 |
Fix Microsoft Defender for Endpoint sensor data collection for Linux
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
IMMEDIATE THREAT: This issue is actively exploitable and could lead to complete system compromise, massive data breach, or organization-wide ransomware attack. Attackers are likely already scanning for this weakness. Expected impact: $1M+ in losses, potential business closure.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Critical |
SECURESCORE-M365-scid_5090 |
Turn on Microsoft Defender Antivirus real-time protection in macOS
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
IMMEDIATE THREAT: This issue is actively exploitable and could lead to complete system compromise, massive data breach, or organization-wide ransomware attack. Attackers are likely already scanning for this weakness. Expected impact: $1M+ in losses, potential business closure.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Critical |
SECURESCORE-M365-scid_5007 |
Turn on Firewall in macOS
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
IMMEDIATE THREAT: This issue is actively exploitable and could lead to complete system compromise, massive data breach, or organization-wide ransomware attack. Attackers are likely already scanning for this weakness. Expected impact: $1M+ in losses, potential business closure.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Critical |
SECURESCORE-M365-scid_5002 |
Fix Microsoft Defender for Endpoint impaired communications in macOS
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
IMMEDIATE THREAT: This issue is actively exploitable and could lead to complete system compromise, massive data breach, or organization-wide ransomware attack. Attackers are likely already scanning for this weakness. Expected impact: $1M+ in losses, potential business closure.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Critical |
SECURESCORE-M365-scid_5001 |
Fix Microsoft Defender for Endpoint sensor data collection in macOS
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
IMMEDIATE THREAT: This issue is actively exploitable and could lead to complete system compromise, massive data breach, or organization-wide ransomware attack. Attackers are likely already scanning for this weakness. Expected impact: $1M+ in losses, potential business closure.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Critical |
SECURESCORE-M365-AdminMFAV2 |
Ensure multifactor authentication is enabled for all users in administrative roles
Secure Score control not implemented. First, users with administrative roles need to register for MFA. After each admin is registered, your policies then determine when they’re prompted for the additional authentication factors.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Identity is the new security perimeter. Compromised credentials are involved in 80% of breaches - weak identity controls give attackers legitimate access to your systems.
What Is The Risk
IMMEDIATE THREAT: This issue is actively exploitable and could lead to complete system compromise, massive data breach, or organization-wide ransomware attack. Attackers are likely already scanning for this weakness. Expected impact: $1M+ in losses, potential business closure.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Critical |
SECURESCORE-M365-scid_2000 |
Turn on Microsoft Defender for Endpoint sensor
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
IMMEDIATE THREAT: This issue is actively exploitable and could lead to complete system compromise, massive data breach, or organization-wide ransomware attack. Attackers are likely already scanning for this weakness. Expected impact: $1M+ in losses, potential business closure.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Critical |
SECURESCORE-M365-scid_2001 |
Fix Microsoft Defender for Endpoint sensor data collection
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
IMMEDIATE THREAT: This issue is actively exploitable and could lead to complete system compromise, massive data breach, or organization-wide ransomware attack. Attackers are likely already scanning for this weakness. Expected impact: $1M+ in losses, potential business closure.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Critical |
SECURESCORE-M365-scid_2010 |
Turn on Microsoft Defender Antivirus
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
IMMEDIATE THREAT: This issue is actively exploitable and could lead to complete system compromise, massive data breach, or organization-wide ransomware attack. Attackers are likely already scanning for this weakness. Expected impact: $1M+ in losses, potential business closure.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Critical |
SECURESCORE-M365-scid_92 |
Enable Microsoft Defender Antivirus scanning of downloaded files and attachments
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
IMMEDIATE THREAT: This issue is actively exploitable and could lead to complete system compromise, massive data breach, or organization-wide ransomware attack. Attackers are likely already scanning for this weakness. Expected impact: $1M+ in losses, potential business closure.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Critical |
SECURESCORE-M365-scid_2002 |
Fix Microsoft Defender for Endpoint impaired communications
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
IMMEDIATE THREAT: This issue is actively exploitable and could lead to complete system compromise, massive data breach, or organization-wide ransomware attack. Attackers are likely already scanning for this weakness. Expected impact: $1M+ in losses, potential business closure.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Critical |
SECURESCORE-M365-scid_2030 |
Update Microsoft Defender for Endpoint core components
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
IMMEDIATE THREAT: This issue is actively exploitable and could lead to complete system compromise, massive data breach, or organization-wide ransomware attack. Attackers are likely already scanning for this weakness. Expected impact: $1M+ in losses, potential business closure.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Critical |
SECURESCORE-M365-scid_2070 |
Turn on Microsoft Defender Firewall
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
IMMEDIATE THREAT: This issue is actively exploitable and could lead to complete system compromise, massive data breach, or organization-wide ransomware attack. Attackers are likely already scanning for this weakness. Expected impact: $1M+ in losses, potential business closure.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Critical |
DEVICE-006 |
Non-Compliant Device Has Access
Device is marked non-compliant but still has access to corporate resources. CA policy not enforcing compliance.
|
346
|
MicrosoftGraphDeviceManagement |
M
2-4 hrs
|
Why This Matters
System.Object[]
What Is The Risk
IMMEDIATE THREAT: This issue is actively exploitable and could lead to complete system compromise, massive data breach, or organization-wide ransomware attack. Attackers are likely already scanning for this weakness. Expected impact: $1M+ in losses, potential business closure.
What To Do
Investigation Required: This finding needs human review to determine the appropriate action.
Recommended Action: Security team should review the affected items and determine if they are legitimate or require remediation.
Compliance Impact: This finding affects: ISO27001, NIST, CIS, SOC2, FedRAMP, HITRUST
Technical Remediation:
Verify CA policy enforces device compliance. Remediate device or block access.
|
| Critical |
MGI-014 |
Risk Detection: High-Risk User Sign-In
Azure AD Identity Protection detected high-risk user sign-in activity (leaked credentials, anomalous activity).
|
8
|
MicrosoftGraph.Identity.SignIns |
M
2-4 hrs
|
Why This Matters
Identity is the new security perimeter. Compromised credentials are involved in 80% of breaches - weak identity controls give attackers legitimate access to your systems.
What Is The Risk
IMMEDIATE THREAT: This issue is actively exploitable and could lead to complete system compromise, massive data breach, or organization-wide ransomware attack. Attackers are likely already scanning for this weakness. Expected impact: $1M+ in losses, potential business closure.
What To Do
Investigation Required: This finding needs human review to determine the appropriate action.
Recommended Action: Security team should review the affected items and determine if they are legitimate or require remediation.
Compliance Impact: This finding affects: NIST, CIS, HIPAA, ISO27001, SOC2, FedRAMP, HITRUST
Technical Remediation:
Investigate and force password reset: Invoke-MgDismissRiskyUser or Invoke-MgConfirmRiskyUserCompromised
|
| Critical |
AZURE-069 |
Azure Network Security Group: Unrestricted Inbound RDP
NSG rule allows inbound RDP (port 3389) from internet. High risk of brute force attacks.
|
4
|
Azure.Network |
M
2-4 hrs
|
Why This Matters
A critical security feature has been turned off, leaving your organization exposed. Security features exist for a reason - disabling them creates exploitable gaps that attackers actively look for.
What Is The Risk
IMMEDIATE THREAT: This issue is actively exploitable and could lead to complete system compromise, massive data breach, or organization-wide ransomware attack. Attackers are likely already scanning for this weakness. Expected impact: $1M+ in losses, potential business closure.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST, CIS, CMMC, ISO27001, FedRAMP, HITRUST
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Critical |
AZURE-070 |
Azure Network Security Group: Unrestricted Inbound SSH
NSG rule allows inbound SSH (port 22) from internet. High risk of brute force attacks.
|
4
|
Azure.Network |
M
2-4 hrs
|
Why This Matters
A critical security feature has been turned off, leaving your organization exposed. Security features exist for a reason - disabling them creates exploitable gaps that attackers actively look for.
What Is The Risk
IMMEDIATE THREAT: This issue is actively exploitable and could lead to complete system compromise, massive data breach, or organization-wide ransomware attack. Attackers are likely already scanning for this weakness. Expected impact: $1M+ in losses, potential business closure.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST, CIS, CMMC, ISO27001, FedRAMP, HITRUST
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Critical |
AZURE-002 |
Storage Account: Public Blob Access Allowed
Storage account allows public anonymous access to blob containers. Data exposure risk.
|
4
|
Azure.Storage |
M
2-4 hrs
|
Why This Matters
Azure/Entra ID is your identity foundation. Misconfigurations here affect every user and application in your organization.
What Is The Risk
IMMEDIATE THREAT: This issue is actively exploitable and could lead to complete system compromise, massive data breach, or organization-wide ransomware attack. Attackers are likely already scanning for this weakness. Expected impact: $1M+ in losses, potential business closure.
What To Do
Remediation Guidance: Disable public blob access: Set-AzStorageAccount -ResourceGroupName '<RG>' -Name '<Account>' -AllowBlobPublicAccess $false
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: ISO27001, SOC2, NIST, HIPAA, CIS, CMMC, FedRAMP, HITRUST
Technical Remediation:
Disable public blob access: Set-AzStorageAccount -ResourceGroupName '<RG>' -Name '<Account>' -AllowBlobPublicAccess $false
|
| Critical |
AZURE-112 |
PublicNetworkAccess Insecure Feature Enabled
Property 'PublicNetworkAccess' has value eq True which may indicate a security misconfiguration. Sample values observed: true
|
4
|
Azure.Automation |
M
2-4 hrs
|
Why This Matters
A potentially dangerous feature is enabled that could be exploited. This feature may have legitimate uses but significantly increases your attack surface.
What Is The Risk
IMMEDIATE THREAT: This issue is actively exploitable and could lead to complete system compromise, massive data breach, or organization-wide ransomware attack. Attackers are likely already scanning for this weakness. Expected impact: $1M+ in losses, potential business closure.
What To Do
Investigation Required: This finding needs human review to determine the appropriate action.
Recommended Action: Security team should review the affected items and determine if they are legitimate or require remediation.
Compliance Impact: This finding affects: NIST, CIS, FedRAMP
Technical Remediation:
Review property 'PublicNetworkAccess' in Azure.Automation module. Consider disabling this insecure feature by setting the property to false.
|
| Critical |
MGI-085 |
Identity Protection: No Risky Sign-In Response Policy
No CA policy responds to risky sign-ins detected by Identity Protection.
|
3
|
MicrosoftGraph.Identity.SignIns |
M
2-4 hrs
|
Why This Matters
A critical security feature has been turned off, leaving your organization exposed. Security features exist for a reason - disabling them creates exploitable gaps that attackers actively look for.
What Is The Risk
IMMEDIATE THREAT: This issue is actively exploitable and could lead to complete system compromise, massive data breach, or organization-wide ransomware attack. Attackers are likely already scanning for this weakness. Expected impact: $1M+ in losses, potential business closure.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: SOC2, NIST, CMMC, ISO27001, GDPR, FedRAMP, HITRUST
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Critical |
MGI-086 |
Identity Protection: No Risky User Response Policy
No CA policy responds to risky users (compromised credentials) detected by Identity Protection.
|
3
|
MicrosoftGraph.Identity.SignIns |
M
2-4 hrs
|
Why This Matters
A critical security feature has been turned off, leaving your organization exposed. Security features exist for a reason - disabling them creates exploitable gaps that attackers actively look for.
What Is The Risk
IMMEDIATE THREAT: This issue is actively exploitable and could lead to complete system compromise, massive data breach, or organization-wide ransomware attack. Attackers are likely already scanning for this weakness. Expected impact: $1M+ in losses, potential business closure.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: SOC2, NIST, CMMC, ISO27001, GDPR, FedRAMP, HITRUST
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Critical |
MGI-082 |
Conditional Access: No Block Policy for Legacy Authentication
No Conditional Access policy blocks legacy authentication. MFA bypass path exists.
|
3
|
MicrosoftGraph.Identity.SignIns |
M
2-4 hrs
|
Why This Matters
A critical security feature has been turned off, leaving your organization exposed. Security features exist for a reason - disabling them creates exploitable gaps that attackers actively look for.
What Is The Risk
IMMEDIATE THREAT: This issue is actively exploitable and could lead to complete system compromise, massive data breach, or organization-wide ransomware attack. Attackers are likely already scanning for this weakness. Expected impact: $1M+ in losses, potential business closure.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: SOC2, NIST, CIS, CMMC, ISO27001, GDPR, FedRAMP, HITRUST
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Critical |
MGI-081 |
Conditional Access: No MFA Requirement for Administrators
No Conditional Access policy requires MFA for administrator accounts. Critical privileged access gap.
|
3
|
MicrosoftGraph.Identity.SignIns |
M
2-4 hrs
|
Why This Matters
A critical security feature has been turned off, leaving your organization exposed. Security features exist for a reason - disabling them creates exploitable gaps that attackers actively look for.
What Is The Risk
IMMEDIATE THREAT: This issue is actively exploitable and could lead to complete system compromise, massive data breach, or organization-wide ransomware attack. Attackers are likely already scanning for this weakness. Expected impact: $1M+ in losses, potential business closure.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: SOC2, NIST, CIS, CMMC, ISO27001, GDPR, FedRAMP, HITRUST
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Critical |
MGI-009 |
Security Defaults Disabled
Security Defaults are disabled and may not be replaced by Conditional Access. Baseline security missing.
|
2
|
MicrosoftGraph.Identity.SignIns |
M
2-4 hrs
|
Why This Matters
This security finding indicates a gap in your security posture. Unaddressed security gaps accumulate risk and increase the likelihood of a successful attack.
What Is The Risk
IMMEDIATE THREAT: This issue is actively exploitable and could lead to complete system compromise, massive data breach, or organization-wide ransomware attack. Attackers are likely already scanning for this weakness. Expected impact: $1M+ in losses, potential business closure.
What To Do
Remediation Guidance: Enable Security Defaults OR implement comprehensive CA policies covering MFA, legacy auth block, and admin protection
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: SOC2, NIST, CIS, ISO27001, GDPR, FedRAMP, HITRUST
Technical Remediation:
Enable Security Defaults OR implement comprehensive CA policies covering MFA, legacy auth block, and admin protection
|
| Critical |
DEFENDER-088 |
DisableLocalAuth Missing Security Control
Property 'DisableLocalAuth' has value eq which may indicate a security misconfiguration. Sample values observed: null, true
|
2
|
Azure.ApplicationInsights |
M
2-4 hrs
|
Why This Matters
A recommended security control is not in place. Without this protection layer, your organization lacks defense-in-depth and is vulnerable to attacks that this control would prevent.
What Is The Risk
IMMEDIATE THREAT: This issue is actively exploitable and could lead to complete system compromise, massive data breach, or organization-wide ransomware attack. Attackers are likely already scanning for this weakness. Expected impact: $1M+ in losses, potential business closure.
What To Do
Investigation Required: This finding needs human review to determine the appropriate action.
Recommended Action: Security team should review the affected items and determine if they are legitimate or require remediation.
Compliance Impact: This finding affects: SOC2, NIST, CIS, CMMC, ISO27001, GDPR
Technical Remediation:
Review property 'DisableLocalAuth' in Azure.ApplicationInsights module. Ensure this security control is configured with an appropriate value.
|
| Critical |
SCUBA-EID-002 |
If policy matches basic conditions, special conditions,
CISA federal baseline requirement: If policy matches basic conditions, special conditions,
|
1
|
|
M
2-4 hrs
|
Why This Matters
Azure/Entra ID is your identity foundation. Misconfigurations here affect every user and application in your organization.
What Is The Risk
IMMEDIATE THREAT: This issue is actively exploitable and could lead to complete system compromise, massive data breach, or organization-wide ransomware attack. Attackers are likely already scanning for this weakness. Expected impact: $1M+ in losses, potential business closure.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA Baseline, Federal Security Baseline
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Critical |
SCUBA-SPO-005 |
SharePoint default link permission must be set to "View" only
CISA MS.SHAREPOINT.2.2v1: DefaultLinkPermission must be 1 (View) to prevent accidental edit permissions on shared links.
|
1
|
|
M
2-4 hrs
|
Why This Matters
SharePoint stores critical business documents. Misconfigured permissions can expose sensitive data to unauthorized users or the public internet.
What Is The Risk
IMMEDIATE THREAT: This issue is actively exploitable and could lead to complete system compromise, massive data breach, or organization-wide ransomware attack. Attackers are likely already scanning for this weakness. Expected impact: $1M+ in losses, potential business closure.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA Baseline, Federal Security Baseline
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Critical |
SCUBA-SPO-006 |
MS.SHAREPOINT.3.1v1
CISA federal baseline requirement: MS.SHAREPOINT.3.1v1
|
1
|
|
M
2-4 hrs
|
Why This Matters
SharePoint stores critical business documents. Misconfigured permissions can expose sensitive data to unauthorized users or the public internet.
What Is The Risk
IMMEDIATE THREAT: This issue is actively exploitable and could lead to complete system compromise, massive data breach, or organization-wide ransomware attack. Attackers are likely already scanning for this weakness. Expected impact: $1M+ in losses, potential business closure.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA Baseline, Federal Security Baseline
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Critical |
MANUAL-086 |
Extremely Dangerous OAuth Consent: AppRoleAssignment.ReadWrite.All
Detects OAuth consent grants with AppRoleAssignment.ReadWrite.All permission. This permission allows the application to manage role assignments for applications and service principals, enabling privilege escalation attacks. HAWK forensic indicator - Extremely Dangerous category.
|
1
|
|
M
2-4 hrs
|
Why This Matters
Applications with excessive permissions can access and exfiltrate data. Malicious or compromised apps are a growing attack vector.
What Is The Risk
IMMEDIATE THREAT: This issue is actively exploitable and could lead to complete system compromise, massive data breach, or organization-wide ransomware attack. Attackers are likely already scanning for this weakness. Expected impact: $1M+ in losses, potential business closure.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Critical |
SCUBA-SPO-007 |
SharePoint "Anyone" links must have expiration enabled if external sharing allows Anyone
CISA MS.SHAREPOINT.3.2v1: When SharingCapability allows "Anyone" (2), expiration must be set for both file and folder "Anyone" links to limit exposure time.
|
1
|
|
M
2-4 hrs
|
Why This Matters
SharePoint stores critical business documents. Misconfigured permissions can expose sensitive data to unauthorized users or the public internet.
What Is The Risk
IMMEDIATE THREAT: This issue is actively exploitable and could lead to complete system compromise, massive data breach, or organization-wide ransomware attack. Attackers are likely already scanning for this weakness. Expected impact: $1M+ in losses, potential business closure.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA Baseline, Federal Security Baseline
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Critical |
SCUBA-SPO-008 |
MS.SHAREPOINT.3.3v1
CISA federal baseline requirement: MS.SHAREPOINT.3.3v1
|
1
|
|
M
2-4 hrs
|
Why This Matters
SharePoint stores critical business documents. Misconfigured permissions can expose sensitive data to unauthorized users or the public internet.
What Is The Risk
IMMEDIATE THREAT: This issue is actively exploitable and could lead to complete system compromise, massive data breach, or organization-wide ransomware attack. Attackers are likely already scanning for this weakness. Expected impact: $1M+ in losses, potential business closure.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA Baseline, Federal Security Baseline
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Critical |
MANUAL-049 |
Ensure Microsoft Authenticator is configured to protect against MFA fatigue
Verifies that microsoft authenticator is configured to protect against mfa fatigue
|
1
|
|
M
2-4 hrs
|
Why This Matters
This security finding indicates a gap in your security posture. Unaddressed security gaps accumulate risk and increase the likelihood of a successful attack.
What Is The Risk
IMMEDIATE THREAT: This issue is actively exploitable and could lead to complete system compromise, massive data breach, or organization-wide ransomware attack. Attackers are likely already scanning for this weakness. Expected impact: $1M+ in losses, potential business closure.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CIS M365
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Critical |
MANUAL-048 |
Ensure Security Defaults is disabled on Azure Active Directory
Verifies that security defaults is disabled on azure active directory
|
1
|
|
M
2-4 hrs
|
Why This Matters
Identity is the new security perimeter. Compromised credentials are involved in 80% of breaches - weak identity controls give attackers legitimate access to your systems.
What Is The Risk
IMMEDIATE THREAT: This issue is actively exploitable and could lead to complete system compromise, massive data breach, or organization-wide ransomware attack. Attackers are likely already scanning for this weakness. Expected impact: $1M+ in losses, potential business closure.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CIS M365
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Critical |
MANUAL-047 |
Ensure non-global administrator role group assignments are reviewed at least weekly
Verifies that non-global administrator role group assignments are reviewed at least weekly
|
1
|
|
M
2-4 hrs
|
Why This Matters
Without proper audit logging, you cannot detect breaches, investigate incidents, or prove compliance. Attackers specifically target logging to hide their activities.
What Is The Risk
IMMEDIATE THREAT: This issue is actively exploitable and could lead to complete system compromise, massive data breach, or organization-wide ransomware attack. Attackers are likely already scanning for this weakness. Expected impact: $1M+ in losses, potential business closure.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CIS M365
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Critical |
SCUBA-EID-021 |
Save role name if id is a specific string and approval is
CISA federal baseline requirement: Save role name if id is a specific string and approval is
|
1
|
|
M
2-4 hrs
|
Why This Matters
Azure/Entra ID is your identity foundation. Misconfigurations here affect every user and application in your organization.
What Is The Risk
IMMEDIATE THREAT: This issue is actively exploitable and could lead to complete system compromise, massive data breach, or organization-wide ransomware attack. Attackers are likely already scanning for this weakness. Expected impact: $1M+ in losses, potential business closure.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA Baseline, Federal Security Baseline, FedRAMP
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Critical |
MANUAL-041 |
Ensure Administrative accounts are separate and cloud-only
Verifies that administrative accounts are separate and cloud-only
|
1
|
|
M
2-4 hrs
|
Why This Matters
This security finding indicates a gap in your security posture. Unaddressed security gaps accumulate risk and increase the likelihood of a successful attack.
What Is The Risk
IMMEDIATE THREAT: This issue is actively exploitable and could lead to complete system compromise, massive data breach, or organization-wide ransomware attack. Attackers are likely already scanning for this weakness. Expected impact: $1M+ in losses, potential business closure.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CIS M365
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Critical |
MANUAL-092 |
PIM Not Configured for Directory Roles
Privileged Identity Management (PIM) is not configured for Entra ID directory roles. PIM provides just-in-time privileged access and reduces standing admin permissions.
|
1
|
|
M
2-4 hrs
|
Why This Matters
Privileged accounts are high-value targets. A compromised admin account gives attackers complete control over your environment.
What Is The Risk
IMMEDIATE THREAT: This issue is actively exploitable and could lead to complete system compromise, massive data breach, or organization-wide ransomware attack. Attackers are likely already scanning for this weakness. Expected impact: $1M+ in losses, potential business closure.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA SCuBA, CIS M365 Foundation 1.1.2, NIST 800-53 AC-2(1), ISO 27001 A.9.2.3, SOC2 CC6.3, PCI-DSS 7.1, CMMC L2, FedRAMP, HITRUST
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Critical |
SCUBA-EID-022 |
Save role name if id is a specific string and no
CISA federal baseline requirement: Save role name if id is a specific string and no
|
1
|
|
M
2-4 hrs
|
Why This Matters
Azure/Entra ID is your identity foundation. Misconfigurations here affect every user and application in your organization.
What Is The Risk
IMMEDIATE THREAT: This issue is actively exploitable and could lead to complete system compromise, massive data breach, or organization-wide ransomware attack. Attackers are likely already scanning for this weakness. Expected impact: $1M+ in losses, potential business closure.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA Baseline, Federal Security Baseline, FedRAMP
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Critical |
MANUAL-036 |
Azure Storage Accounts Not Secured Properly
Validates Azure Storage account security settings (public access, encryption, firewall)
|
1
|
|
M
2-4 hrs
|
Why This Matters
Sensitive data (customer info, financials, IP) could be leaked or stolen. Data breaches result in regulatory fines, lawsuits, and irreparable reputation damage.
What Is The Risk
IMMEDIATE THREAT: This issue is actively exploitable and could lead to complete system compromise, massive data breach, or organization-wide ransomware attack. Attackers are likely already scanning for this weakness. Expected impact: $1M+ in losses, potential business closure.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Critical |
SCUBA-EID-031 |
Privileged Roles Assigned to Guest Users
Guest users should not have privileged administrative roles as they are external to the organization.
|
1
|
|
M
2-4 hrs
|
Why This Matters
Azure/Entra ID is your identity foundation. Misconfigurations here affect every user and application in your organization.
What Is The Risk
IMMEDIATE THREAT: This issue is actively exploitable and could lead to complete system compromise, massive data breach, or organization-wide ransomware attack. Attackers are likely already scanning for this weakness. Expected impact: $1M+ in losses, potential business closure.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CIS M365, NIST 800-53
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Critical |
MANUAL-032 |
Virtual Machine Disks Not Encrypted
Validates encryption status of Azure VM disks (OS and data disks)
|
1
|
|
M
2-4 hrs
|
Why This Matters
Sensitive data (customer info, financials, IP) could be leaked or stolen. Data breaches result in regulatory fines, lawsuits, and irreparable reputation damage.
What Is The Risk
IMMEDIATE THREAT: This issue is actively exploitable and could lead to complete system compromise, massive data breach, or organization-wide ransomware attack. Attackers are likely already scanning for this weakness. Expected impact: $1M+ in losses, potential business closure.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Critical |
MANUAL-028 |
SAML Token Usage Anomaly Detected (16457)
Detects UserAuthenticationValue of 16457 in federated domains, potentially indicating Golden SAML attack or SAML token manipulation
|
1
|
|
M
2-4 hrs
|
Why This Matters
Identity is the new security perimeter. Compromised credentials are involved in 80% of breaches - weak identity controls give attackers legitimate access to your systems.
What Is The Risk
IMMEDIATE THREAT: This issue is actively exploitable and could lead to complete system compromise, massive data breach, or organization-wide ransomware attack. Attackers are likely already scanning for this weakness. Expected impact: $1M+ in losses, potential business closure.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Critical |
MANUAL-023 |
Unauthorized Domain Authentication or Federation Settings Changes
Detects modifications to domain authentication or federation settings which could indicate federation attacks (e.g., Golden SAML)
|
1
|
|
M
2-4 hrs
|
Why This Matters
Identity is the new security perimeter. Compromised credentials are involved in 80% of breaches - weak identity controls give attackers legitimate access to your systems.
What Is The Risk
IMMEDIATE THREAT: This issue is actively exploitable and could lead to complete system compromise, massive data breach, or organization-wide ransomware attack. Attackers are likely already scanning for this weakness. Expected impact: $1M+ in losses, potential business closure.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Critical |
MANUAL-022 |
Third-Party Applications Allowed
Third-party integrated applications are allowed to run in the organization's Office 365 environment if a user authorizes them to do so. This configuration is considered insecure because a user may grant permissions to a malicious application without fully understanding the security implications. A user who installs a malicious third-party application is in effect compromised. Additionally, there are documented cases of a malicious actor gaining access to sensitive information by enticing a user to allow a third-party integrated application to run within their O365 Tenant.
|
1
|
|
M
2-4 hrs
|
Why This Matters
Azure/Entra ID is your identity foundation. Misconfigurations here affect every user and application in your organization.
What Is The Risk
IMMEDIATE THREAT: This issue is actively exploitable and could lead to complete system compromise, massive data breach, or organization-wide ransomware attack. Attackers are likely already scanning for this weakness. Expected impact: $1M+ in losses, potential business closure.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Critical |
MANUAL-019 |
SharePoint Online Modern Authentication is Not Enabled
Modern Authentication is a SharePoint Online setting that allows authentication features such as MFA, smart cards, and certificate-based authentication to function. These authentication features, particularly MFA, are vital for the secure operation of an organization. It is recommended to enable SharePoint modern authentication.
|
1
|
|
M
2-4 hrs
|
Why This Matters
This security finding indicates a gap in your security posture. Unaddressed security gaps accumulate risk and increase the likelihood of a successful attack.
What Is The Risk
IMMEDIATE THREAT: This issue is actively exploitable and could lead to complete system compromise, massive data breach, or organization-wide ransomware attack. Attackers are likely already scanning for this weakness. Expected impact: $1M+ in losses, potential business closure.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Critical |
MANUAL-018 |
SharePoint External User Resharing Permitted
SharePoint is the organization's hub for sharing files amongst each other. SharePoint can also permit users to share content with anonymous outsiders or members of other organizations (commonly referred to as "external users"). Current SharePoint settings are configured such that, if users share a file with an external user, that external user can re-share the file arbitrarily with other external users. This is a highly permissive setting that could result in the unsafe propagation of the organization's confidential information in ways that may not be fully intended.
|
1
|
|
M
2-4 hrs
|
Why This Matters
This security finding indicates a gap in your security posture. Unaddressed security gaps accumulate risk and increase the likelihood of a successful attack.
What Is The Risk
IMMEDIATE THREAT: This issue is actively exploitable and could lead to complete system compromise, massive data breach, or organization-wide ransomware attack. Attackers are likely already scanning for this weakness. Expected impact: $1M+ in losses, potential business closure.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Critical |
MANUAL-017 |
Microsoft Secure Defaults
Microsoft Security Defaults are enabled on all tenants by default. Security Defaults configures and enforces a number of common security features. If more fine-grained security options are required, consider enabling Conditional Access policies. If Security Defaults are not enabled, ensure that other configurations are in place to safeguard your tenant and users.
|
1
|
|
M
2-4 hrs
|
Why This Matters
Azure/Entra ID is your identity foundation. Misconfigurations here affect every user and application in your organization.
What Is The Risk
IMMEDIATE THREAT: This issue is actively exploitable and could lead to complete system compromise, massive data breach, or organization-wide ransomware attack. Attackers are likely already scanning for this weakness. Expected impact: $1M+ in losses, potential business closure.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Critical |
MANUAL-016 |
Safe Links Does Not Flag Links in Real Time
Safe Links is an Office 365 feature that enables the detection of suspicious links used in attacks delivered via Exchange Email and Teams, such as phishing attacks. ATP Safe Links can be configured to flag dangerous links in email and guarantee that the email will not be delivered until the Safe Links scanning is complete. This is the ideal Safe Links setting. However, this setting is currently disabled, which means it is possible for emails to be delivered before Safe Links protections have been applied. It is also possible that this inspector finding was generated because ATP Safe Links is not enabled or the organization does not have an appropriate O365 license tier to use ATP Safe Links features, in which case the remediation described below would not apply.
|
1
|
|
M
2-4 hrs
|
Why This Matters
System.Object[]
What Is The Risk
IMMEDIATE THREAT: This issue is actively exploitable and could lead to complete system compromise, massive data breach, or organization-wide ransomware attack. Attackers are likely already scanning for this weakness. Expected impact: $1M+ in losses, potential business closure.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Critical |
MANUAL-005 |
Dangerous Application Permissions Found
Applications were found to be registered or enabled in the tenant that contain dangerous permissions. The permissions, AppRoleAssignment.ReadWrite.All and RoleManagement.ReadWrite.Directory are the same permissions that were abused to breach Microsoft's environment to compromise email accounts belonging to senior leadership, legal, and cybersecurity teams between November 2023 and January 12, 2024. The permission RoleManagement.ReadWrite.Directory grants assigned applications and user accounts the ability to grant or modify any Directory Role assignment, allowing users or applications to assign Global Administrator roles to any targeted application, service principal, or user without a signed in user. Additionally, and far more concerning, the permission AppRoleAssignment.ReadWrite.All allows applications assigned this permission to elevate its own permissions, or that of any other application in the environment, by programmatically assigning and granting <i>any</i> desired API permissions to itself or the targeted application without the need for administrator consent or a signed in user.
|
1
|
|
M
2-4 hrs
|
Why This Matters
This security finding indicates a gap in your security posture. Unaddressed security gaps accumulate risk and increase the likelihood of a successful attack.
What Is The Risk
IMMEDIATE THREAT: This issue is actively exploitable and could lead to complete system compromise, massive data breach, or organization-wide ransomware attack. Attackers are likely already scanning for this weakness. Expected impact: $1M+ in losses, potential business closure.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Critical |
MANUAL-002 |
Basic Authentication is Enabled
Basic Authentication protocols send usernames and passwords in requests, usually with very simple Base64 encoding, making it trivial to capture and decode user credentials. Basic Authentication may be necessary for some legacy software but is unable to enforce MFA and Microsoft has replaced it with Modern Authentication in their offerings.
|
1
|
|
M
2-4 hrs
|
Why This Matters
This security finding indicates a gap in your security posture. Unaddressed security gaps accumulate risk and increase the likelihood of a successful attack.
What Is The Risk
IMMEDIATE THREAT: This issue is actively exploitable and could lead to complete system compromise, massive data breach, or organization-wide ransomware attack. Attackers are likely already scanning for this weakness. Expected impact: $1M+ in losses, potential business closure.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Critical |
SCUBA-EID-023 |
Save role name if id is a specific string, notification
CISA federal baseline requirement: Save role name if id is a specific string, notification
|
1
|
|
M
2-4 hrs
|
Why This Matters
Azure/Entra ID is your identity foundation. Misconfigurations here affect every user and application in your organization.
What Is The Risk
IMMEDIATE THREAT: This issue is actively exploitable and could lead to complete system compromise, massive data breach, or organization-wide ransomware attack. Attackers are likely already scanning for this weakness. Expected impact: $1M+ in losses, potential business closure.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA Baseline, Federal Security Baseline, FedRAMP
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Critical |
MANUAL-100 |
Legacy authentication SHALL be blocked tenant-wide
CISA ScubaGear MS.AAD.3.4v1: Legacy authentication protocols (Basic Auth, POP, IMAP, SMTP) SHALL be blocked for all users. Check authentication methods policy migration state.
|
1
|
|
M
2-4 hrs
|
Why This Matters
System.Object[]
What Is The Risk
IMMEDIATE THREAT: This issue is actively exploitable and could lead to complete system compromise, massive data breach, or organization-wide ransomware attack. Attackers are likely already scanning for this weakness. Expected impact: $1M+ in losses, potential business closure.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA Baseline, FedRAMP High, NIST 800-53 IA-2(1), CIS Microsoft 365 v3.0.0 1.1.3
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Critical |
MANUAL-105 |
A minimum of two and maximum of eight users SHALL be provisioned with Global Administrator role
CISA ScubaGear MS.AAD.7.1v1: The tenant SHALL have between 2-8 active Global Administrators for redundancy and least privilege. Fewer than 2 creates single point of failure; more than 8 increases attack surface.
|
1
|
|
M
2-4 hrs
|
Why This Matters
Azure/Entra ID is your identity foundation. Misconfigurations here affect every user and application in your organization.
What Is The Risk
IMMEDIATE THREAT: This issue is actively exploitable and could lead to complete system compromise, massive data breach, or organization-wide ransomware attack. Attackers are likely already scanning for this weakness. Expected impact: $1M+ in losses, potential business closure.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA Baseline, FedRAMP High, NIST 800-53 AC-2(1), CIS Microsoft 365 v3.0.0 1.1.1
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Critical |
SCUBA-EID-003 |
Entra ID requires phishing-resistant MFA for all users
CISA MS.AAD.3.1v1: Conditional Access policy must exist requiring phishing-resistant MFA (FIDO2, Windows Hello, Certificate-based auth) for all users and all apps with minimal exclusions.
|
1
|
|
M
2-4 hrs
|
Why This Matters
Azure/Entra ID is your identity foundation. Misconfigurations here affect every user and application in your organization.
What Is The Risk
IMMEDIATE THREAT: This issue is actively exploitable and could lead to complete system compromise, massive data breach, or organization-wide ransomware attack. Attackers are likely already scanning for this weakness. Expected impact: $1M+ in losses, potential business closure.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA Baseline, Federal Security Baseline
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Critical |
SCUBA-EID-001 |
If policy matches basic conditions, special conditions,
CISA federal baseline requirement: If policy matches basic conditions, special conditions,
|
1
|
|
M
2-4 hrs
|
Why This Matters
Azure/Entra ID is your identity foundation. Misconfigurations here affect every user and application in your organization.
What Is The Risk
IMMEDIATE THREAT: This issue is actively exploitable and could lead to complete system compromise, massive data breach, or organization-wide ransomware attack. Attackers are likely already scanning for this weakness. Expected impact: $1M+ in losses, potential business closure.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA Baseline, Federal Security Baseline
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Critical |
SCUBA-DEF-015 |
At a minimum, the alerts required by the EXO baseline SHALL be enabled.
CISA federal baseline requirement: At a minimum, the alerts required by the EXO baseline SHALL be enabled.
|
1
|
|
M
2-4 hrs
|
Why This Matters
Microsoft Defender protections are not fully enabled. Without active threat protection, malware and phishing attacks can succeed.
What Is The Risk
IMMEDIATE THREAT: This issue is actively exploitable and could lead to complete system compromise, massive data breach, or organization-wide ransomware attack. Attackers are likely already scanning for this weakness. Expected impact: $1M+ in losses, potential business closure.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA Baseline, Federal Security Baseline, FedRAMP
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Critical |
SCUBA-DEF-009 |
MS.DEFENDER.4.1v2
CISA federal baseline requirement: MS.DEFENDER.4.1v2
|
1
|
|
M
2-4 hrs
|
Why This Matters
Microsoft Defender protections are not fully enabled. Without active threat protection, malware and phishing attacks can succeed.
What Is The Risk
IMMEDIATE THREAT: This issue is actively exploitable and could lead to complete system compromise, massive data breach, or organization-wide ransomware attack. Attackers are likely already scanning for this weakness. Expected impact: $1M+ in losses, potential business closure.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA Baseline, Federal Security Baseline
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Critical |
SCUBA-DEF-004 |
Calls function in util file to find policies that protect
CISA federal baseline requirement: Calls function in util file to find policies that protect
|
1
|
|
M
2-4 hrs
|
Why This Matters
Microsoft Defender protections are not fully enabled. Without active threat protection, malware and phishing attacks can succeed.
What Is The Risk
IMMEDIATE THREAT: This issue is actively exploitable and could lead to complete system compromise, massive data breach, or organization-wide ransomware attack. Attackers are likely already scanning for this weakness. Expected impact: $1M+ in losses, potential business closure.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA Baseline, Federal Security Baseline, FedRAMP
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Critical |
SCUBA-DEF-003 |
Calls function in util file to find policies that protect
CISA federal baseline requirement: Calls function in util file to find policies that protect
|
1
|
|
M
2-4 hrs
|
Why This Matters
Microsoft Defender protections are not fully enabled. Without active threat protection, malware and phishing attacks can succeed.
What Is The Risk
IMMEDIATE THREAT: This issue is actively exploitable and could lead to complete system compromise, massive data breach, or organization-wide ransomware attack. Attackers are likely already scanning for this weakness. Expected impact: $1M+ in losses, potential business closure.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA Baseline, Federal Security Baseline, FedRAMP
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Critical |
SCUBA-SPO-003 |
SharePoint external sharing must be limited to specific domains when external sharing is enabled
CISA MS.SHAREPOINT.1.3v1: When external sharing is enabled (not "Only People In Organization"), SharingDomainRestrictionMode must be 1 (enabled) to limit sharing to approved domains.
|
1
|
|
XS
15-60 min
|
Why This Matters
SharePoint stores critical business documents. Misconfigured permissions can expose sensitive data to unauthorized users or the public internet.
What Is The Risk
IMMEDIATE THREAT: This issue is actively exploitable and could lead to complete system compromise, massive data breach, or organization-wide ransomware attack. Attackers are likely already scanning for this weakness. Expected impact: $1M+ in losses, potential business closure.
What To Do
Automated Fix Available: This can be remediated using PowerShell. Your IT team can run the command shown below to fix this issue.
Recommended Action: Schedule this fix with your IT team. For Critical/High severity items, consider expedited change procedures.
Compliance Impact: This finding affects: FedRAMP, NIST, CMMC
Technical Remediation:
Set-SPOTenant -OneDriveSharingCapability ExternalUserSharingOnly (or more restrictive)
|
| Critical |
SCUBA-DEF-002 |
TODO check exclusions
CISA federal baseline requirement: TODO check exclusions
|
1
|
|
M
2-4 hrs
|
Why This Matters
Microsoft Defender protections are not fully enabled. Without active threat protection, malware and phishing attacks can succeed.
What Is The Risk
IMMEDIATE THREAT: This issue is actively exploitable and could lead to complete system compromise, massive data breach, or organization-wide ransomware attack. Attackers are likely already scanning for this weakness. Expected impact: $1M+ in losses, potential business closure.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA Baseline, Federal Security Baseline
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Critical |
SCUBA-DEF-001 |
Return string based on boolean result of Standard & Strict conditions
CISA federal baseline requirement: Return string based on boolean result of Standard & Strict conditions
|
1
|
|
M
2-4 hrs
|
Why This Matters
Microsoft Defender protections are not fully enabled. Without active threat protection, malware and phishing attacks can succeed.
What Is The Risk
IMMEDIATE THREAT: This issue is actively exploitable and could lead to complete system compromise, massive data breach, or organization-wide ransomware attack. Attackers are likely already scanning for this weakness. Expected impact: $1M+ in losses, potential business closure.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA Baseline, Federal Security Baseline
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Critical |
EXO-022 |
Phishing Email Action: Move to Junk (Critical Weakness)
Phishing emails are moved to Junk instead of Quarantine. Users can still access credential theft attempts.
|
1
|
ExchangeOnline |
XS
15-60 min
|
Why This Matters
Email is the #1 attack vector - 90% of cyberattacks start with a phishing email. Weak email security enables credential theft, ransomware delivery, and business email compromise (BEC) fraud.
What Is The Risk
IMMEDIATE THREAT: This issue is actively exploitable and could lead to complete system compromise, massive data breach, or organization-wide ransomware attack. Attackers are likely already scanning for this weakness. Expected impact: $1M+ in losses, potential business closure.
What To Do
Automated Fix Available: This can be remediated using PowerShell. Your IT team can run the command shown below to fix this issue.
Recommended Action: Schedule this fix with your IT team. For Critical/High severity items, consider expedited change procedures.
Compliance Impact: This finding affects: SOC2, NIST, CIS, HIPAA, FedRAMP, HITRUST
Technical Remediation:
Set-HostedContentFilterPolicy -Identity '<Name>' -PhishSpamAction Quarantine
|
| Critical |
SCUBA-EID-004 |
Entra ID MFA conditional access policies must minimize exclusions
CISA MS.AAD.3.2v1: All conditional access policies requiring MFA must have justifiable exclusions only. Emergency access accounts should be the only exclusions.
|
1
|
|
M
2-4 hrs
|
Why This Matters
Azure/Entra ID is your identity foundation. Misconfigurations here affect every user and application in your organization.
What Is The Risk
IMMEDIATE THREAT: This issue is actively exploitable and could lead to complete system compromise, massive data breach, or organization-wide ransomware attack. Attackers are likely already scanning for this weakness. Expected impact: $1M+ in losses, potential business closure.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA Baseline, Federal Security Baseline
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Critical |
SCUBA-EID-005 |
Microsoft Authenticator must be configured with secure settings
CISA MS.AAD.3.3v2: Microsoft Authenticator authentication method must have number matching and additional context enabled to prevent MFA fatigue attacks.
|
1
|
|
M
2-4 hrs
|
Why This Matters
Azure/Entra ID is your identity foundation. Misconfigurations here affect every user and application in your organization.
What Is The Risk
IMMEDIATE THREAT: This issue is actively exploitable and could lead to complete system compromise, massive data breach, or organization-wide ransomware attack. Attackers are likely already scanning for this weakness. Expected impact: $1M+ in losses, potential business closure.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA Baseline, Federal Security Baseline
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Critical |
SCUBA-EID-007 |
Weak MFA methods (SMS, Voice, Email OTP) must be disabled
CISA MS.AAD.3.5v1: Authentication methods policy must disable or restrict SMS, Voice, and Email OTP as these are vulnerable to interception and phishing attacks.
|
1
|
|
M
2-4 hrs
|
Why This Matters
Azure/Entra ID is your identity foundation. Misconfigurations here affect every user and application in your organization.
What Is The Risk
IMMEDIATE THREAT: This issue is actively exploitable and could lead to complete system compromise, massive data breach, or organization-wide ransomware attack. Attackers are likely already scanning for this weakness. Expected impact: $1M+ in losses, potential business closure.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA Baseline, Federal Security Baseline
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Critical |
SCUBA-EID-008 |
First check if policy is enabled, then confirm that all
CISA federal baseline requirement: First check if policy is enabled, then confirm that all
|
1
|
|
M
2-4 hrs
|
Why This Matters
Azure/Entra ID is your identity foundation. Misconfigurations here affect every user and application in your organization.
What Is The Risk
IMMEDIATE THREAT: This issue is actively exploitable and could lead to complete system compromise, massive data breach, or organization-wide ransomware attack. Attackers are likely already scanning for this weakness. Expected impact: $1M+ in losses, potential business closure.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA Baseline, Federal Security Baseline, FedRAMP
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Critical |
SCUBA-EID-013 |
Return the Id if non-compliant user consent policies
CISA federal baseline requirement: Return the Id if non-compliant user consent policies
|
1
|
|
M
2-4 hrs
|
Why This Matters
Azure/Entra ID is your identity foundation. Misconfigurations here affect every user and application in your organization.
What Is The Risk
IMMEDIATE THREAT: This issue is actively exploitable and could lead to complete system compromise, massive data breach, or organization-wide ransomware attack. Attackers are likely already scanning for this weakness. Expected impact: $1M+ in losses, potential business closure.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA Baseline, Federal Security Baseline, FedRAMP
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Critical |
SCUBA-EID-014 |
For specific setting, save the value & group.
CISA federal baseline requirement: For specific setting, save the value & group.
|
1
|
|
M
2-4 hrs
|
Why This Matters
Azure/Entra ID is your identity foundation. Misconfigurations here affect every user and application in your organization.
What Is The Risk
IMMEDIATE THREAT: This issue is actively exploitable and could lead to complete system compromise, massive data breach, or organization-wide ransomware attack. Attackers are likely already scanning for this weakness. Expected impact: $1M+ in losses, potential business closure.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA Baseline, Federal Security Baseline, FedRAMP
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Critical |
SCUBA-EID-015 |
MS.AAD.6.1v1
CISA federal baseline requirement: MS.AAD.6.1v1
|
1
|
|
M
2-4 hrs
|
Why This Matters
Azure/Entra ID is your identity foundation. Misconfigurations here affect every user and application in your organization.
What Is The Risk
IMMEDIATE THREAT: This issue is actively exploitable and could lead to complete system compromise, massive data breach, or organization-wide ransomware attack. Attackers are likely already scanning for this weakness. Expected impact: $1M+ in losses, potential business closure.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA Baseline, Federal Security Baseline
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Critical |
SCUBA-EID-017 |
Save all users that don't have Global Admin role
CISA federal baseline requirement: Save all users that don't have Global Admin role
|
1
|
|
M
2-4 hrs
|
Why This Matters
Azure/Entra ID is your identity foundation. Misconfigurations here affect every user and application in your organization.
What Is The Risk
IMMEDIATE THREAT: This issue is actively exploitable and could lead to complete system compromise, massive data breach, or organization-wide ransomware attack. Attackers are likely already scanning for this weakness. Expected impact: $1M+ in losses, potential business closure.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA Baseline, Federal Security Baseline, FedRAMP
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Critical |
SCUBA-EID-019 |
MS.AAD.7.4v1
CISA federal baseline requirement: MS.AAD.7.4v1
|
1
|
|
M
2-4 hrs
|
Why This Matters
Azure/Entra ID is your identity foundation. Misconfigurations here affect every user and application in your organization.
What Is The Risk
IMMEDIATE THREAT: This issue is actively exploitable and could lead to complete system compromise, massive data breach, or organization-wide ransomware attack. Attackers are likely already scanning for this weakness. Expected impact: $1M+ in losses, potential business closure.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA Baseline, Federal Security Baseline
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Critical |
SCUBA-SPO-002 |
OneDrive external sharing must be restricted to existing guests or disabled
CISA MS.SHAREPOINT.1.2v1: OneDrive SharingCapability must be set to "Only People In Organization" (0) or "Existing Guests" (3) to prevent unrestricted external sharing.
|
1
|
|
XS
15-60 min
|
Why This Matters
SharePoint stores critical business documents. Misconfigured permissions can expose sensitive data to unauthorized users or the public internet.
What Is The Risk
IMMEDIATE THREAT: This issue is actively exploitable and could lead to complete system compromise, massive data breach, or organization-wide ransomware attack. Attackers are likely already scanning for this weakness. Expected impact: $1M+ in losses, potential business closure.
What To Do
Automated Fix Available: This can be remediated using PowerShell. Your IT team can run the command shown below to fix this issue.
Recommended Action: Schedule this fix with your IT team. For Critical/High severity items, consider expedited change procedures.
Compliance Impact: This finding affects: FedRAMP, NIST
Technical Remediation:
Set-SPOTenant -DefaultLinkPermission View
|
| Critical |
SCUBA-EID-020 |
Get all privileged roles that do not have a start date
CISA federal baseline requirement: Get all privileged roles that do not have a start date
|
1
|
|
M
2-4 hrs
|
Why This Matters
Azure/Entra ID is your identity foundation. Misconfigurations here affect every user and application in your organization.
What Is The Risk
IMMEDIATE THREAT: This issue is actively exploitable and could lead to complete system compromise, massive data breach, or organization-wide ransomware attack. Attackers are likely already scanning for this weakness. Expected impact: $1M+ in losses, potential business closure.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA Baseline, Federal Security Baseline, FedRAMP
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Critical |
MGI-004 |
CA: No MFA Requirement for Administrators
No Conditional Access policy requires MFA for administrator accounts. Critical privileged access gap.
|
1
|
MicrosoftGraph.Identity.SignIns |
L
4-8 hrs
|
Why This Matters
Conditional Access policies are your adaptive security layer. Without proper policies, users can access sensitive resources from compromised devices or risky locations.
What Is The Risk
IMMEDIATE THREAT: This issue is actively exploitable and could lead to complete system compromise, massive data breach, or organization-wide ransomware attack. Attackers are likely already scanning for this weakness. Expected impact: $1M+ in losses, potential business closure.
What To Do
Remediation Guidance: Create CA policy: Require MFA for all admin roles including Global Admin, Security Admin, etc.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST, CIS, HIPAA, SOC2, FedRAMP, HITRUST
Technical Remediation:
Create CA policy: Require MFA for all admin roles including Global Admin, Security Admin, etc.
|
| Critical |
SCUBA-SPO-004 |
SharePoint default sharing link type must be set to "Specific People"
CISA MS.SHAREPOINT.2.1v1: DefaultSharingLinkType must be 1 (Specific People) to ensure sharing links are not overly permissive by default.
|
1
|
|
XS
15-60 min
|
Why This Matters
SharePoint stores critical business documents. Misconfigured permissions can expose sensitive data to unauthorized users or the public internet.
What Is The Risk
IMMEDIATE THREAT: This issue is actively exploitable and could lead to complete system compromise, massive data breach, or organization-wide ransomware attack. Attackers are likely already scanning for this weakness. Expected impact: $1M+ in losses, potential business closure.
What To Do
Automated Fix Available: This can be remediated using PowerShell. Your IT team can run the command shown below to fix this issue.
Recommended Action: Schedule this fix with your IT team. For Critical/High severity items, consider expedited change procedures.
Compliance Impact: This finding affects: FedRAMP, NIST, CIS
Technical Remediation:
Set-SPOTenant -LegacyAuthProtocolsEnabled $false
|
| Critical |
MANUAL-156 |
Mass File Deletion Detected
User deleted large number of files in short timeframe. Potential ransomware activity, malicious insider, or data destruction.
|
1
|
|
M
2-4 hrs
|
Why This Matters
Sensitive data (customer info, financials, IP) could be leaked or stolen. Data breaches result in regulatory fines, lawsuits, and irreparable reputation damage.
What Is The Risk
IMMEDIATE THREAT: This issue is actively exploitable and could lead to complete system compromise, massive data breach, or organization-wide ransomware attack. Attackers are likely already scanning for this weakness. Expected impact: $1M+ in losses, potential business closure.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO 27001, SOC2
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Critical |
MANUAL-142 |
Conditional Access: Device Compliance Not Required
Conditional Access policies do not require device compliance, allowing non-compliant devices to access corporate resources.
|
1
|
|
M
2-4 hrs
|
Why This Matters
Conditional Access policies are your adaptive security layer. Without proper policies, users can access sensitive resources from compromised devices or risky locations.
What Is The Risk
IMMEDIATE THREAT: This issue is actively exploitable and could lead to complete system compromise, massive data breach, or organization-wide ransomware attack. Attackers are likely already scanning for this weakness. Expected impact: $1M+ in losses, potential business closure.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO 27001, SOC2, CMMC, FedRAMP
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Critical |
MANUAL-107 |
Activation of highly privileged roles SHALL require approval
CISA ScubaGear MS.AAD.7.7v1: Activation of Global Administrator and other highly privileged roles SHALL require approval from another administrator to prevent unauthorized self-elevation.
|
1
|
|
M
2-4 hrs
|
Why This Matters
System.Object[]
What Is The Risk
IMMEDIATE THREAT: This issue is actively exploitable and could lead to complete system compromise, massive data breach, or organization-wide ransomware attack. Attackers are likely already scanning for this weakness. Expected impact: $1M+ in losses, potential business closure.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA Baseline, FedRAMP High, NIST 800-53 AC-2(1), NIST 800-53 AC-3(7)
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Critical |
MANUAL-104 |
User consent to applications SHALL be disabled or restricted to admin-approved apps
CISA ScubaGear MS.AAD.5.2v1: Users SHALL NOT be able to consent to applications accessing company data on their behalf. Only admin consent or consent to verified publishers for selected permissions should be allowed.
|
1
|
|
M
2-4 hrs
|
Why This Matters
Azure/Entra ID is your identity foundation. Misconfigurations here affect every user and application in your organization.
What Is The Risk
IMMEDIATE THREAT: This issue is actively exploitable and could lead to complete system compromise, massive data breach, or organization-wide ransomware attack. Attackers are likely already scanning for this weakness. Expected impact: $1M+ in losses, potential business closure.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA Baseline, FedRAMP High, NIST 800-53 AC-3, CIS Microsoft 365 v3.0.0 1.2.2
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Critical |
SCUBA-SPO-001 |
SharePoint external sharing must be restricted to existing guests or disabled
CISA MS.SHAREPOINT.1.1v1: SharePoint SharingCapability must be set to "Only People In Organization" (0) or "Existing Guests" (3) to prevent unrestricted external sharing.
|
1
|
|
XS
15-60 min
|
Why This Matters
SharePoint stores critical business documents. Misconfigured permissions can expose sensitive data to unauthorized users or the public internet.
What Is The Risk
IMMEDIATE THREAT: This issue is actively exploitable and could lead to complete system compromise, massive data breach, or organization-wide ransomware attack. Attackers are likely already scanning for this weakness. Expected impact: $1M+ in losses, potential business closure.
What To Do
Automated Fix Available: This can be remediated using PowerShell. Your IT team can run the command shown below to fix this issue.
Recommended Action: Schedule this fix with your IT team. For Critical/High severity items, consider expedited change procedures.
Compliance Impact: This finding affects: FedRAMP, NIST, CMMC
Technical Remediation:
Set-SPOTenant -SharingCapability ExternalUserSharingOnly (or more restrictive)
|
| Critical |
SCUBA-EID-018 |
Save privileged users that do not have cloud
CISA federal baseline requirement: Save privileged users that do not have cloud
|
1
|
|
M
2-4 hrs
|
Why This Matters
Azure/Entra ID is your identity foundation. Misconfigurations here affect every user and application in your organization.
What Is The Risk
IMMEDIATE THREAT: This issue is actively exploitable and could lead to complete system compromise, massive data breach, or organization-wide ransomware attack. Attackers are likely already scanning for this weakness. Expected impact: $1M+ in losses, potential business closure.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA Baseline, Federal Security Baseline, FedRAMP
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Critical |
CUSTOM-MFA-015 |
Users with No MFA Configured
The users listed above do not have at least one Multi-Factor Authentication method (such as a phone or mobile app) configured.
|
1
|
|
M
2-4 hrs
|
Why This Matters
Identity is the new security perimeter. Compromised credentials are involved in 80% of breaches - weak identity controls give attackers legitimate access to your systems.
What Is The Risk
IMMEDIATE THREAT: This issue is actively exploitable and could lead to complete system compromise, massive data breach, or organization-wide ransomware attack. Attackers are likely already scanning for this weakness. Expected impact: $1M+ in losses, potential business closure.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Critical |
CUSTOM-MFA-010 |
Directory Synced Users Found in Admin Roles
Account synchronization can be used to modify privileged users (including their credentials) or groups that have administrative privileges in Microsoft 365. Changes to, or compromise of directory-synced accounts can affect the integrity of the cloud environment.
|
1
|
|
M
2-4 hrs
|
Why This Matters
Identity is the new security perimeter. Compromised credentials are involved in 80% of breaches - weak identity controls give attackers legitimate access to your systems.
What Is The Risk
IMMEDIATE THREAT: This issue is actively exploitable and could lead to complete system compromise, massive data breach, or organization-wide ransomware attack. Attackers are likely already scanning for this weakness. Expected impact: $1M+ in losses, potential business closure.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Critical |
CUSTOM-MFA-006 |
Azure PowerShell Service Principal Configuration Missing
Dangerous default configuration settings were found in the Tenant. By default, Azure tenants allow all users to access the Azure Active Directory and Microsoft Graph PowerShell Modules. This allows any authenticated user or guest the ability to abuse Dangerous Default Permissions, as well as enumerate the entire tenant.
|
1
|
|
M
2-4 hrs
|
Why This Matters
Identity is the new security perimeter. Compromised credentials are involved in 80% of breaches - weak identity controls give attackers legitimate access to your systems.
What Is The Risk
IMMEDIATE THREAT: This issue is actively exploitable and could lead to complete system compromise, massive data breach, or organization-wide ransomware attack. Attackers are likely already scanning for this weakness. Expected impact: $1M+ in losses, potential business closure.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Critical |
DEVICE-COMP-001 |
No Device Compliance Policies Configured
No device compliance policies are configured. Devices are not being evaluated for compliance with security standards.
|
1
|
MicrosoftGraphDeviceManagement |
L
4-8 hrs
|
Why This Matters
System.Object[]
What Is The Risk
IMMEDIATE THREAT: This issue is actively exploitable and could lead to complete system compromise, massive data breach, or organization-wide ransomware attack. Attackers are likely already scanning for this weakness. Expected impact: $1M+ in losses, potential business closure.
What To Do
Remediation Guidance: Create device compliance policies to enforce security requirements on managed devices. Configure at minimum OS version, password, and encryption requirements.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST, CIS, SOC2
Technical Remediation:
Create device compliance policies to enforce security requirements on managed devices. Configure at minimum OS version, password, and encryption requirements.
|
| Critical |
CUSTOM-MFA-008 |
Dangerous Default Permissions
Dangerous default configuration settings were found in the Tenant. By default, Azure tenants allow all users to access the Azure Active Directory blade, to read all other users' accounts, create groups, and invite guests. These default settings extend to guest accounts as well, allowing guests to perform these same actions. Other default configurations allow for Self-Service creation of accounts from accepted mail domains.
|
1
|
|
M
2-4 hrs
|
Why This Matters
Identity is the new security perimeter. Compromised credentials are involved in 80% of breaches - weak identity controls give attackers legitimate access to your systems.
What Is The Risk
IMMEDIATE THREAT: This issue is actively exploitable and could lead to complete system compromise, massive data breach, or organization-wide ransomware attack. Attackers are likely already scanning for this weakness. Expected impact: $1M+ in losses, potential business closure.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Critical |
CUSTOM-MFA-005 |
Azure PowerShell Service Principal Assignment Not Enforced
Dangerous default configuration settings were found in the Tenant. By default, Azure tenants allow all users to access the Azure Active Directory and Microsoft Graph PowerShell Modules. This allows any authenticated user or guest the ability to abuse Dangerous Default Permissions, as well as enumerate the entire tenant.
|
1
|
|
M
2-4 hrs
|
Why This Matters
Identity is the new security perimeter. Compromised credentials are involved in 80% of breaches - weak identity controls give attackers legitimate access to your systems.
What Is The Risk
IMMEDIATE THREAT: This issue is actively exploitable and could lead to complete system compromise, massive data breach, or organization-wide ransomware attack. Attackers are likely already scanning for this weakness. Expected impact: $1M+ in losses, potential business closure.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Critical |
CUSTOM-MFA-007 |
MFA Not Required for Device Registration
No Conditional Access Policies were found that enforce the use of multi-factor authentication when registering a device with the tenant. Configuring and requiring multi-factor authentication for device registration can aid in preventing compromised user credentials from being used to associate unauthorized devices with the organization.
|
1
|
|
M
2-4 hrs
|
Why This Matters
Identity is the new security perimeter. Compromised credentials are involved in 80% of breaches - weak identity controls give attackers legitimate access to your systems.
What Is The Risk
IMMEDIATE THREAT: This issue is actively exploitable and could lead to complete system compromise, massive data breach, or organization-wide ransomware attack. Attackers are likely already scanning for this weakness. Expected impact: $1M+ in losses, potential business closure.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Critical |
CUSTOM-MFA-017 |
Highly Privileged Hidden Role Assignment Found
Microsoft Entra has built-in roles that are largely hidden from tenant administrators. These roles, Partner Tier2 Support and Partner Tier1 Support, are not visible via the Entra ID Roles & admins GUI. In fact, they are only visible through a GUI if the tenant is licensed for Entra ID Premium 2, then the roles may be viewed via the Entra ID Privileged Identity Management (PIM) console. In addition to the difficulty administrators may encounter with visibility, the roles allow members excessive permissions that attackers can abuse to gain footholds in the tenant. The Partner Tier1 Support role allows role members to add new owner and members to security groups in the directory as well as adding new owners and credentials to Entra registered applications, paving the way for abuse of Oath applications in the tenant. The Partner Tier2 Support role is far more concerning as, in addition to the permissions granted to the Partner Tier1 Support role, this role allows members to modify application roles and permissions, escalate permissions to Global Administrator for themselves or any other principal/user in the tenant, and reset passwords of any user - including Global Administrators.
|
1
|
|
M
2-4 hrs
|
Why This Matters
Identity is the new security perimeter. Compromised credentials are involved in 80% of breaches - weak identity controls give attackers legitimate access to your systems.
What Is The Risk
IMMEDIATE THREAT: This issue is actively exploitable and could lead to complete system compromise, massive data breach, or organization-wide ransomware attack. Attackers are likely already scanning for this weakness. Expected impact: $1M+ in losses, potential business closure.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Critical |
CUSTOM-MFA-024 |
Multi-Factor Authentication Not Enforced for All Users
Checks MFA enforcement status across all user accounts
|
1
|
|
M
2-4 hrs
|
Why This Matters
Identity is the new security perimeter. Compromised credentials are involved in 80% of breaches - weak identity controls give attackers legitimate access to your systems.
What Is The Risk
IMMEDIATE THREAT: This issue is actively exploitable and could lead to complete system compromise, massive data breach, or organization-wide ransomware attack. Attackers are likely already scanning for this weakness. Expected impact: $1M+ in losses, potential business closure.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Critical |
DEVICE-012 |
Mobile Application Management: No App Protection
No app protection policies configured. Corporate data in mobile apps is not protected from copy/paste to personal apps.
|
1
|
MicrosoftGraphDeviceManagement |
L
4-8 hrs
|
Why This Matters
Non-compliant devices accessing corporate data create security gaps. Lost or compromised devices are a leading cause of data breaches.
What Is The Risk
IMMEDIATE THREAT: This issue is actively exploitable and could lead to complete system compromise, massive data breach, or organization-wide ransomware attack. Attackers are likely already scanning for this weakness. Expected impact: $1M+ in losses, potential business closure.
What To Do
Remediation Guidance: Create app protection policies for iOS and Android: New-MgDeviceAppManagementManagedAppPolicy
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST, CIS, HIPAA, ISO27001
Technical Remediation:
Create app protection policies for iOS and Android: New-MgDeviceAppManagementManagedAppPolicy
|
| Critical |
COMP-004 |
Audit Logging: Unified Audit Log Disabled
Unified Audit Log is disabled organization-wide. Critical security events are not being recorded.
|
1
|
ExchangeOnline |
M
2-4 hrs
|
Why This Matters
Without proper audit logging, you cannot detect breaches, investigate incidents, or prove compliance. Attackers specifically target logging to hide their activities.
What Is The Risk
IMMEDIATE THREAT: This issue is actively exploitable and could lead to complete system compromise, massive data breach, or organization-wide ransomware attack. Attackers are likely already scanning for this weakness. Expected impact: $1M+ in losses, potential business closure.
What To Do
Remediation Guidance: Enable unified audit logging: Set-AdminAuditLogConfig -UnifiedAuditLogIngestionEnabled $true
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: SOC2, NIST, CIS, HIPAA, CMMC, ISO27001, GDPR, FedRAMP, HITRUST
Technical Remediation:
Enable unified audit logging: Set-AdminAuditLogConfig -UnifiedAuditLogIngestionEnabled $true
|
| Critical |
CUSTOM-MFA-016 |
User consent to OAUTH applications not restricted
Users are allowed to consent to applications accessing their data.
|
1
|
|
M
2-4 hrs
|
Why This Matters
Identity is the new security perimeter. Compromised credentials are involved in 80% of breaches - weak identity controls give attackers legitimate access to your systems.
What Is The Risk
IMMEDIATE THREAT: This issue is actively exploitable and could lead to complete system compromise, massive data breach, or organization-wide ransomware attack. Attackers are likely already scanning for this weakness. Expected impact: $1M+ in losses, potential business closure.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
MISC-089 |
User: Password Never Expires
User password set to never expire. Violates password rotation policy.
|
2,049
|
EntraID |
L
4-8 hrs
|
Why This Matters
A critical security feature has been turned off, leaving your organization exposed. Security features exist for a reason - disabling them creates exploitable gaps that attackers actively look for.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST, CIS, HIPAA, ISO27001, FedRAMP
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
IDENTITY-002 |
Admin Account: Dormant (No Sign-In >30 Days)
Privileged account has not signed in for >30 days, representing a high-value attack target with elevated compromise risk
|
2,049
|
MicrosoftGraphUsers |
L
4-8 hrs
|
Why This Matters
Identity is the new security perimeter. Compromised credentials are involved in 80% of breaches - weak identity controls give attackers legitimate access to your systems.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Immediately disable dormant admin account: Revoke-MgUserAllDirectoryRole -UserId '<UserId>'; Disable-MgUser -UserId '<UserId>'
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CIS M365, NIST 800-53, FedRAMP, CMMC, ISO27001, SOC2, HIPAA
Technical Remediation:
Immediately disable dormant admin account: Revoke-MgUserAllDirectoryRole -UserId '<UserId>'; Disable-MgUser -UserId '<UserId>'
|
| High |
APP-097 |
Service Principal: Long-Lived Secret
Service principal has client secret with no expiration or expiration > 2 years.
|
1,226
|
MicrosoftGraph.Applications |
L
4-8 hrs
|
Why This Matters
A critical security feature has been turned off, leaving your organization exposed. Security features exist for a reason - disabling them creates exploitable gaps that attackers actively look for.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST, CIS, ISO27001, FedRAMP
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
APP-096 |
Service Principal: Certificate Expiring Soon
Service principal certificate expires within 30 days. Service will lose access.
|
1,226
|
MicrosoftGraph.Applications |
L
4-8 hrs
|
Why This Matters
A critical security feature has been turned off, leaving your organization exposed. Security features exist for a reason - disabling them creates exploitable gaps that attackers actively look for.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: SOC2, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
EXO-003 |
Internal Mailbox Forwarding
Mailbox is forwarding email internally. Verify business justification to prevent unauthorized monitoring.
|
499
|
ExchangeOnline |
S
1-2 hrs
|
Why This Matters
Sensitive data (customer info, financials, IP) could be leaked or stolen. Data breaches result in regulatory fines, lawsuits, and irreparable reputation damage.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Automated Fix Available: This can be remediated using PowerShell. Your IT team can run the command shown below to fix this issue.
Recommended Action: Schedule this fix with your IT team. For Critical/High severity items, consider expedited change procedures.
Compliance Impact: This finding affects: NIST, CIS, HIPAA, ISO27001, PCI-DSS, GDPR, FedRAMP, HITRUST
Technical Remediation:
Set-Mailbox -Identity '<UserPrincipalName>' -ForwardingAddress $null
|
| High |
MGU-004 |
User Account: Password Never Expires
User password is set to never expire. This violates password rotation policy.
|
436
|
MicrosoftGraphUsers |
M
2-4 hrs
|
Why This Matters
Weak authentication methods are enabled. Legacy protocols bypass modern security controls like MFA, making accounts vulnerable to credential attacks.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Enable password expiration: Update-MgUser -UserId '<Id>' -PasswordPolicies 'None'
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST, CIS, SOC2
Technical Remediation:
Enable password expiration: Update-MgUser -UserId '<Id>' -PasswordPolicies 'None'
|
| High |
SECURESCORE-M365-scid_105 |
Enforce LDAP channel binding to protect authentication sessions from interception
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_106 |
Require LDAP server signing to ensure integrity of directory traffic
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-mdo_safeattachments |
Turn on Safe Attachments in block mode
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Email is the #1 attack vector - 90% of cyberattacks start with a phishing email. Weak email security enables credential theft, ransomware delivery, and business email compromise (BEC) fraud.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-mdo_safeattachmentpolicy |
Ensure Safe Attachments policy is enabled
Secure Score control not implemented. Delivery of email with attachments may be delayed while scanning is occurring.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Email is the #1 attack vector - 90% of cyberattacks start with a phishing email. Weak email security enables credential theft, ransomware delivery, and business email compromise (BEC) fraud.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-mdo_phisspamacation |
Set action to take on phishing detection
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Email is the #1 attack vector - 90% of cyberattacks start with a phishing email. Weak email security enables credential theft, ransomware delivery, and business email compromise (BEC) fraud.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-mdo_phishthresholdlevel |
Set the phishing email level threshold at 2 or higher
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Email is the #1 attack vector - 90% of cyberattacks start with a phishing email. Weak email security enables credential theft, ransomware delivery, and business email compromise (BEC) fraud.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-mdo_mailboxintelligenceprotectionaction |
Move messages that are detected as impersonated users by mailbox intelligence
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Email is the #1 attack vector - 90% of cyberattacks start with a phishing email. Weak email security enables credential theft, ransomware delivery, and business email compromise (BEC) fraud.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-mdo_mailboxintelligenceprotection |
Ensure that intelligence for impersonation protection is enabled
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Email is the #1 attack vector - 90% of cyberattacks start with a phishing email. Weak email security enables credential theft, ransomware delivery, and business email compromise (BEC) fraud.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_108 |
Disable Remote Registry Service on Windows
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-mdo_highconfidencespamaction |
Set action to take on high confidence spam detection
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Email is the #1 attack vector - 90% of cyberattacks start with a phishing email. Weak email security enables credential theft, ransomware delivery, and business email compromise (BEC) fraud.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_109 |
Disable NTLM authentication for Windows
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_15 |
Enable Automatic Updates
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_16 |
Enable 'Hide Option to Enable or Disable Updates'
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_17 |
Disable 'Allow running plugins that are outdated'
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_19 |
Disable 'Continue running background apps when Google Chrome is closed'
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-mdo_highconfidencephishaction |
Set action to take on high confidence phishing detection
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Email is the #1 attack vector - 90% of cyberattacks start with a phishing email. Weak email security enables credential theft, ransomware delivery, and business email compromise (BEC) fraud.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_104 |
Encrypt LDAP client traffic to protect sensitive data in transit
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_103 |
Require LDAP client signing to prevent tampering and protect directory authentication
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_102 |
Enable 'Local Security Authority (LSA) protection' on Windows 11 22h2 and higher
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_101 |
Disable JavaScript on Adobe 2015
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-mdo_targeteddomainprotectionaction |
Quarantine messages that are detected from impersonated domains
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Email is the #1 attack vector - 90% of cyberattacks start with a phishing email. Weak email security enables credential theft, ransomware delivery, and business email compromise (BEC) fraud.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-mdo_targeteduserprotectionaction |
Quarantine messages that are detected from impersonated users
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Email is the #1 attack vector - 90% of cyberattacks start with a phishing email. Weak email security enables credential theft, ransomware delivery, and business email compromise (BEC) fraud.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-mdo_targetedusersprotection |
Enable impersonated user protection
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Email is the #1 attack vector - 90% of cyberattacks start with a phishing email. Weak email security enables credential theft, ransomware delivery, and business email compromise (BEC) fraud.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-mdo_zapmalware |
Create zero-hour auto purge policies for malware
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Email is the #1 attack vector - 90% of cyberattacks start with a phishing email. Weak email security enables credential theft, ransomware delivery, and business email compromise (BEC) fraud.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-MDA_DocuSign_SessionTimeout |
Enable session timeout for web users
Secure Score control not implemented. This setting enforce session timeout for all DocuSign web users.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Cloud applications handle sensitive business data. Without proper security controls, data can be accessed by unauthorized users or exfiltrated to external locations.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-MDA_GitHub_PrivateRepositoryForkingSetting |
Disable private repository forking
Secure Score control not implemented. This setting disable users to fork private repositories.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Cloud applications handle sensitive business data. Without proper security controls, data can be accessed by unauthorized users or exfiltrated to external locations.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-MDA_GitHub_RepoTransferOrDeletion |
Disable 'members with admin permissions for repositories can delete or transfer repositories'
Secure Score control not implemented. This setting blocks repositories transferring and deletion.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Cloud applications handle sensitive business data. Without proper security controls, data can be accessed by unauthorized users or exfiltrated to external locations.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-MDA_GitHub_RepoVisibility_change |
Disable 'Allow members to change repository visibilities for this organization'
Secure Score control not implemented. This setting blocks users from changing repositories visibility (public/ private access).
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Cloud applications handle sensitive business data. Without proper security controls, data can be accessed by unauthorized users or exfiltrated to external locations.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-mdo_spamaction |
Set action to take on spam detection
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Email is the #1 attack vector - 90% of cyberattacks start with a phishing email. Weak email security enables credential theft, ransomware delivery, and business email compromise (BEC) fraud.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-MDA_Google_EnableTwoFactorAuth |
Enable multi-factor authentication (MFA)
Secure Score control not implemented. <p>Follow the <a href="https://support.google.com/a/answer/9176657?fl=1&sjid=9841521343371348963-NA" target="_blank">guideline</a>.</p>
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Cloud applications handle sensitive business data. Without proper security controls, data can be accessed by unauthorized users or exfiltrated to external locations.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-mdo_safelinksforemail |
Create Safe Links policies for email messages
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Email is the #1 attack vector - 90% of cyberattacks start with a phishing email. Weak email security enables credential theft, ransomware delivery, and business email compromise (BEC) fraud.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-MDA_NetDocuments_SSO |
Adopt SSO (Single sign on) in netDocuments
Secure Score control not implemented. See learn more link.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Cloud applications handle sensitive business data. Without proper security controls, data can be accessed by unauthorized users or exfiltrated to external locations.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-mdo_safedocuments |
Turn on Safe Documents for Office Clients
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Email is the #1 attack vector - 90% of cyberattacks start with a phishing email. Weak email security enables credential theft, ransomware delivery, and business email compromise (BEC) fraud.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-MDA_Okta_MFA |
Enable multi-factor authentication
Secure Score control not implemented. This setting enforce multi factor authentication for all Okta users.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Cloud applications handle sensitive business data. Without proper security controls, data can be accessed by unauthorized users or exfiltrated to external locations.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-MDA_Okta_SessionTimeout |
Enable session timeout for web users
Secure Score control not implemented. This setting enforce Session time out for all Okta users.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Cloud applications handle sensitive business data. Without proper security controls, data can be accessed by unauthorized users or exfiltrated to external locations.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-MDA_SF_disableProtocolSecurity |
Remote Site
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Cloud applications handle sensitive business data. Without proper security controls, data can be accessed by unauthorized users or exfiltrated to external locations.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-PasswordHashSync |
Ensure that password hash sync is enabled for hybrid deployments
Secure Score control not implemented. When a user changes their on-premises password, the updated password is synchronized to Microsoft Entra ID. When a cloud service requires the user to authenticate, they’ll need to provide the newly synchronized password. Microsoft Entra ID will also detect leaked credentials for the users with synced passwords.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Identity is the new security perimeter. Compromised credentials are involved in 80% of breaches - weak identity controls give attackers legitimate access to your systems.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_100 |
Disable JavaScript on Adobe Reader 2015
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-MFARegistrationV2 |
Ensure multifactor authentication is enabled for all users
Secure Score control not implemented. After registering, users are prompted to authenticate with a second factor when accessing applications or other resources.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Identity is the new security perimeter. Compromised credentials are involved in 80% of breaches - weak identity controls give attackers legitimate access to your systems.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-MDA_Dropbox_InactiveTimeoutMins |
Enable web session timeout for web users
Secure Score control not implemented. Once configured, some users may be automatically logged out and will be asked to log back in to Dropbox.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Cloud applications handle sensitive business data. Without proper security controls, data can be accessed by unauthorized users or exfiltrated to external locations.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_2014 |
Fix Windows Defender Antivirus cloud service connectivity
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_2003 |
Turn on Tamper Protection
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_2501 |
Block all Office applications from creating child processes
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_2502 |
Block Office applications from creating executable content
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_2503 |
Block Office applications from injecting code into other processes
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_2504 |
Block JavaScript or VBScript from launching downloaded executable content
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_2505 |
Block execution of potentially obfuscated scripts
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-MDA_SF_enforceIpRangesEveryRequest |
Enforce login IP ranges on every request
Secure Score control not implemented. You users will be logout if try to perform an activity outside the IP ranges defined in Salesforce settings.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Cloud applications handle sensitive business data. Without proper security controls, data can be accessed by unauthorized users or exfiltrated to external locations.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-MDA_SF_forceLogoutOnSessionTimeout |
Force logout on session timeout
Secure Score control not implemented. The browser refreshes and returns to the login page, and the user must log in again for access.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Cloud applications handle sensitive business data. Without proper security controls, data can be accessed by unauthorized users or exfiltrated to external locations.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-AATP_UnsecureAccount |
Resolve unsecure account attributes
Secure Score control not implemented. A user or an application that relies on these types of unsecure account configurations may stop functioning.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Your ability to detect and respond to threats is compromised. Without proper threat protection, attacks can persist undetected for months.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-MDA_SNOW_concourseOnmessageEnforceSameOrigin |
Enable URL allow list for cross-origin iframe communication
Secure Score control not implemented. If you do not inclusion list intended domains, the ability to embed other pages within Now Platform instances may be limited.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Cloud applications handle sensitive business data. Without proper security controls, data can be accessed by unauthorized users or exfiltrated to external locations.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-MDA_SF_identityConfirmationOnEmailChange |
Require identity verification for change of email address
Secure Score control not implemented. User must login again before changing their email address.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Cloud applications handle sensitive business data. Without proper security controls, data can be accessed by unauthorized users or exfiltrated to external locations.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-MDA_SF_lockSessionsToDomain |
Lock sessions to the domain in which they were first used
Secure Score control not implemented. Your users cannot change their domain inside a session.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Cloud applications handle sensitive business data. Without proper security controls, data can be accessed by unauthorized users or exfiltrated to external locations.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-MDA_SF_maxLoginAttempts |
Maximum invalid login attempts
Secure Score control not implemented. You users will be locked if they attemp to login with failure after 3 times.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Cloud applications handle sensitive business data. Without proper security controls, data can be accessed by unauthorized users or exfiltrated to external locations.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_99 |
Disable JavaScript on Adobe Acrobat 2017
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_2506 |
Block Win32 API calls from Office macros
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_2507 |
Block executable files from running unless they meet a prevalence, age, or trusted list criterion
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_2508 |
Use advanced protection against ransomware
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_98 |
Disable JavaScript on Adobe Reader 2017
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_97 |
Disable JavaScript on Adobe DC
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_96 |
Enable 'Network Protection'
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_2500 |
Block executable content from email client and webmail
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-MDA_SF_enableSMSIdentity |
Let users verify their identity by text (SMS)
Secure Score control not implemented. Salesforce challenges users to verify with text message their identity when they log in from an unrecognized browser or device or an IP address outside of a trusted range.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Cloud applications handle sensitive business data. Without proper security controls, data can be accessed by unauthorized users or exfiltrated to external locations.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_25 |
Enable 'Local Security Authority (LSA) protection'
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_24 |
Set 'Remote Desktop security level' to 'TLS'
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_2004 |
Enable EDR in block mode
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_2011 |
Update Microsoft Defender Antivirus definitions
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_2013 |
Turn on PUA protection in block mode
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-mdo_enablemailboxintelligence |
Ensure that mailbox intelligence is enabled
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Email is the #1 attack vector - 90% of cyberattacks start with a phishing email. Weak email security enables credential theft, ransomware delivery, and business email compromise (BEC) fraud.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_2016 |
Enable cloud-delivered protection
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_2020 |
Turn on all system-level Exploit protection settings
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_2021 |
Set controlled folder access to enabled or audit mode
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_2060 |
Set Microsoft Defender SmartScreen app and file checking to block or warn
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_2061 |
Set Microsoft Defender SmartScreen Microsoft Edge site and download checking to block or warn
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_20 |
Disable 'AutoFill'
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_2071 |
Secure Microsoft Defender Firewall domain profile
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_2073 |
Secure Microsoft Defender Firewall public profile
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_2080 |
Turn on Microsoft Defender Credential Guard
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_2090 |
Encrypt all BitLocker-supported drives
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_2091 |
Resume BitLocker protection on all drives
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_2093 |
Ensure BitLocker drive compatibility
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_21 |
Block webpages from automatically running Flash plugins
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_2100 |
Enable UEFI Secure Boot mode
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_22 |
Disable 'Password Manager'
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-MDA_SF_enableMultipleSamlConfigs |
Require identity verification during multi-factor authentication (MFA) registration
Secure Score control not implemented. When you register and challenge your users for MFA, they will be prompted to authenticate with a second factor when accessing an application or other resource.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Cloud applications handle sensitive business data. Without proper security controls, data can be accessed by unauthorized users or exfiltrated to external locations.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_2072 |
Secure Microsoft Defender firewall private profile
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-mdo_enabledomainstoprotect |
Enable impersonated domain protection
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Email is the #1 attack vector - 90% of cyberattacks start with a phishing email. Weak email security enables credential theft, ransomware delivery, and business email compromise (BEC) fraud.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-MDA_CitrixSF_LoginFailLockoutSecs |
Enhance 'login maximum attempts' - Lockout timer
Secure Score control not implemented. This setting enforce Account lock-out time configuration for all Citrix Share File users.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Cloud applications handle sensitive business data. Without proper security controls, data can be accessed by unauthorized users or exfiltrated to external locations.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-mdo_commonattachmentsfilter |
Ensure the Common Attachment Types Filter is enabled
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Email is the #1 attack vector - 90% of cyberattacks start with a phishing email. Weak email security enables credential theft, ransomware delivery, and business email compromise (BEC) fraud.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-AATP_ExposedPasswordsInADAttributes |
Remove discoverable passwords in Active Directory account attributes
Secure Score control not implemented. This detection identifies potential exposure of sensitive credentials in AD attributes. Removing this data helps reduce the attack surface and improve overall identity hygiene.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Your ability to detect and respond to threats is compromised. Without proper threat protection, attacks can persist undetected for months.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-AATP_EntraConnectSensitiveAccountsWithUnsafePermissions |
Remove unsafe permissions on sensitive Entra Connect accounts
Secure Score control not implemented. Granting unsafe permissions to sensitive accounts like MSOL and AzureSSO poses serious risks, as it allows unprivileged accounts to access and manipulate critical hybrid infrastructure. This could lead to privilege escalation, unauthorized changes to user identities.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Your ability to detect and respond to threats is compromised. Without proper threat protection, attacks can persist undetected for months.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-AATP_EntraConnectAccountUnnecessaryReplicationPermission |
Remove unnecessary replication permissions for Entra Connect AD DS Connector Account
Secure Score control not implemented. By default, the Entra Connect account may have extensive permissions to ensure proper synchronization. If Password Hash Sync is not configured, it’s important to remove unnecessary permissions to reduce the potential attack surface.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Your ability to detect and respond to threats is compromised. Without proper threat protection, attacks can persist undetected for months.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-AppG_regulate_access_to_sensitive_data |
Regulate cloud app access to sensitive data
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Applications with excessive permissions can access and exfiltrate data. Malicious or compromised apps are a growing attack vector.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-AppG_unusual_activity_with_priority_account |
Regulate apps with priority account consent
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Applications with excessive permissions can access and exfiltrate data. Malicious or compromised apps are a growing attack vector.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-AATP_DormantAccounts |
Remove dormant accounts from sensitive groups
Secure Score control not implemented. A user or an application that relies on these dormant privileges may stop functioning.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Your ability to detect and respond to threats is compromised. Without proper threat protection, attacks can persist undetected for months.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-AATP_DomainControllersWithOldPassword |
Change Domain Controller computer account old password
Secure Score control not implemented. Domain Controllers with old passwords are at heightened risk of compromise and could be more easily taken over.
Attackers can exploit outdated passwords, gaining prolonged access to critical resources and weakening network security. 
It could indicate a Domain controller that is no longer functioning in the domain.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Your ability to detect and respond to threats is compromised. Without proper threat protection, attacks can persist undetected for months.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-AATP_DomainControllerLocalUsers |
Remove local admins on identity assets
Secure Score control not implemented. Accounts with indirect control over an Identity system, such as AD FS, Active Directory, and so on, have the rights to escalate their privileges within the environment, which can lead to obtaining Domain Admin access or equivalent. Every local admin on a Tier-0 system is an indirect Domain Admin from an attacker's point of view.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Your ability to detect and respond to threats is compromised. Without proper threat protection, attacks can persist undetected for months.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-AATP_DnsAdminsGroupWithUnsafePermissions |
Unsafe permissions on the DnsAdmins group
Secure Score control not implemented. This group can be delegated to non-AD administrators, like those managing networking functions such as DNS or DHCP, making these accounts attractive targets for compromise
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Your ability to detect and respond to threats is compromised. Without proper threat protection, attacks can persist undetected for months.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-AATP_DefenderForIdentityIsNotInstalled |
Start your Defender for Identity deployment, installing Sensors on Domain Controllers and other eligible servers.
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Your ability to detect and respond to threats is compromised. Without proper threat protection, attacks can persist undetected for months.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-AATP_GroupManagedServiceAccountWithUnrecommendedPasswordChangeInterval |
Set a valid password rotation interval for gMSA
Secure Score control not implemented. gMSAs provide a single identity solution for multiple services that require mutual authentication across multiple servers, as they allow Windows to handle password management, reducing administrative overhead. These accounts often require elevated privileges to perform their designated job but because they cannot authenticate in the same way as human accounts, they typically do not benefit from the increased security of modern auth methods like MFA. Therefore, it is recommended to set the policy to automatically update the password every 30 days. Group Managed service accounts that are not rotating their passwords regularly, have higher likelihood to be compromised.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Your ability to detect and respond to threats is compromised. Without proper threat protection, attacks can persist undetected for months.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-AATP_CyberArk_PriviledgedUserAccountsWithOldPasswords |
Change password for CyberArk Identity privileged User accounts
Secure Score control not implemented. Privileged accounts with old passwords pose a significant security risk, as older credentials are more likely to have been exposed through data breaches or other attack vectors. By enforcing regular password updates for privileged accounts, organizations can reduce the likelihood of unauthorized access and enhance overall security. Ensuring that accounts with elevated privileges adhere to stringent password policies protects sensitive resources and mitigates the risk of exploitation.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Your ability to detect and respond to threats is compromised. Without proper threat protection, attacks can persist undetected for months.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-AATP_CyberArk_HighNumberOfPriviledgedIdentityAccounts |
High number of CyberArk Identity accounts with a privileged role assigned
Secure Score control not implemented. A high number of users with privileged roles increases the risk of misuse or unauthorized access to critical systems. By reducing the number of users assigned to roles such as Super Admin or Org Admin, organizations can better limit access to sensitive resources and reduce the attack surface. Maintaining a smaller, well-monitored set of privileged accounts ensures more effective governance and minimizes potential security vulnerabilities.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Your ability to detect and respond to threats is compromised. Without proper threat protection, attacks can persist undetected for months.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-AATP_CyberArk_DormantPriviledgedAccounts |
Remove stale CyberArk Identity privileged accounts
Secure Score control not implemented. Stale privileged accounts represent a significant security risk, as they may become targets for unauthorized access or misuse without detection. Deactivating or removing unused privileged accounts ensures that only active, monitored users have access to critical administrative capabilities.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Your ability to detect and respond to threats is compromised. Without proper threat protection, attacks can persist undetected for months.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-AATP_ClearText |
Stop clear text credentials exposure
Secure Score control not implemented. A user or an application that relies on these types of clear text authentication may stop functioning.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Your ability to detect and respond to threats is compromised. Without proper threat protection, attacks can persist undetected for months.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-AATP_BuiltinKrbtgtAccountWithOldPassword |
Change password for krbtgt account
Secure Score control not implemented. If the KRBTGT account's password is compromised, an attacker can use its hash to generate valid Kerberos authentication tickets, allowing them to perform Golden Ticket attacks and gain access to any resource in the AD domain. Since Kerberos relies on the KRBTGT password to sign all tickets, closely monitoring and regularly changing this password is essential to mitigating the risk of such attacks.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Your ability to detect and respond to threats is compromised. Without proper threat protection, attacks can persist undetected for months.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-AATP_BuiltinGuestAccountIsEnabled |
Built-in Active Directory Guest account is enabled
Secure Score control not implemented. The Guest account is a built-in, non-nominative account that allows anonymous access to Active Directory. Enabling this account permits access to the domain without requiring a password, potentially posing a security threat.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Your ability to detect and respond to threats is compromised. Without proper threat protection, attacks can persist undetected for months.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-AATP_BuiltinAdministratorAccountWithOldPassword |
Change password of built-in domain Administrator account
Secure Score control not implemented. Regularly updating the built-in Administrator account's password is essential due to its high privileges, which make it a prime target for attackers. If compromised, it can grant unauthorized control over the domain. Since this account is often unused and its password may not be updated frequently, regular changes reduce exposure and enhance security.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Your ability to detect and respond to threats is compromised. Without proper threat protection, attacks can persist undetected for months.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-AATP_AzureSsoAccountOldPasswords |
Change password for Entra seamless SSO account
Secure Score control not implemented. When configuring Entra Seamless SSO, a computer account is created in Active Directory, AZUREADSSOACC. The password for the Azure SSO computer account is not automatically changed by default every 30 days. This computer account password used as a shared secret between AD end Entra, allowing Entra to decrypt Kerberos tickets that are used as part of the seamless SSO mechanism between Active Directory and Entra ID. If an attacker compromises this account, they can generate service tickets for the AZUREADSSOACC account on behalf of any user and impersonate any user in the Entra tenant that is synchronized from Active Directory. An attacker can use this to move laterally from Active Directory into Entra ID.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Your ability to detect and respond to threats is compromised. Without proper threat protection, attacks can persist undetected for months.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-AATP_AdminSDHolder |
Remove access rights on suspicious accounts with the Admin SDHolder permission
Secure Score control not implemented. Having non-sensitive accounts with Admin SDholder (security descriptor holder) permissions can have significant security implications. It can lead to unauthorized privilege escalation, where attackers can exploit these accounts to gain administrative access and compromise sensitive systems or data. Additionally, it increases the attack surface and makes it harder to track and mitigate security incidents, potentially exposing the organization to greater risks.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Your ability to detect and respond to threats is compromised. Without proper threat protection, attacks can persist undetected for months.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-AATP_ADCSSanSpecifiedByUserEnabled |
Edit vulnerable Certificate Authority setting (ESC6)
Secure Score control not implemented. When this setting is activated on the Certificate Authority server and an unprivileged user can enroll a certificate template (which is available by default), such users can enroll a certificate valid for any user, including administrators, resulting in full domain compromise.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Your ability to detect and respond to threats is compromised. Without proper threat protection, attacks can persist undetected for months.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-AATP_ADCSMisconfiguredRpcEnrollmentSigning |
Enforce encryption for RPC certificate enrollment interface (ESC8)
Secure Score control not implemented. An RPC enrollment interface that does not mandate encryption is vulnerable to NTLM relay attacks, potentially leading to unauthorized certificate enrollment and, possibly, complete domain compromise.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Your ability to detect and respond to threats is compromised. Without proper threat protection, attacks can persist undetected for months.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-AATP_CyberArk_HighNumberOfSystemAdmins |
Limit the number of CyberArk Identity accounts with system admin role
Secure Score control not implemented. A high number of users with privileged roles increases the risk of misuse or unauthorized access to critical systems. By reducing the number of users assigned to roles such as Super Admin or Org Admin, organizations can better limit access to sensitive resources and reduce the attack surface. Maintaining a smaller, well-monitored set of privileged accounts ensures more effective governance and minimizes potential security vulnerabilities.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Your ability to detect and respond to threats is compromised. Without proper threat protection, attacks can persist undetected for months.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-AATP_ADCSMisconfiguredCertificateTemplateOwner |
Edit misconfigured certificate templates owner (ESC4)
Secure Score control not implemented. Badly configured owner allows non-privileged users to modify the permissions and settings of the template, creating an artificial misconfiguration later used for privilege escalation.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Your ability to detect and respond to threats is compromised. Without proper threat protection, attacks can persist undetected for months.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-AATP_GroupPolicyAbnormalModificationAssignment |
GPO can be modified by unprivileged accounts
Secure Score control not implemented. A user, service or application that relies on these permissions may stop functioning.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Your ability to detect and respond to threats is compromised. Without proper threat protection, attacks can persist undetected for months.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-AATP_GroupPolicyPasswordInPreferences |
Reversible passwords found in GPOs
Secure Score control not implemented. A user, scheduled task, service or application that relies on these credentials may stop functioning.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Your ability to detect and respond to threats is compromised. Without proper threat protection, attacks can persist undetected for months.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-AATP_SingleManagedServiceAccountsWithOldPassword |
Rotate old password for sMSA and set up valid rotation interval in the GPO
Secure Score control not implemented. Standalone Managed service accounts are designed for individual services. These accounts often require elevated privileges to perform their designated job but because they cannot authenticate in the same way as human accounts, they typically do not benefit from the increased security of modern auth methods like MFA. Therefore, standalone managed service accounts that are not rotating their passwords regularly have higher likelihood to be compromised.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Your ability to detect and respond to threats is compromised. Without proper threat protection, attacks can persist undetected for months.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-AATP_SIDHistory |
Remove unsecure SID history attributes from entities
Secure Score control not implemented. A user or an application that relies on these types of SID history entries may stop functioning.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Your ability to detect and respond to threats is compromised. Without proper threat protection, attacks can persist undetected for months.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-AATP_ServiceAccountsInPrivilegedGroup |
Identify service accounts in privileged groups
Secure Score control not implemented. This report supports efforts to reduce the attack surface by prompting review of these accounts and removal of unnecessary group memberships.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Your ability to detect and respond to threats is compromised. Without proper threat protection, attacks can persist undetected for months.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-AATP_WeakCipher |
Stop weak cipher usage
Secure Score control not implemented. A user or an application that relies on these types of weak ciphers may stop functioning.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Your ability to detect and respond to threats is compromised. Without proper threat protection, attacks can persist undetected for months.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-AATP_PwdLAPS |
Protect and manage local admin passwords with Microsoft LAPS
Secure Score control not implemented. A user or an application that relies on local administrator passwords will need access to the LAPS UI to retrieve the current password for the local administrator account.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Your ability to detect and respond to threats is compromised. Without proper threat protection, attacks can persist undetected for months.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-AATP_PrivilegedAccountsWithDelegationAllowed |
Ensure privileged accounts are not delegated
Secure Score control not implemented. If the sensitive flag is disabled, attackers could exploit Kerberos delegation to misuse privileged account credentials, leading to unauthorized access, lateral movement, and potential network-wide security breaches.
Setting the sensitive flag on privileged user accounts will prevent users from gaining access to the account and manipulating system settings. For device accounts, setting them to "not delegated" is important to prevent it from being used in any delegation scenario, ensuring that credentials on this machine cannot be forwarded to access other services.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Your ability to detect and respond to threats is compromised. Without proper threat protection, attacks can persist undetected for months.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-AATP_PrintSpooler |
Disable Print spooler service on domain controllers
Secure Score control not implemented. Stopping the print spooler service will prevent printing directly from domain controllers or the running of orphaned printers published to Active Directory.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Your ability to detect and respond to threats is compromised. Without proper threat protection, attacks can persist undetected for months.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-AATP_Ping_SensitiveAccountWithoutFactorsAssigned |
Assign multi-factor authentication for PingOne privileged user accounts
Secure Score control not implemented. All privileged accounts must have multi-factor authentication (MFA) enabled to enhance security. By ensuring that privileged accounts such as Super Admin or Org Admin roles are protected with MFA, organizations can significantly reduce the risk of unauthorized access due to compromised credentials. This approach mitigates the potential for attackers to gain elevated access, thereby protecting sensitive resources and preventing misuse of critical administrative capabilities.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Your ability to detect and respond to threats is compromised. Without proper threat protection, attacks can persist undetected for months.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-AATP_Ping_SensitiveAccountWithOldPassword |
Change password for PingOne privileged User accounts
Secure Score control not implemented. Privileged accounts with old passwords pose a significant security risk, as older credentials are more likely to have been exposed through data breaches or other attack vectors. By enforcing regular password updates for privileged accounts, organizations can reduce the likelihood of unauthorized access and enhance overall security. Ensuring that accounts with elevated privileges adhere to stringent password policies protects sensitive resources and mitigates the risk of exploitation.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Your ability to detect and respond to threats is compromised. Without proper threat protection, attacks can persist undetected for months.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-AATP_Ping_HighNumberOfSuperAdmins |
Limit the number of PingOne accounts with organization admin role
Secure Score control not implemented. A high number of users with privileged roles increases the risk of misuse or unauthorized access to critical systems. By reducing the number of users assigned to roles such as Super Admin or Org Admin, organizations can better limit access to sensitive resources and reduce the attack surface. Maintaining a smaller, well-monitored set of privileged accounts ensures more effective governance and minimizes potential security vulnerabilities.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Your ability to detect and respond to threats is compromised. Without proper threat protection, attacks can persist undetected for months.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-AATP_GroupPolicyAssignsUnprivilegedIdentitiesToElevatedLocalGroups |
GPO assigns unprivileged identities to local groups with elevated privileges
Secure Score control not implemented. A user, service or application that relies on these local permissions may stop functioning.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Your ability to detect and respond to threats is compromised. Without proper threat protection, attacks can persist undetected for months.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-AATP_Ping_HighNumberOfNonSuperAdminPrivilegedUserAccounts |
High number of PingOne accounts with a privileged role assigned
Secure Score control not implemented. A high number of users with privileged roles increases the risk of misuse or unauthorized access to critical systems. By reducing the number of users assigned to roles such as Super Admin or Org Admin, organizations can better limit access to sensitive resources and reduce the attack surface. Maintaining a smaller, well-monitored set of privileged accounts ensures more effective governance and minimizes potential security vulnerabilities.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Your ability to detect and respond to threats is compromised. Without proper threat protection, attacks can persist undetected for months.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-AATP_PathRisk |
Reduce lateral movement path risk to sensitive entities
Secure Score control not implemented. A user or an application that relies on removed privileges associated with risky lateral movement paths may stop functioning.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Your ability to detect and respond to threats is compromised. Without proper threat protection, attacks can persist undetected for months.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-AATP_Okta_SensitiveApiToken |
Highly Privileged Okta Api Token
Secure Score control not implemented. API tokens inherit the permissions of the user who created them. If an API token is created by a user with sensitive permissions, it will inherit those permissions. If stolen, the token can provide the attacker with access equivalent to that of the user.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Your ability to detect and respond to threats is compromised. Without proper threat protection, attacks can persist undetected for months.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-AATP_Okta_SensitiveAccountWithoutFactorsAssigned |
Assign multi-factor authentication for Okta privileged user accounts
Secure Score control not implemented. All privileged accounts must have multi-factor authentication (MFA) enabled to enhance security. By ensuring that privileged accounts such as Super Admin or Org Admin roles are protected with MFA, organizations can significantly reduce the risk of unauthorized access due to compromised credentials. This approach mitigates the potential for attackers to gain elevated access, thereby protecting sensitive resources and preventing misuse of critical administrative capabilities.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Your ability to detect and respond to threats is compromised. Without proper threat protection, attacks can persist undetected for months.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-AATP_Okta_SensitiveAccountWithOldPassword |
Change password for Okta privileged User accounts
Secure Score control not implemented. Privileged accounts with old passwords pose a significant security risk, as older credentials are more likely to have been exposed through data breaches or other attack vectors. By enforcing regular password updates for privileged accounts, organizations can reduce the likelihood of unauthorized access and enhance overall security. Ensuring that accounts with elevated privileges adhere to stringent password policies protects sensitive resources and mitigates the risk of exploitation.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Your ability to detect and respond to threats is compromised. Without proper threat protection, attacks can persist undetected for months.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-AATP_Okta_HighNumberOfSuperAdmins |
Limit the Number of Okta Super Admins Accounts
Secure Score control not implemented. A high number of users with super admin role increases the risk of misuse or unauthorized access to critical systems. By reducing the number of users assigned to Super Admin, organizations can better limit access to sensitive resources and reduce the attack surface. Maintaining a smaller, well-monitored set of privileged accounts ensures more effective governance and minimizes potential security vulnerabilities.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Your ability to detect and respond to threats is compromised. Without proper threat protection, attacks can persist undetected for months.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-AATP_Okta_HighNumberOfNonSuperAdminPrivilegedUserAccounts |
High number of Okta accounts with privileged role assigned
Secure Score control not implemented. A high number of users with privileged roles increases the risk of misuse or unauthorized access to critical systems. By reducing the number of users assigned to roles such as Super Admin or Org Admin, organizations can better limit access to sensitive resources and reduce the attack surface. Maintaining a smaller, well-monitored set of privileged accounts ensures more effective governance and minimizes potential security vulnerabilities.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Your ability to detect and respond to threats is compromised. Without proper threat protection, attacks can persist undetected for months.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-AATP_Okta_Dormant |
Remove dormant Okta privileged accounts
Secure Score control not implemented. Dormant privileged accounts represent a significant security risk, as they may become targets for unauthorized access or misuse without detection. Deactivating or removing unused privileged accounts ensures that only active, monitored users have access to critical administrative capabilities.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Your ability to detect and respond to threats is compromised. Without proper threat protection, attacks can persist undetected for months.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-AATP_NonAdminDCSyncAccounts |
Remove non-admin accounts with DCSync permissions
Secure Score control not implemented. Listed accounts have permissions to initiate domain replication, which can potentially be exploited by attackers to gain unauthorized access, manipulate domain data, or compromise the integrity and availability of your Active Directory environment. It is crucial to carefully manage and restrict the membership of this group to ensure the security and integrity of your domain replication process.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Your ability to detect and respond to threats is compromised. Without proper threat protection, attacks can persist undetected for months.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-AATP_KerberosDelegations |
Modify unsecure Kerberos delegations to prevent impersonation
Secure Score control not implemented. A user or an application that relies on these types of unsecure kerberos configurations may stop functioning.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Your ability to detect and respond to threats is compromised. Without proper threat protection, attacks can persist undetected for months.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-AATP_InactiveServiceAccounts |
Remove stale service accounts
Secure Score control not implemented. Identifying and reviewing inactive (stale) service accounts helps reduce the organization's attack surface by enabling secure cleanup of unused accounts. This minimizes the risk of credential misuse or lateral movement by attackers, especially for privileged accounts that are no longer in use but still retain access.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Your ability to detect and respond to threats is compromised. Without proper threat protection, attacks can persist undetected for months.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-AATP_Ping_Dormant |
Remove stale PingOne privileged accounts
Secure Score control not implemented. Stale privileged accounts represent a significant security risk, as they may become targets for unauthorized access or misuse without detection. Deactivating or removing unused privileged accounts ensures that only active, monitored users have access to critical administrative capabilities.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Your ability to detect and respond to threats is compromised. Without proper threat protection, attacks can persist undetected for months.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-MDA_CitrixSF_LoginFailMaxAttempts |
Enhance 'login maximum attempts' - Number of attempts
Secure Score control not implemented. This setting enforce Account lock-out configuration when incorrect logging attempts occurs for all Citrix Share File users.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Cloud applications handle sensitive business data. Without proper security controls, data can be accessed by unauthorized users or exfiltrated to external locations.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-AATP_ADCSMisconfiguredCertificateTemplateEnrollmentAgent |
Edit misconfigured enrollment agent certificate template (ESC3)
Secure Score control not implemented. Each certificate template per AD CS servers with these settings may enable arbitrary certificates issuance ability by an adversary, leading to full domain compromise.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Your ability to detect and respond to threats is compromised. Without proper threat protection, attacks can persist undetected for months.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-AATP_ADCSMisconfiguredCertificateTemplateAcl |
Edit misconfigured certificate templates ACL (ESC4)
Secure Score control not implemented. Badly configured modification permissions allows non-privileged user to modify the settings of the template, creating an artificial misconfiguration later used for privilege escalation.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Your ability to detect and respond to threats is compromised. Without proper threat protection, attacks can persist undetected for months.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-MDA_SNOW_useCsrfToken |
Enable anti-CSRF token
Secure Score control not implemented. This remediation enables an extra validation step before the instance user submits a write request to the instance. Every write request contains a CSRF token (i.e a validation/CSRF ID tied to the user session). When the user session expires, the secure token expires with it.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Cloud applications handle sensitive business data. Without proper security controls, data can be accessed by unauthorized users or exfiltrated to external locations.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-forms_phishing_protection |
Ensure internal phishing protection for Forms is enabled
Secure Score control not implemented. If potential phishing was detected, the form will be temporarily blocked and cannot be distributed and response collection will not happen until it is unblocked by the administrator or keywords were removed by the creator.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Collaboration tools contain sensitive conversations and documents. Weak security enables data leaks and unauthorized access to confidential information.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-MDA_Workplace_SSO |
Adopt SSO (Single sign on) in Workplace by Meta
Secure Score control not implemented. None.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Cloud applications handle sensitive business data. Without proper security controls, data can be accessed by unauthorized users or exfiltrated to external locations.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-mcas_mda_enabled |
Ensure Microsoft Defender for Cloud Apps is enabled and configured
Secure Score control not implemented. None.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Cloud applications handle sensitive business data. Without proper security controls, data can be accessed by unauthorized users or exfiltrated to external locations.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-MDA_Atlassian_EnableTwoFactorAuth |
Enable multi-factor authentication (MFA)
Secure Score control not implemented. This setting enforces multi-factor authentication for all Atlassian users.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Cloud applications handle sensitive business data. Without proper security controls, data can be accessed by unauthorized users or exfiltrated to external locations.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-MDA_Atlassian_ForceSSO |
Enable Single Sing On (SSO)
Secure Score control not implemented. This setting enforce Single Sing On (SSO) for all Atlassian users.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Cloud applications handle sensitive business data. Without proper security controls, data can be accessed by unauthorized users or exfiltrated to external locations.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-MDA_Atlassian_InactiveTimeoutMins |
Enable session timeout for web users
Secure Score control not implemented. When you save changes to the session duration, users don't get logged out of their accounts. The new idle session duration will apply the next time a user logs in.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Cloud applications handle sensitive business data. Without proper security controls, data can be accessed by unauthorized users or exfiltrated to external locations.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-MDA_Zendesk_MFA |
Enable and adopt two-factor authentication (2FA)
Secure Score control not implemented. <p>Team members who haven't set up 2FA will be required to do so next time they sign in to Zendesk. Password-based authentication to the Zendesk API is disabled when 2FA is required. <p>Before enabling two-factor authentication, make sure you understand the following important considerations:</p> <ul> <li>You can use two-factor authentication on the Zendesk website or with the Zendesk iOS or Android apps. However, the Zendesk REST API doesn't currently support two-factor authentication. See <a href="https://developer.zendesk.com/documentation/ticketing/using-the-zendesk-api/using-the-api-with-2-factor-authentication-enabled" target="_blank" rel="noopener">Using the API when 2-factor authentication is enabled</a> in the Developers guide.</li> <li>Requiring two-factor authentication disables password-based authentication to the Zendesk API.</li> </ul>
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Cloud applications handle sensitive business data. Without proper security controls, data can be accessed by unauthorized users or exfiltrated to external locations.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-MDA_Zendesk_sessionexpiry |
Enable session timeout for users
Secure Score control not implemented. There are other technical differences and edge cases, but the main idea is that if a user is active, they will never be signed out. If they are inactive, the session will last as long as configured.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Cloud applications handle sensitive business data. Without proper security controls, data can be accessed by unauthorized users or exfiltrated to external locations.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-MDA_Zendesk_SSO |
Enable external Authentication (google or microsoft or SSO)
Secure Score control not implemented. See in learn more link.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Cloud applications handle sensitive business data. Without proper security controls, data can be accessed by unauthorized users or exfiltrated to external locations.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-exo_storageproviderrestricted |
Ensure additional storage providers are restricted in Outlook on the web
Secure Score control not implemented. Impact associated with this change is highly dependent upon current practices in the tenant. If users do not use other storage providers, then minimal impact is likely. However, if users do regularly utilize providers outside of the tenant this will affect their ability to continue to do so
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Email is the #1 attack vector - 90% of cyberattacks start with a phishing email. Weak email security enables credential theft, ransomware delivery, and business email compromise (BEC) fraud.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-MDA_Zendesk_ZanAuth |
Enable Zendesk authentication
Secure Score control not implemented. <p>For Team memebers, the following conditions must be met before they can use Zendesk authentication:</p> <ul> <li>Help center must be activated. Help center is the only publicly accessible side of Support and Chat for team members. See <a href="https://support.zendesk.com/hc/en-us/articles/4408846795674" target="_blank" rel="noopener">Getting started with Guide</a> in the Support help center.</li> <li>Team members must register. After registering, a team member is prompted to verify their email address and create a password, which the user can then use to sign in. See <a href="https://support.zendesk.com/hc/en-us/articles/4408893912986#topic_3tc_p2k_jj" target="_blank" rel="noopener">Requiring users to register</a> in the Support help center.</li> </ul>
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Cloud applications handle sensitive business data. Without proper security controls, data can be accessed by unauthorized users or exfiltrated to external locations.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-MDA_Atlassian_mobile_dataprotection |
Atlassian mobile app security - App data protection
Secure Score control not implemented. See in learn more link.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Cloud applications handle sensitive business data. Without proper security controls, data can be accessed by unauthorized users or exfiltrated to external locations.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-MDA_Zoom_MFA |
Enable multi-factor authentication
Secure Score control not implemented. This setting enforce multi factor authentication for all Zoom users.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Cloud applications handle sensitive business data. Without proper security controls, data can be accessed by unauthorized users or exfiltrated to external locations.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-MDA_Zoom_SessionTimeoutClient |
Enable session timeout for client users
Secure Score control not implemented. This setting enforce logout for in-active client users for all Zoom users.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Cloud applications handle sensitive business data. Without proper security controls, data can be accessed by unauthorized users or exfiltrated to external locations.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-MDA_Zoom_SessionTimeoutWeb |
Enable session timeout for web users
Secure Score control not implemented. This setting enforce logout for in-active web users for all Zoom users.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Cloud applications handle sensitive business data. Without proper security controls, data can be accessed by unauthorized users or exfiltrated to external locations.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-MDA_Atlassian_passwordExpiry |
Enable Password expiration policies
Secure Score control not implemented. See learn more link.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Cloud applications handle sensitive business data. Without proper security controls, data can be accessed by unauthorized users or exfiltrated to external locations.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-MDA_CitrixSF_EnableTwoFactorAuth |
Enable multi-factor authentication (MFA)
Secure Score control not implemented. This setting enforce multi factor authentication for all Citrix Share File users.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Cloud applications handle sensitive business data. Without proper security controls, data can be accessed by unauthorized users or exfiltrated to external locations.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-mdo_atpprotection |
Turn on Microsoft Defender for Office 365 in SharePoint, OneDrive, and Microsoft Teams
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Email is the #1 attack vector - 90% of cyberattacks start with a phishing email. Weak email security enables credential theft, ransomware delivery, and business email compromise (BEC) fraud.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-MDA_CitrixSF_ForceSSO |
Enable Single Sign on (SSO)
Secure Score control not implemented. This setting enforce Single Sign On (SSO) for all Citrix Share File users.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Cloud applications handle sensitive business data. Without proper security controls, data can be accessed by unauthorized users or exfiltrated to external locations.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-mdo_blockmailforward |
Ensure all forms of mail forwarding are blocked and/or disabled
Secure Score control not implemented. Care should be taken before implementation to ensure there is no business need for case-by-case auto-forwarding. Disabling auto-forwarding to remote domains will affect all users and in an organization. Any exclusions should be implemented based on organizational policy.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Email is the #1 attack vector - 90% of cyberattacks start with a phishing email. Weak email security enables credential theft, ransomware delivery, and business email compromise (BEC) fraud.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-MDA_CitrixSF_InactiveTimeoutMins |
Enable session timeout for web users
Secure Score control not implemented. This setting enforce Session time out for all Citrix Share File users.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Cloud applications handle sensitive business data. Without proper security controls, data can be accessed by unauthorized users or exfiltrated to external locations.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-MDA_Atlassian_mobile_access |
Atlassian mobile app security - App access requirement
Secure Score control not implemented. See in learn more link.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Cloud applications handle sensitive business data. Without proper security controls, data can be accessed by unauthorized users or exfiltrated to external locations.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-AATP_ADCSMisconfiguredCertificateTemplateEku |
Edit overly permissive Certificate Template with privileged EKU (Any purpose EKU or No EKU) (ESC2)
Secure Score control not implemented. Each certificate template per AD CS servers with these settings can be enrolled by an attacker and be used for multiple abuses affecting code integrity, server integrity, AD FS and IPSec (as they are relying on certificates).
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Your ability to detect and respond to threats is compromised. Without proper threat protection, attacks can persist undetected for months.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-MDA_SNOW_soapStrictSecurity |
Enable SOAP request strict security
Secure Score control not implemented. f there are users currently accessing this data, they are restricted/allowed to access the data based on the ACL rules.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Cloud applications handle sensitive business data. Without proper security controls, data can be accessed by unauthorized users or exfiltrated to external locations.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-exo_SPF_records_for_all_domains |
Ensure that SPF records are published for all Exchange Domains
Secure Score control not implemented. None.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Email is the #1 attack vector - 90% of cyberattacks start with a phishing email. Weak email security enables credential theft, ransomware delivery, and business email compromise (BEC) fraud.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-AATP_ADCSMisconfiguredCertificateAuthorityAcl |
Edit misconfigured Certificate Authority ACL (ESC7)
Secure Score control not implemented. The impact of a misconfigured ACL varies based on the type of ACL applied. If an unprivileged user holds the "Manage Certificates" right, they can approve pending certificate requests without manager approval. With the "Manage CA" right, they can modify CA settings, such as adding the "User specifies SAN" flag, leading to a complete domain compromise.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Your ability to detect and respond to threats is compromised. Without proper threat protection, attacks can persist undetected for months.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-AATP_ADCSInsecureCertificateEnrollmentIisEndpoints |
Edit insecure certificate enrollment IIS endpoints (ESC8)
Secure Score control not implemented. If the IIS endpoint allows NTLM authentication without enforcing protocol signing (HTTPS) or without enforcing Extended Protection for Authentication (EPA), it becomes vulnerable to NTLM relay attacks.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Your ability to detect and respond to threats is compromised. Without proper threat protection, attacks can persist undetected for months.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-AATP_ADCSCertificateTemplateEnrolementSuppliesSubject |
Prevent users to request a certificate valid for arbitrary users based on the certificate template (ESC1)
Secure Score control not implemented. Each certificate template per AD CS servers with these settings can lead to full domain compromise.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Your ability to detect and respond to threats is compromised. Without proper threat protection, attacks can persist undetected for months.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-AATP_ADCSCertificateTemplateArbitraryAppPolicies |
Prevent Certificate Enrollment with arbitrary Application Policies (ESC15)
Secure Score control not implemented. Vulnerable certificate template allows non-privileged users to issue a certificate that can be used for authenticating as high-privileged user.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Your ability to detect and respond to threats is compromised. Without proper threat protection, attacks can persist undetected for months.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-AATP_AdAccountWithPotentiallyLeakedCredentials |
Change password for on-prem account with potentially leaked credentials
Secure Score control not implemented. An account with compromised credentials can be exploited by malicious actors to gain unauthorized access.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Your ability to detect and respond to threats is compromised. Without proper threat protection, attacks can persist undetected for months.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-AATP_AccountWithLeakedCredentials |
Change password for accounts with leaked credentials
Secure Score control not implemented. An account with a compromised credentials can be used by bad actors to gain access using those credentials
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Identity is the new security perimeter. Compromised credentials are involved in 80% of breaches - weak identity controls give attackers legitimate access to your systems.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-AATP_AccountsWithNonDefaultPrimaryGroup |
Accounts with non-default Primary Group ID
Secure Score control not implemented. The primaryGroupId attribute of a user or computer account grants implicit membership to a group. Membership through this attribute does not appear in the list of group members in some interfaces. This attribute may be used as an attempt to hide group membership. It might be a stealthy way for an attacker to escalate privileges without triggering normal auditing for group membership changes.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Your ability to detect and respond to threats is compromised. Without proper threat protection, attacks can persist undetected for months.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-AATP_AccountsInOperatorGroups |
Locate accounts in built-in Operator Groups
Secure Score control not implemented. Accounts that are members of these built-in operator groups may retain legacy or unnecessary elevated privileges, increasing the risk of privilege escalation or lateral movement within the environment. Attackers who compromise such accounts can perform critical actions like managing user accounts, accessing backups, or controlling domain controllers without needing full Domain Admin rights. This elevated access can lead to significant security breaches if not properly managed.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Your ability to detect and respond to threats is compromised. Without proper threat protection, attacks can persist undetected for months.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-aad_third_party_apps |
Ensure third party integrated applications are not allowed
Secure Score control not implemented. None.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Identity is the new security perimeter. Compromised credentials are involved in 80% of breaches - weak identity controls give attackers legitimate access to your systems.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-aad_sign_in_freq_session_timeout |
Ensure Sign-in frequency is enabled and browser sessions are not persistent for Administrative users
Secure Score control not implemented. None.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Identity is the new security perimeter. Compromised credentials are involved in 80% of breaches - weak identity controls give attackers legitimate access to your systems.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-MDA_SNOW_soapRequireContentTypeXml |
Enable SOAP content type checking
Secure Score control not implemented. This remediation enables validation of SOAP content type for all the inbound SOAP requests. If you are using a content type other than text/xml for inbound requests, it may cause potential failure of SOAP transactions.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Cloud applications handle sensitive business data. Without proper security controls, data can be accessed by unauthorized users or exfiltrated to external locations.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-aad_phishing_MFA_strength |
Ensure 'Phishing-resistant MFA strength' is required for Administrators
Secure Score control not implemented. If administrators aren't pre-registered for a strong authentication method prior to a conditional access policy is created then a condition could occur where a user can't register for strong authentication because they don't meet the conditional access policy requirements, and therefore are prevented from signing in.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Identity is the new security perimeter. Compromised credentials are involved in 80% of breaches - weak identity controls give attackers legitimate access to your systems.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-dlp_datalossprevention |
Ensure DLP policies are enabled
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Sensitive data (customer info, financials, IP) could be leaked or stolen. Data breaches result in regulatory fines, lawsuits, and irreparable reputation damage.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-exo_individualsharing |
Ensure 'External sharing' of calendars is not available
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Email is the #1 attack vector - 90% of cyberattacks start with a phishing email. Weak email security enables credential theft, ransomware delivery, and business email compromise (BEC) fraud.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-aad_custom_banned_passwords |
Ensure custom banned passwords lists are used
Secure Score control not implemented. <p>If a custom banned password list includes too many common dictionary words, or short words that are part of compound words, then perfectly secure passwords may be blocked. The organization should consider a balance between security and usability when creating a list.</p>
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Identity is the new security perimeter. Compromised credentials are involved in 80% of breaches - weak identity controls give attackers legitimate access to your systems.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-aad_admin_consent_workflow |
Ensure the admin consent workflow is enabled
Secure Score control not implemented. None.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Identity is the new security perimeter. Compromised credentials are involved in 80% of breaches - weak identity controls give attackers legitimate access to your systems.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-MDA_SNOW_highSecurity |
Enable high security plugin
Secure Score control not implemented. This plugin enables several system security configurations, which may impact UI and functionality as well.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Cloud applications handle sensitive business data. Without proper security controls, data can be accessed by unauthorized users or exfiltrated to external locations.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-MDA_SNOW_httpCacheControl |
Set default cache-control HTTP header value to private
Secure Score control not implemented. None.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Cloud applications handle sensitive business data. Without proper security controls, data can be accessed by unauthorized users or exfiltrated to external locations.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-MDA_SNOW_loginNoBlankPassword |
Disable password-less authentication
Secure Score control not implemented. Operations should not use blank passwords because it is viewed as a critical security risk. However, if there is a valid case for such usage, there is a possibility of an outage. Users with blank passwords wouldn't be able to log in to the instance.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Cloud applications handle sensitive business data. Without proper security controls, data can be accessed by unauthorized users or exfiltrated to external locations.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-MDA_SNOW_roleManagement |
Enable Contextual Security: Role Management plugin
Secure Score control not implemented. This remediation enforces functional level of access controls, which would let application determine the access restrictions based on ACL table alone.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Cloud applications handle sensitive business data. Without proper security controls, data can be accessed by unauthorized users or exfiltrated to external locations.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-MDA_SNOW_scriptUseSandbox |
Enable client generated scripts sandbox
Secure Score control not implemented. There is a potential impact if a user has customizations that include hard-coded JavaScript queries to perform CRUD operations.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Cloud applications handle sensitive business data. Without proper security controls, data can be accessed by unauthorized users or exfiltrated to external locations.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-MDA_SNOW_smDefaultMode |
Enable default deny with new ACL rules
Secure Score control not implemented. Setting this prperty for deny value, will restrict the read, write, create, and delete operations on all tables, unless the user has the admin role or meets the requirements of another table ACL rule.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Cloud applications handle sensitive business data. Without proper security controls, data can be accessed by unauthorized users or exfiltrated to external locations.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-aad_password_protection |
Ensure password protection is enabled for on-prem Active Directory
Secure Score control not implemented. The potential impact associated with implementation of this setting is dependent upon the existing password policies in place in the environment. For environments that have strong password policies in place, the impact will be minimal. For organizations that do not have strong password policies in place, implementation of Microsoft Entra ID Password Protection may require users to change passwords, and adhere to more stringent requirements than they have been accustomed to.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Identity is the new security perimeter. Compromised credentials are involved in 80% of breaches - weak identity controls give attackers legitimate access to your systems.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_95 |
Enable 'Microsoft network client: Digitally sign communications (always)'
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-AATP_UnsecureDomain |
Resolve unsecure domain configurations
Secure Score control not implemented. A user or an application that relies on these types of unsecure account configurations may stop functioning.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Your ability to detect and respond to threats is compromised. Without proper threat protection, attacks can persist undetected for months.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_93 |
Disable the local storage of passwords and credentials
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_57 |
Disable 'WDigest Authentication'
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_85 |
Block outdated ActiveX controls for Internet Explorer
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_58 |
Disable 'Installation and configuration of Network Bridge on your DNS domain network'
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-MDA_SNOW_authRequiredJson2 |
Enable enforcing JSONv2 requests with basic authorization
Secure Score control not implemented. <p>1. It performs authentication while retrieving data from tables/pages in the form of JSON data on the instance.<br>2. It restricts any guest users who are currently accessing this data.<br>3. Create an account for a user who needs access to this content, with the necessary access control permissions.</p>
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Cloud applications handle sensitive business data. Without proper security controls, data can be accessed by unauthorized users or exfiltrated to external locations.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_4002 |
Remove shares from the root folder
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_60 |
Prohibit use of Internet Connection Sharing on your DNS domain network
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_87 |
Disable Solicited Remote Assistance
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_6014 |
Unrestricted Access Accounts for Linux
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_88 |
Disable Anonymous enumeration of shares
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_4001 |
Remove share write permission set to ‘Everyone’
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_89 |
Enable scanning of removable drives during a full scan
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_9 |
Enable 'Local Machine Zone Lockdown Security'
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_82 |
Disable IP source routing
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_81 |
Set IPv6 source routing to highest protection
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_4000 |
Disallow offline access to shares
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-MDA_SF_minimumPasswordLifetime |
Require a minimum 1 day password lifetime
Secure Score control not implemented. Your users will not be able to change their password more than one time a day.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Cloud applications handle sensitive business data. Without proper security controls, data can be accessed by unauthorized users or exfiltrated to external locations.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_39 |
Enable 'Domain member: Digitally sign secure channel data (when possible)'
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_6091 |
Turn on Microsoft Defender Antivirus PUA protection in block mode for Linux
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_90 |
Enable Microsoft Defender Antivirus email scanning
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_80 |
Block Flash activation in Office documents
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_38 |
Enable Set 'Domain member: Digitally encrypt secure channel data (when possible)'
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-MDA_SNOW_authRequiredSOAP |
Enable enforcing SOAP requests with basic authorization
Secure Score control not implemented. <p>1. It performs authentication while retrieving data from tables/pages in the form of SOAP data on the instance.<br>2. It restricts any guest users who are currently accessing this data.<br>3. Create an account for a user who needs access to this content, with the necessary access control permissions.</p>
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Cloud applications handle sensitive business data. Without proper security controls, data can be accessed by unauthorized users or exfiltrated to external locations.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_6092 |
Turn on Microsoft Defender Antivirus Tamper Protection for Linux
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_50 |
Disable merging of local Microsoft Defender Firewall rules with group policy firewall rules for the Public profile
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_36 |
Enable 'Domain member: Require strong (Windows 2000 or later) session key'
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_55 |
Disable 'Network access: Let Everyone permissions apply to anonymous users'
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_35 |
Set 'Minimum password age' to '1 or more day(s)'
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_54 |
Disable SMBv1 server
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_4003 |
Set folder access-based enumeration for shares
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_94 |
Disable sending unencrypted password to third-party SMB servers
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-MDA_SNOW_authenticateMultifactor |
Enable multi-factor authentication
Secure Score control not implemented. Enabling this property requires from the user to have an extra layer of authentication.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Cloud applications handle sensitive business data. Without proper security controls, data can be accessed by unauthorized users or exfiltrated to external locations.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_5003 |
Set minimum password length to 15 or more characters in macOS
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_5004 |
Set 'Enforce password history' to '24 or more password(s)' in macOS
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_5005 |
Set 'Maximum password age' to '90 or fewer days, but not 0' in macOS
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_5006 |
Set account lockout threshold to 5 or lower in macOS
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_83 |
Enable Explorer Data Execution Prevention (DEP)
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-MDA_SF_password_lockoutInterval |
Lockout effective period
Secure Score control not implemented. A locked-out user must wait until the lockout period expires. Alternatively, a user with the Reset User Passwords and Unlock Users permission can unlock a user from Setup.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Cloud applications handle sensitive business data. Without proper security controls, data can be accessed by unauthorized users or exfiltrated to external locations.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_5009 |
Enable Gatekeeper in macOS
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_45 |
Set user authentication for remote connections by using Network Level Authentication to 'Enabled'
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_5010 |
Enable System Integrity Protection (SIP) in macOS
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_5011 |
Enable FileVault Disk Encryption in macOS
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_5013 |
Ensure screensaver is set to start in 20 minutes or less in macOS
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_44 |
Set 'Account lockout threshold' to 1-10 invalid login attempts
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_5014 |
Secure Home Folders in macOS
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_5091 |
Turn on Microsoft Defender Antivirus PUA protection in block mode in macOS
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_5092 |
Turn on Tamper Protection for MacOS
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-MDA_SF_password_expiration |
User passwords expire in 90 days or less
Secure Score control not implemented. Your users must changed password every 90 days.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Cloud applications handle sensitive business data. Without proper security controls, data can be accessed by unauthorized users or exfiltrated to external locations.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_5093 |
Enable Microsoft Defender Antivirus real-time behavior monitoring in macOS
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_5094 |
Enable Microsoft Defender Antivirus cloud-delivered protection in macOS
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_42 |
Set 'Reset account lockout counter after' to 15 minutes or more
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_5095 |
Update Microsoft Defender Antivirus definitions in macOS
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_51 |
Disable merging of local Microsoft Defender Firewall connection rules with group policy firewall rules for the Public profile
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_41 |
Set 'Account lockout duration' to 15 minutes or more
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_52 |
Enable 'Apply UAC restrictions to local accounts on network logons'
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_53 |
Disable SMBv1 client driver
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_34 |
Set 'Maximum password age' to '60 or fewer days, but not 0'
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_37 |
Enable 'Domain member: Digitally encrypt or sign secure channel data (always)'
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_32 |
Set 'Minimum password length' to '14 or more characters'
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_66 |
Disable 'Always install with elevated privileges'
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_3003 |
Change service account to avoid cached password in windows registry
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_3002 |
Change service executable path to a common protected location
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_67 |
Disable 'Autoplay for non-volume devices'
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_68 |
Disable 'Anonymous enumeration of SAM accounts'
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_3001 |
Fix unquoted service path for Windows services
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_30 |
Disable 'Insecure guest logons' in SMB
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_29 |
Disable 'Enumerate administrator accounts on elevation'
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_28 |
Set 'Interactive logon: Machine inactivity limit' to '1-900 seconds'
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_27 |
Set User Account Control (UAC) to automatically deny elevation requests
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_26 |
Enable 'Safe DLL Search Mode'
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_91 |
Enable Microsoft Defender Antivirus real-time behavior monitoring
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_2518 |
Block rebooting machine in Safe Mode
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_33 |
Set 'Enforce password history' to '24 or more password(s)'
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_2517 |
Block use of copied or impersonated system tools
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_69 |
Disable 'Autoplay' for all drives
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_2515 |
Block abuse of exploited vulnerable signed drivers
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_2514 |
Block persistence through WMI event subscription
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_70 |
Set default behavior for 'AutoRun' to 'Enabled: Do not execute any autorun commands'
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_2513 |
Block Adobe Reader from creating child processes
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_2512 |
Block Office communication application from creating child processes
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_2511 |
Block untrusted and unsigned processes that run from USB
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_71 |
Enable 'Limit local account use of blank passwords to console logon only'
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_2510 |
Block process creations originating from PSExec and WMI commands
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_72 |
Set LAN Manager authentication level to 'Send NTLMv2 response only. Refuse LM & NTLM'
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_73 |
Disable 'Allow Basic authentication' for WinRM Client
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_2509 |
Block credential stealing from the Windows local security authority subsystem (lsass.exe)
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_74 |
Disable 'Allow Basic authentication' for WinRM Service
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_2516 |
Block Webshell creation for Servers
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-MDA_SNOW_authRequiredUnl |
Enable unload request authorization
Secure Score control not implemented. This remediation enforces a combination of authentication methods, in the form of basic authentication and system level access control. It performs this authentication while retrieving data from tables/pages in the form of unload data on the instance.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Cloud applications handle sensitive business data. Without proper security controls, data can be accessed by unauthorized users or exfiltrated to external locations.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_65 |
Disable 'Store LAN Manager hash value on next password change'
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_3010 |
Disable the built-in Administrator account
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_79 |
Disable running or installing downloaded software with invalid signature
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_78 |
Disable JavaScript on Adobe Acrobat Pro XI
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_77 |
Disable Flash on Adobe Acrobat Pro XI
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_6093 |
Enable Microsoft Defender Antivirus real-time behavior monitoring for Linux
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_3011 |
Disable the built-in Guest account
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_6094 |
Enable Microsoft Defender Antivirus cloud-delivered protection for Linux
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_6095 |
Update Microsoft Defender Antivirus definitions for Linux
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_76 |
Disable JavaScript on Adobe Reader DC
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-MDA_SF_password_sessionTimeout |
Session timeout
Secure Score control not implemented. Users cannot have a session longer than the defined timeout value.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Cloud applications handle sensitive business data. Without proper security controls, data can be accessed by unauthorized users or exfiltrated to external locations.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_6100 |
Enable 'Microsoft Defender for Endpoint Plug-in for WSL'
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_64 |
Restrict anonymous access to named pipes and Shares
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_63 |
Disable 'Configure Offer Remote Assistance'
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_61 |
Set 'Minimum PIN length for startup' to '6 or more characters'
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_75 |
Disable Flash on Adobe Reader DC
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SECURESCORE-M365-scid_62 |
Enable 'Require additional authentication at startup'
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
DEFENDER-CONFIG-002 |
High-Impact Security Controls Not Implemented
Security controls with high impact scores (5+ points) remain unimplemented, representing missed opportunities for significant security improvement
|
318
|
MicrosoftDefender |
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Prioritize implementation of high-impact security controls. Start with low-cost, low-user-impact controls. Allocate resources for control implementation. Track completion quarterly.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO 27001, SOC2, CMMC
Technical Remediation:
Prioritize implementation of high-impact security controls. Start with low-cost, low-user-impact controls. Allocate resources for control implementation. Track completion quarterly.
|
| High |
DEVICE-028 |
Microsoft Defender for Endpoint Not Deployed
Defender for Endpoint not deployed to managed devices. Missing advanced threat protection.
|
309
|
MicrosoftGraph.DeviceManagement |
M
2-4 hrs
|
Why This Matters
A critical security feature has been turned off, leaving your organization exposed. Security features exist for a reason - disabling them creates exploitable gaps that attackers actively look for.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST, CIS, CMMC, ISO27001, FedRAMP, HITRUST
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
STOR-002 |
|
96
|
|
M
2-4 hrs
|
Why This Matters
This security finding indicates a gap in your security posture. Unaddressed security gaps accumulate risk and increase the likelihood of a successful attack.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
DEVICE-007 |
Unmanaged Device Registered
Device is registered in Azure AD but not enrolled in Intune. Cannot apply compliance or configuration policies.
|
86
|
MicrosoftGraph.Identity.DirectoryManagement |
M
2-4 hrs
|
Why This Matters
Non-compliant devices accessing corporate data create security gaps. Lost or compromised devices are a leading cause of data breaches.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Enroll device in Intune or remove registration if not needed
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST, CIS, ISO27001
Technical Remediation:
Enroll device in Intune or remove registration if not needed
|
| High |
AZURE-017 |
Azure Storage HTTPS Not Enforced
Storage accounts allow HTTP connections. Data in transit is not encrypted.
|
32
|
Azure.Storage |
M
2-4 hrs
|
Why This Matters
A critical security feature has been turned off, leaving your organization exposed. Security features exist for a reason - disabling them creates exploitable gaps that attackers actively look for.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: SOC2, NIST, HIPAA, ISO27001, PCI-DSS, GDPR, FedRAMP, HITRUST
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
DEFENDER-THREAT-013 |
Security Alerts from Defender ATP Provider
Defender for Endpoint (ATP) has detected threats requiring attention, indicating endpoint-level security issues
|
32
|
MicrosoftDefender |
M
2-4 hrs
|
Why This Matters
Your ability to detect and respond to threats is compromised. Without proper threat protection, attacks can persist undetected for months.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Manual Configuration Required: This requires changes in the Microsoft 365 Admin Center or Azure Portal.
Recommended Action: Assign to your M365 administrator. This may require policy review and approval from security leadership.
Compliance Impact: This finding affects: NIST 800-53, ISO 27001, SOC2
Technical Remediation:
Review Defender for Endpoint console for detailed alert information. Execute recommended automated investigation and response actions. Verify endpoint compliance with security baseline.
|
| High |
DEVICE-075 |
Device Configuration: No Firewall Policy
No device configuration policy enforces firewall settings. Devices may have firewall disabled.
|
14
|
MicrosoftGraph.DeviceManagement |
M
2-4 hrs
|
Why This Matters
A critical security feature has been turned off, leaving your organization exposed. Security features exist for a reason - disabling them creates exploitable gaps that attackers actively look for.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST, CIS, CMMC, ISO27001, FedRAMP
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
MISC-311 |
SmtpDaneStatus Unhealthy State Detected
Property 'SmtpDaneStatus' is in unhealthy state: Disabled. This may indicate provisioning failure, compliance violation, or disabled security control.
|
12
|
ExchangeOnline |
M
2-4 hrs
|
Why This Matters
This security finding indicates a gap in your security posture. Unaddressed security gaps accumulate risk and increase the likelihood of a successful attack.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Investigation Required: This finding needs human review to determine the appropriate action.
Recommended Action: Security team should review the affected items and determine if they are legitimate or require remediation.
Compliance Impact: This finding affects: ISO27001, NIST, CIS, GDPR, FedRAMP
Technical Remediation:
Review property 'SmtpDaneStatus' in ExchangeOnline module. Investigate the root cause of unhealthy state. Check provisioning logs, compliance policies, or enable disabled controls.
|
| High |
EXO-028 |
Transport Rule: Bypass Spam Filtering
Transport rule is configured to bypass spam filtering. This creates a security gap.
|
10
|
ExchangeOnline |
M
2-4 hrs
|
Why This Matters
Email is the #1 attack vector - 90% of cyberattacks start with a phishing email. Weak email security enables credential theft, ransomware delivery, and business email compromise (BEC) fraud.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Investigation Required: This finding needs human review to determine the appropriate action.
Recommended Action: Security team should review the affected items and determine if they are legitimate or require remediation.
Compliance Impact: This finding affects: SOC2, NIST, CIS, HIPAA
Technical Remediation:
Review and remove if not required: Remove-TransportRule -Identity '<Name>'
|
| High |
EXO-001 |
Mailbox Audit Logging Disabled
Mailbox auditing is disabled. This prevents tracking of mailbox access, item modifications, and potential data exfiltration.
|
9
|
ExchangeOnline |
XS
15-60 min
|
Why This Matters
Without proper audit logging, you cannot detect breaches, investigate incidents, or prove compliance. Attackers specifically target logging to hide their activities.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Automated Fix Available: This can be remediated using PowerShell. Your IT team can run the command shown below to fix this issue.
Recommended Action: Schedule this fix with your IT team. For Critical/High severity items, consider expedited change procedures.
Compliance Impact: This finding affects: SOC2, NIST, HIPAA, CIS, CMMC, ISO27001, GDPR, FedRAMP, HITRUST
Technical Remediation:
Set-Mailbox -Identity '<UserPrincipalName>' -AuditEnabled $true
|
| High |
MISC-080 |
Teams: Meeting Recording Without Consent Notification
Teams allows meeting recording without explicit consent notification. Privacy compliance risk.
|
8
|
MicrosoftTeams |
M
2-4 hrs
|
Why This Matters
A critical security feature has been turned off, leaving your organization exposed. Security features exist for a reason - disabling them creates exploitable gaps that attackers actively look for.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: GDPR, HIPAA, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
DEFENDER-THREAT-004 |
Active Malware Detection Alerts
Malware has been detected on endpoints and alerts remain unresolved, indicating potential malware infection requiring immediate remediation
|
5
|
MicrosoftDefender |
M
2-4 hrs
|
Why This Matters
Your ability to detect and respond to threats is compromised. Without proper threat protection, attacks can persist undetected for months.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Investigation Required: This finding needs human review to determine the appropriate action.
Recommended Action: Security team should review the affected items and determine if they are legitimate or require remediation.
Compliance Impact: This finding affects: NIST 800-53, ISO 27001, SOC2, CMMC
Technical Remediation:
Isolate affected endpoints. Run full antimalware scan. Remove detected malware using Defender for Endpoint automated investigation and response. Verify remediation success. Investigate root cause (email attachment, web download, USB device).
|
| High |
MGI-083 |
Conditional Access: No Device Compliance Requirement
No CA policy requires device compliance. Unmanaged devices can access corporate resources.
|
3
|
MicrosoftGraph.Identity.SignIns |
M
2-4 hrs
|
Why This Matters
A critical security feature has been turned off, leaving your organization exposed. Security features exist for a reason - disabling them creates exploitable gaps that attackers actively look for.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: SOC2, NIST, CIS, CMMC, ISO27001, GDPR, FedRAMP, HITRUST
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
MGI-002 |
Conditional Access Policy: Disabled
Conditional Access policy is configured but disabled. Protection is not active.
|
3
|
MicrosoftGraph.Identity.SignIns |
M
2-4 hrs
|
Why This Matters
Conditional Access policies are your adaptive security layer. Without proper policies, users can access sensitive resources from compromised devices or risky locations.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Enable policy: Update-MgIdentityConditionalAccessPolicy -ConditionalAccessPolicyId '<Id>' -State 'enabled'
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: ISO27001, NIST, CIS, HIPAA, SOC2, FedRAMP, HITRUST
Technical Remediation:
Enable policy: Update-MgIdentityConditionalAccessPolicy -ConditionalAccessPolicyId '<Id>' -State 'enabled'
|
| High |
MGI-084 |
Conditional Access: No App Protection Policy Enforcement
No CA policy requires app protection policies (MAM). Mobile app data can be copied to unmanaged apps.
|
3
|
MicrosoftGraph.Identity.SignIns |
M
2-4 hrs
|
Why This Matters
A critical security feature has been turned off, leaving your organization exposed. Security features exist for a reason - disabling them creates exploitable gaps that attackers actively look for.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: SOC2, HIPAA, ISO27001, GDPR, FedRAMP, HITRUST
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
AZURE-134 |
QuarantinePolicyStatus Unhealthy State Detected
Property 'QuarantinePolicyStatus' is in unhealthy state: Disabled. This may indicate provisioning failure, compliance violation, or disabled security control.
|
1
|
Azure.ContainerRegistry |
M
2-4 hrs
|
Why This Matters
This security finding indicates a gap in your security posture. Unaddressed security gaps accumulate risk and increase the likelihood of a successful attack.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Investigation Required: This finding needs human review to determine the appropriate action.
Recommended Action: Security team should review the affected items and determine if they are legitimate or require remediation.
Compliance Impact: This finding affects: ISO27001, NIST, CIS, GDPR, FedRAMP
Technical Remediation:
Review property 'QuarantinePolicyStatus' in Azure.ContainerRegistry module. Investigate the root cause of unhealthy state. Check provisioning logs, compliance policies, or enable disabled controls.
|
| High |
AZURE-133 |
SoftDeletePolicyStatus Unhealthy State Detected
Property 'SoftDeletePolicyStatus' is in unhealthy state: Disabled. This may indicate provisioning failure, compliance violation, or disabled security control.
|
1
|
Azure.ContainerRegistry |
M
2-4 hrs
|
Why This Matters
This security finding indicates a gap in your security posture. Unaddressed security gaps accumulate risk and increase the likelihood of a successful attack.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Investigation Required: This finding needs human review to determine the appropriate action.
Recommended Action: Security team should review the affected items and determine if they are legitimate or require remediation.
Compliance Impact: This finding affects: ISO27001, NIST, CIS, GDPR, FedRAMP
Technical Remediation:
Review property 'SoftDeletePolicyStatus' in Azure.ContainerRegistry module. Investigate the root cause of unhealthy state. Check provisioning logs, compliance policies, or enable disabled controls.
|
| High |
AZURE-132 |
EncryptionStatus Unhealthy State Detected
Property 'EncryptionStatus' is in unhealthy state: Disabled. This may indicate provisioning failure, compliance violation, or disabled security control.
|
1
|
Azure.ContainerRegistry |
M
2-4 hrs
|
Why This Matters
This security finding indicates a gap in your security posture. Unaddressed security gaps accumulate risk and increase the likelihood of a successful attack.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Investigation Required: This finding needs human review to determine the appropriate action.
Recommended Action: Security team should review the affected items and determine if they are legitimate or require remediation.
Compliance Impact: This finding affects: ISO27001, NIST, CIS, HIPAA, GDPR, FedRAMP
Technical Remediation:
Review property 'EncryptionStatus' in Azure.ContainerRegistry module. Investigate the root cause of unhealthy state. Check provisioning logs, compliance policies, or enable disabled controls.
|
| High |
MANUAL-059 |
Ensure external user invitations are restricted
Verifies that external user invitations are restricted
|
1
|
|
M
2-4 hrs
|
Why This Matters
This security finding indicates a gap in your security posture. Unaddressed security gaps accumulate risk and increase the likelihood of a successful attack.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CIS M365
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
MANUAL-058 |
Ensure internal phishing protection for Forms is enabled
Verifies that internal phishing protection for forms is enabled
|
1
|
|
M
2-4 hrs
|
Why This Matters
This security finding indicates a gap in your security posture. Unaddressed security gaps accumulate risk and increase the likelihood of a successful attack.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CIS M365
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
MANUAL-056 |
Ensure that SharePoint guest users cannot share items they don
Verifies that sharepoint guest users cannot share items they don
|
1
|
|
M
2-4 hrs
|
Why This Matters
This security finding indicates a gap in your security posture. Unaddressed security gaps accumulate risk and increase the likelihood of a successful attack.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CIS M365
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
MANUAL-055 |
Ensure guest access to a site or OneDrive will expire automatically
Verifies that guest access to a site or onedrive will expire automatically
|
1
|
|
M
2-4 hrs
|
Why This Matters
This security finding indicates a gap in your security posture. Unaddressed security gaps accumulate risk and increase the likelihood of a successful attack.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CIS M365
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
MANUAL-054 |
Ensure external participants can
Verifies that external participants can
|
1
|
|
M
2-4 hrs
|
Why This Matters
Collaboration tools contain sensitive conversations and documents. Weak security enables data leaks and unauthorized access to confidential information.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CIS M365
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
MANUAL-051 |
Ensure a dynamic group for guest users is created
Verifies that a dynamic group for guest users is created
|
1
|
|
M
2-4 hrs
|
Why This Matters
Identity is the new security perimeter. Compromised credentials are involved in 80% of breaches - weak identity controls give attackers legitimate access to your systems.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CIS M365
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SCUBA-SPO-009 |
MS.SHAREPOINT.3.3v1
CISA federal baseline requirement: MS.SHAREPOINT.3.3v1
|
1
|
|
M
2-4 hrs
|
Why This Matters
SharePoint stores critical business documents. Misconfigured permissions can expose sensitive data to unauthorized users or the public internet.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA Baseline, Federal Security Baseline
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SCUBA-SPO-010 |
SharePoint External Sharing Allows Anyone Links
Anyone links allow unauthenticated access to SharePoint content, creating data leakage risks.
|
1
|
|
M
2-4 hrs
|
Why This Matters
SharePoint stores critical business documents. Misconfigured permissions can expose sensitive data to unauthorized users or the public internet.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CIS M365, NIST 800-53
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
MANUAL-037 |
Network Security Groups (NSGs) Misconfigured
Analyzes NSG rules for overly permissive or risky configurations
|
1
|
|
M
2-4 hrs
|
Why This Matters
This security finding indicates a gap in your security posture. Unaddressed security gaps accumulate risk and increase the likelihood of a successful attack.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
MANUAL-099 |
Microsoft Authenticator SHALL be configured to show application and location context
CISA ScubaGear MS.AAD.3.3v2: Microsoft Authenticator SHALL be configured to show application name and geographic location in push notifications to prevent MFA fatigue attacks.
|
1
|
|
M
2-4 hrs
|
Why This Matters
System.Object[]
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA Baseline, FedRAMP Moderate, NIST 800-53 IA-2
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
CUSTOM-MFA-025 |
Guest User Access Not Properly Restricted
Validates guest user access controls and external collaboration settings
|
1
|
|
M
2-4 hrs
|
Why This Matters
Identity is the new security perimeter. Compromised credentials are involved in 80% of breaches - weak identity controls give attackers legitimate access to your systems.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
MANUAL-031 |
Virtual Machines TLS Configuration Insecure
Checks TLS configuration on Azure virtual machines for security compliance
|
1
|
|
M
2-4 hrs
|
Why This Matters
Sensitive data (customer info, financials, IP) could be leaked or stolen. Data breaches result in regulatory fines, lawsuits, and irreparable reputation damage.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
MANUAL-030 |
Suspicious Application Accessing SharePoint/OneDrive Files
Detects FileAccessed/FileAccessedExtended operations by suspicious or unauthorized applications (requires E5 license)
|
1
|
|
M
2-4 hrs
|
Why This Matters
Sensitive data (customer info, financials, IP) could be leaked or stolen. Data breaches result in regulatory fines, lawsuits, and irreparable reputation damage.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
CUSTOM-MFA-012 |
User Accounts Created via Email Verified Self-Service Creation Found
Recently a blog was published about a method of tenant takeover using expired domain registrations. This method relied on a domain registration expiring and the domain remaining associated with the Tenant. Monitoring account creation types can help detect and alert on attempts to exploit this attack path. Outlined in both Soteria's blog "Azure AD Default Configuration Blunders" and the newly published "LetItGo: A Case Study in Expired Domains and Azure AD" blog is the risk of allowing Microsoft's self-service sign-up for Azure Active Directory. Microsoft initially issued fixes for this attack between December 2021 and January 2022, but has since rolled back those efforts.
|
1
|
|
M
2-4 hrs
|
Why This Matters
Identity is the new security perimeter. Compromised credentials are involved in 80% of breaches - weak identity controls give attackers legitimate access to your systems.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
MANUAL-027 |
Suspicious OAuth2 Permission Grants or Application Consents
Detects OAuth2 permission grants or application consents which could indicate consent phishing or unauthorized data access
|
1
|
|
M
2-4 hrs
|
Why This Matters
This security finding indicates a gap in your security posture. Unaddressed security gaps accumulate risk and increase the likelihood of a successful attack.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
MANUAL-026 |
Suspicious Application Role Assignments
Detects app role assignments to service principals, users, or groups which could indicate privilege escalation
|
1
|
|
M
2-4 hrs
|
Why This Matters
This security finding indicates a gap in your security posture. Unaddressed security gaps accumulate risk and increase the likelihood of a successful attack.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
MANUAL-007 |
Expired Domain Registration Found
Recently a blog was published about a method of tenant takeover using expired domain registrations. This method relied on a domain registration expiring and the domain remaining associated with the Tenant. Monitoring domain registration for the organization can help detect and alert on attempts to exploit this attack path. Microsoft initially issued fixes for this attack between December 2021 and January 2022, but has since rolled back those efforts
|
1
|
|
M
2-4 hrs
|
Why This Matters
This security finding indicates a gap in your security posture. Unaddressed security gaps accumulate risk and increase the likelihood of a successful attack.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
MISC-029 |
Customer Lockbox Disabled
Customer Lockbox not enabled. Microsoft support has unrestricted access to tenant data.
|
1
|
ExchangeOnline |
M
2-4 hrs
|
Why This Matters
A critical security feature has been turned off, leaving your organization exposed. Security features exist for a reason - disabling them creates exploitable gaps that attackers actively look for.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: SOC2, HIPAA, ISO27001, GDPR, FedRAMP, HITRUST
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
MANUAL-020 |
Suspicious Outgoing Spam Messages Not Monitored
The Outbound Spam Policy allows for admins to be sent copies of suspected/suspicious outbound messages that may be spam. This configuration can be used to detect and alert administrators to potentially compromised or abused accounts.
|
1
|
|
M
2-4 hrs
|
Why This Matters
Compliance failures result in regulatory fines (up to 4% of global revenue for GDPR), audit failures, and loss of customer trust and business opportunities.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
MANUAL-008 |
eDiscovery Case Administrators
Microsoft Compliance Center eDiscovery provides a method for organizations to search and export content from Microsoft 365 and Office 365. eDiscovery searches are able to access all sources of information, including users' mailboxes to return the requested content. By default, no users are assigned the eDiscovery Administrator role and users may only access cases and searches that they have created.
|
1
|
|
M
2-4 hrs
|
Why This Matters
Compliance failures result in regulatory fines (up to 4% of global revenue for GDPR), audit failures, and loss of customer trust and business opportunities.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
CUSTOM-MFA-014 |
MSOnline (MSOL) PowerShell Module Enabled on Tenant
Microsoft's legacy Azure AD PowerShell Module MSOnline (MSOL) PowerShell is not disabled on the tenant. This module does not support Modern Authentication and is deprecated as of March 30, 2024 with no updates or support beyond migrating existing scripts and workloads to Microsoft Graph.
|
1
|
|
M
2-4 hrs
|
Why This Matters
Identity is the new security perimeter. Compromised credentials are involved in 80% of breaches - weak identity controls give attackers legitimate access to your systems.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
DNS-EMAIL-003 |
SPF Record Too Permissive
SPF record ends with '+all' or '~all' (soft fail), allowing any server to send email for this domain. This defeats the purpose of SPF protection.
|
1
|
DNS |
M
2-4 hrs
|
Why This Matters
System.Object[]
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Change SPF record to end with '-all' (hard fail) instead of '+all' or '~all'
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST, CIS, DMARC, FedRAMP, HITRUST
Technical Remediation:
Change SPF record to end with '-all' (hard fail) instead of '+all' or '~all'
|
| High |
MANUAL-015 |
Improper Number of Company/Global Administrators
It is recommended that two to four users be granted company or global administrative privileges. More than this amount may represent an unsafe distribution of privileges and increases the odds that an administrative account will be compromised by an adversary or otherwise misused. All of the users above have administrative privileges, which is outside the bounds of the recommendation.
|
1
|
|
M
2-4 hrs
|
Why This Matters
Azure/Entra ID is your identity foundation. Misconfigurations here affect every user and application in your organization.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
MANUAL-014 |
Outgoing Sharing Invitations are Not Monitored
SharePoint is the de-facto sharing and file management tool in the O365 suite. SharePoint provides administrators with the ability to record and monitor when their users have sent file sharing invitations to external users. This feature should be enabled, but it was detected as disabled. This feature could be vital in a detection or response capacity in cases where data was lost or shared inappropriately.
|
1
|
|
M
2-4 hrs
|
Why This Matters
This security finding indicates a gap in your security posture. Unaddressed security gaps accumulate risk and increase the likelihood of a successful attack.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SCUBA-EID-033 |
Service Principals With Expiring Credentials Not Monitored
Service principals with credentials expiring within 30 days can cause application outages if not renewed.
|
1
|
|
M
2-4 hrs
|
Why This Matters
Azure/Entra ID is your identity foundation. Misconfigurations here affect every user and application in your organization.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CIS M365, NIST 800-53
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SCUBA-EID-032 |
Users With Password Never Expires Set
User accounts with non-expiring passwords violate security best practices and compliance requirements.
|
1
|
|
M
2-4 hrs
|
Why This Matters
Azure/Entra ID is your identity foundation. Misconfigurations here affect every user and application in your organization.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CIS M365, NIST 800-53
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
CUSTOM-MFA-013 |
Users Allowed to Link Work Accounts to LinkedIn
Allowing users to link their organizational accounts to LinkedIn enables the sharing of data between the organization's Microsoft 365 tenant and LinkedIn. Depending on the options the user chooses, this connection may enable bidirectional sharing of the user's profile data, calendar information (including meeting names, times, locations, and attendees), Microsoft service usage data (termed 'Interests'), licensed features (apps and services offered by the organization), and contacts in Outlook, Skype, Microsoft Teams and other Microsoft services. The organization has no control over the option chosen, nor does the organization have any visibility into the option a user chooses. Any data synchronized to LinkedIn from a linked account persists on LinkedIn even after accounts are unlinked. This configuration is enabled by default and allows for the potential loss of sensitive information and enumeration of internal accounts, applications, and data.
|
1
|
|
M
2-4 hrs
|
Why This Matters
Identity is the new security perimeter. Compromised credentials are involved in 80% of breaches - weak identity controls give attackers legitimate access to your systems.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
MANUAL-089 |
Suspicious User Configuration Changes via Admin Cmdlets
Detects administrative cmdlets run against user objects via unified audit log (RecordType: ExchangeAdmin). This can indicate unauthorized privilege escalation, mailbox permission grants, or configuration tampering. HAWK forensic pattern.
|
1
|
|
M
2-4 hrs
|
Why This Matters
Privileged accounts are high-value targets. A compromised admin account gives attackers complete control over your environment.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
EXO-021 |
High Confidence Spam: Move to Junk (Weak)
High confidence spam is moved to Junk instead of Quarantine. Confirmed spam reaches users.
|
1
|
ExchangeOnline |
XS
15-60 min
|
Why This Matters
Email is the #1 attack vector - 90% of cyberattacks start with a phishing email. Weak email security enables credential theft, ransomware delivery, and business email compromise (BEC) fraud.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Automated Fix Available: This can be remediated using PowerShell. Your IT team can run the command shown below to fix this issue.
Recommended Action: Schedule this fix with your IT team. For Critical/High severity items, consider expedited change procedures.
Compliance Impact: This finding affects: SOC2, NIST, CIS, HIPAA
Technical Remediation:
Set-HostedContentFilterPolicy -Identity '<Name>' -HighConfidenceSpamAction Quarantine
|
| High |
MANUAL-084 |
Dynamic Group Membership Rules Using User-Modifiable Attributes
Entra ID dynamic group detected with membership rules based on user-modifiable attributes (city, jobTitle, department, givenName, displayName, etc.). Attackers with limited user permissions can modify their own profile attributes to gain membership in privileged groups, potentially escalating privileges or accessing sensitive resources.
|
1
|
|
M
2-4 hrs
|
Why This Matters
This security finding indicates a gap in your security posture. Unaddressed security gaps accumulate risk and increase the likelihood of a successful attack.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: Privilege Escalation Prevention, Identity Security, CIS M365 5.1.3.3
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
DNS-EMAIL-017 |
SPF Record Without Hard Fail
SPF record does not end with '-all' (hard fail). Unauthorized servers may still send email claiming to be from this domain.
|
1
|
DNS |
M
2-4 hrs
|
Why This Matters
System.Object[]
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Update SPF record to end with '-all' for hard fail protection
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST, CIS, DMARC, FedRAMP
Technical Remediation:
Update SPF record to end with '-all' for hard fail protection
|
| High |
MANUAL-112 |
External sharing SHALL be restricted to authenticated users only
CISA ScubaGear MS.SHAREPOINT.1.1v1: SharePoint and OneDrive external sharing SHALL be limited to 'Existing guests' or 'New and existing guests' to prevent anonymous file access.
|
1
|
|
M
2-4 hrs
|
Why This Matters
System.Object[]
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA Baseline, FedRAMP Moderate, NIST 800-53 AC-3
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SCUBA-EID-016 |
Global Administrator Role Assignments Exceed Best Practice Maximum
CISA MS.AAD.7.1v1: Between 2 and 8 users SHALL be provisioned with the Global Administrator role.
|
1
|
|
M
2-4 hrs
|
Why This Matters
Azure/Entra ID is your identity foundation. Misconfigurations here affect every user and application in your organization.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA Baseline, Federal Security Baseline, FedRAMP
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
EXO-016 |
Anti-Phishing Domain Impersonation Disabled
Domain impersonation protection is disabled. Attackers can use lookalike domains to phish users.
|
1
|
ExchangeOnline |
XS
15-60 min
|
Why This Matters
Email is the #1 attack vector - 90% of cyberattacks start with a phishing email. Weak email security enables credential theft, ransomware delivery, and business email compromise (BEC) fraud.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Automated Fix Available: This can be remediated using PowerShell. Your IT team can run the command shown below to fix this issue.
Recommended Action: Schedule this fix with your IT team. For Critical/High severity items, consider expedited change procedures.
Compliance Impact: This finding affects: SOC2, NIST, CIS, HIPAA, ISO27001, GDPR, FedRAMP, HITRUST
Technical Remediation:
Set-AntiPhishPolicy -Identity '<Name>' -EnableTargetedDomainsProtection $true
|
| High |
SCUBA-DEF-017 |
Unified Audit Logging Not Enabled for All Workloads
CISA MS.DEFENDER.6.1v1: Unified audit logging SHALL be enabled for all workloads.
|
1
|
|
M
2-4 hrs
|
Why This Matters
Microsoft Defender protections are not fully enabled. Without active threat protection, malware and phishing attacks can succeed.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA Baseline, Federal Security Baseline, FedRAMP
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
MANUAL-087 |
High Risk OAuth Consent: Files.* (OneDrive/SharePoint Access)
Detects OAuth consent grants with Files.* permissions (Files.Read, Files.ReadWrite, Files.ReadWrite.All). These permissions grant access to user files in OneDrive and SharePoint, enabling data exfiltration. HAWK forensic indicator - High Risk category.
|
1
|
|
M
2-4 hrs
|
Why This Matters
Applications with excessive permissions can access and exfiltrate data. Malicious or compromised apps are a growing attack vector.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
MANUAL-114 |
SharePoint access from unmanaged devices SHALL be blocked or limited
CISA ScubaGear MS.SHAREPOINT.3.1v1: Access to SharePoint and OneDrive from unmanaged devices SHALL be blocked or limited to browser-only (no download) to prevent data exfiltration.
|
1
|
|
M
2-4 hrs
|
Why This Matters
System.Object[]
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA Baseline, FedRAMP High, NIST 800-53 AC-19
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
MANUAL-125 |
Mailbox Audit Logging Not Enabled by Default
Mailbox audit logging is not enabled by default for all mailboxes. Audit logging tracks mailbox access, email deletions, permission changes, and other sensitive actions, providing critical forensic data for incident response and compliance requirements.
|
1
|
|
M
2-4 hrs
|
Why This Matters
System.Object[]
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO 27001, HIPAA, GDPR, FedRAMP
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SCUBA-DEF-018 |
Audit log retention must meet OMB M-21-31 requirements (12 months hot, 18 months cold)
CISA MS.DEFENDER.7.1v1: Audit log retention must be 12 months in hot storage and 18 months in cold storage per OMB Memorandum M-21-31 federal requirements.
|
1
|
|
M
2-4 hrs
|
Why This Matters
Microsoft Defender protections are not fully enabled. Without active threat protection, malware and phishing attacks can succeed.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA Baseline, Federal Security Baseline
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SCUBA-EID-012 |
Users Allowed to Register/Create Applications in Entra ID
CISA MS.AAD.5.1v1: Only administrators SHALL be allowed to register third-party applications.
|
1
|
|
M
2-4 hrs
|
Why This Matters
Azure/Entra ID is your identity foundation. Misconfigurations here affect every user and application in your organization.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA Baseline, Federal Security Baseline, FedRAMP
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
MANUAL-082 |
Federated Domain Detected Without Monitoring for STS Tampering
Domain is configured as Federated (using on-premises AD FS or third-party IdP). Federated authentication creates a high-value attack target. If the Security Token Service (STS) is compromised, attackers can forge SAML tokens (Golden SAML attack) to impersonate any user without needing passwords. The Invoke-ReconAsOutsider function identifies federated domains and their STS endpoints.
|
1
|
|
M
2-4 hrs
|
Why This Matters
This security finding indicates a gap in your security posture. Unaddressed security gaps accumulate risk and increase the likelihood of a successful attack.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: Federation Security, Identity Security, CISA Golden SAML
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
MANUAL-091 |
Named Locations Not Configured
No Named Locations are configured for Conditional Access policies. Named Locations enable location-based access controls and help identify trusted/untrusted network locations.
|
1
|
|
M
2-4 hrs
|
Why This Matters
This security finding indicates a gap in your security posture. Unaddressed security gaps accumulate risk and increase the likelihood of a successful attack.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA SCuBA, CIS M365 Foundation 1.1.4, NIST 800-53 AC-3, ISO 27001 A.13.1.1, CMMC L2, FedRAMP
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
SCUBA-DEF-034 |
Outbound Spam Notifications Not Configured
Outbound spam filter policies do not notify administrators when users exceed sending limits. This delays detection of compromised accounts actively sending spam, allowing attacks to continue unnoticed.
|
1
|
|
M
2-4 hrs
|
Why This Matters
This security finding indicates a gap in your security posture. Unaddressed security gaps accumulate risk and increase the likelihood of a successful attack.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CIS M365 Foundations, NIST 800-53, ISO 27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
MANUAL-093 |
FIDO2 Authentication Not Configured
FIDO2 security keys are not enabled as an authentication method. FIDO2 provides phishing-resistant passwordless authentication.
|
1
|
|
M
2-4 hrs
|
Why This Matters
Identity is the new security perimeter. Compromised credentials are involved in 80% of breaches - weak identity controls give attackers legitimate access to your systems.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA SCuBA, NIST 800-53 IA-5(2), NIST 800-63B AAL3, FedRAMP, CMMC L2
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
MANUAL-094 |
Microsoft Authenticator Not Configured
Microsoft Authenticator app is not enabled as an authentication method. Authenticator provides passwordless sign-in and push-based MFA.
|
1
|
|
M
2-4 hrs
|
Why This Matters
Identity is the new security perimeter. Compromised credentials are involved in 80% of breaches - weak identity controls give attackers legitimate access to your systems.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA SCuBA, CIS M365 Foundation 1.1.6, NIST 800-53 IA-5(1), FedRAMP, CMMC L2
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
MANUAL-103 |
Only administrators SHALL be allowed to register third-party applications
CISA ScubaGear MS.AAD.5.1v1: Standard users SHALL NOT be allowed to register custom or third-party applications in the tenant to prevent unauthorized application access.
|
1
|
|
M
2-4 hrs
|
Why This Matters
Azure/Entra ID is your identity foundation. Misconfigurations here affect every user and application in your organization.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA Baseline, FedRAMP Moderate, NIST 800-53 AC-2, CIS Microsoft 365 v3.0.0 1.2.1
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
MANUAL-096 |
Authorization Policy Allows User Consent
Authorization policy allows users to consent to applications accessing organizational data. This creates risk of malicious applications gaining access.
|
1
|
|
M
2-4 hrs
|
Why This Matters
Applications with excessive permissions can access and exfiltrate data. Malicious or compromised apps are a growing attack vector.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA SCuBA, CIS M365 Foundation 1.2.5, NIST 800-53 AC-6, ISO 27001 A.9.4.1, SOC2 CC6.1, CMMC L2, FedRAMP
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
MANUAL-129 |
iOS: Compliance Policy Not Assigned
iOS compliance policy exists but is not assigned to any users or groups, providing no protection for iOS devices.
|
1
|
|
M
2-4 hrs
|
Why This Matters
System.Object[]
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO 27001, HIPAA, CMMC, CIS Controls
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
MANUAL-101 |
SMS and Voice call authentication methods SHALL be restricted or disabled
CISA ScubaGear MS.AAD.3.5v1: SMS and Voice authentication methods SHALL be disabled or restricted to emergency access accounts only, as they are vulnerable to SIM swapping and interception attacks.
|
1
|
|
M
2-4 hrs
|
Why This Matters
System.Object[]
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA Baseline, FedRAMP High, NIST 800-53 IA-5(1)
Technical Remediation:
Work with your IT team to remediate this finding.
|
| High |
MANUAL-155 |
Mass File Download Detected
User downloaded large number of files in short timeframe. Potential data exfiltration or insider threat activity.
|
1
|
|
M
2-4 hrs
|
Why This Matters
Sensitive data (customer info, financials, IP) could be leaked or stolen. Data breaches result in regulatory fines, lawsuits, and irreparable reputation damage.
What Is The Risk
SEVERE RISK: This vulnerability significantly increases your attack surface. If exploited, could result in unauthorized access to sensitive data, regulatory fines ($100K-$1M+), or operational disruption lasting days to weeks.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO 27001, SOC2, HIPAA, GDPR
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
DEFENDER-189 |
IsBlocked Security Feature Disabled
Property 'IsBlocked' has value eq False which may indicate a security misconfiguration. Sample values observed: false
|
2,960
|
MicrosoftTeams |
L
4-8 hrs
|
Why This Matters
A critical security feature has been turned off, leaving your organization exposed. Security features exist for a reason - disabling them creates exploitable gaps that attackers actively look for.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Investigation Required: This finding needs human review to determine the appropriate action.
Recommended Action: Security team should review the affected items and determine if they are legitimate or require remediation.
Compliance Impact: This finding affects: SOC2, NIST, CIS, ISO27001, GDPR
Technical Remediation:
Review property 'IsBlocked' in MicrosoftTeams module. Consider enabling this security feature by setting the property to true.
|
| Medium |
MGU-091 |
User: No Authentication Methods Registered
User has no authentication methods registered. Cannot perform SSPR or MFA.
|
2,114
|
MicrosoftGraph.Users |
L
4-8 hrs
|
Why This Matters
A critical security feature has been turned off, leaving your organization exposed. Security features exist for a reason - disabling them creates exploitable gaps that attackers actively look for.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
IDENTITY-001 |
User Account: Dormant (No Sign-In >90 Days)
User account has not signed in for >90 days, creating credential stuffing risk and indicating potentially orphaned account
|
2,049
|
MicrosoftGraphUsers |
L
4-8 hrs
|
Why This Matters
Identity is the new security perimeter. Compromised credentials are involved in 80% of breaches - weak identity controls give attackers legitimate access to your systems.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Investigation Required: This finding needs human review to determine the appropriate action.
Recommended Action: Security team should review the affected items and determine if they are legitimate or require remediation.
Compliance Impact: This finding affects: CIS M365, NIST 800-53, CMMC, ISO27001, SOC2
Technical Remediation:
Review and disable dormant account: Disable-MgUser -UserId '<UserId>' or Remove-MgUser -UserId '<UserId>'
|
| Medium |
MGG-094 |
M365 Group: External Sharing Enabled
Microsoft 365 Group allows guest members. Review for data exposure risk.
|
1,606
|
MicrosoftGraph.Groups |
L
4-8 hrs
|
Why This Matters
A critical security feature has been turned off, leaving your organization exposed. Security features exist for a reason - disabling them creates exploitable gaps that attackers actively look for.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: SOC2, ISO27001, GDPR
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
MGG-093 |
Dynamic Security Group Membership
Security group uses dynamic membership rules. Misconfigured rules can grant unintended access.
|
1,606
|
MicrosoftGraph.Groups |
L
4-8 hrs
|
Why This Matters
A critical security feature has been turned off, leaving your organization exposed. Security features exist for a reason - disabling them creates exploitable gaps that attackers actively look for.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
DEFENDER-IR-007 |
Incident Classification Rate Below 80%
Less than 80% of incidents have been classified, indicating incomplete incident investigation and triage processes
|
1,551
|
MicrosoftDefender |
L
4-8 hrs
|
Why This Matters
Incident response capabilities are limited. When (not if) a breach occurs, slow response dramatically increases damage and recovery costs.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Establish classification procedures. Train SOC analysts on classification criteria. Use automated classification where possible. Track classification KPIs.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO 27001, SOC2
Technical Remediation:
Establish classification procedures. Train SOC analysts on classification criteria. Use automated classification where possible. Track classification KPIs.
|
| Medium |
MAIL-007 |
MailEnabled Security Feature Disabled
Property 'MailEnabled' has value eq False which may indicate a security misconfiguration. Sample values observed: false, true
|
1,145
|
MicrosoftGraphGroups |
L
4-8 hrs
|
Why This Matters
A critical security feature has been turned off, leaving your organization exposed. Security features exist for a reason - disabling them creates exploitable gaps that attackers actively look for.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Investigation Required: This finding needs human review to determine the appropriate action.
Recommended Action: Security team should review the affected items and determine if they are legitimate or require remediation.
Compliance Impact: This finding affects: SOC2, NIST, CIS, ISO27001, GDPR
Technical Remediation:
Review property 'MailEnabled' in MicrosoftGraphGroups module. Consider enabling this security feature by setting the property to true.
|
| Medium |
EXO-072 |
Mailbox Delegate Permissions: Full Access Granted
Full mailbox access delegated to other users. Review for business justification.
|
921
|
ExchangeOnline |
M
2-4 hrs
|
Why This Matters
A critical security feature has been turned off, leaving your organization exposed. Security features exist for a reason - disabling them creates exploitable gaps that attackers actively look for.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: SOC2, HIPAA, ISO27001, GDPR
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
DEFENDER-557 |
accountEnabled Security Feature Disabled
Property 'accountEnabled' has value eq False which may indicate a security misconfiguration. Sample values observed: false, null, true
|
677
|
MicrosoftGraphUsers |
M
2-4 hrs
|
Why This Matters
A critical security feature has been turned off, leaving your organization exposed. Security features exist for a reason - disabling them creates exploitable gaps that attackers actively look for.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Investigation Required: This finding needs human review to determine the appropriate action.
Recommended Action: Security team should review the affected items and determine if they are legitimate or require remediation.
Compliance Impact: This finding affects: SOC2, NIST, CIS, ISO27001, GDPR
Technical Remediation:
Review property 'accountEnabled' in MicrosoftGraphUsers module. Consider enabling this security feature by setting the property to true.
|
| Medium |
EXO-064 |
POP3 Protocol Enabled
POP3 protocol enabled, bypassing Modern Authentication and MFA protections.
|
499
|
ExchangeOnline |
M
2-4 hrs
|
Why This Matters
A critical security feature has been turned off, leaving your organization exposed. Security features exist for a reason - disabling them creates exploitable gaps that attackers actively look for.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST, CIS, ISO27001, FedRAMP
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
EXO-063 |
IMAP Protocol Enabled
IMAP protocol enabled, bypassing Modern Authentication and MFA protections.
|
499
|
ExchangeOnline |
M
2-4 hrs
|
Why This Matters
A critical security feature has been turned off, leaving your organization exposed. Security features exist for a reason - disabling them creates exploitable gaps that attackers actively look for.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST, CIS, ISO27001, FedRAMP
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
EXO-132 |
Litigation Hold Not Enabled
Litigation hold is not enabled on mailboxes. Data may be permanently deleted.
|
492
|
ExchangeOnline |
M
2-4 hrs
|
Why This Matters
A critical security feature has been turned off, leaving your organization exposed. Security features exist for a reason - disabling them creates exploitable gaps that attackers actively look for.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: SOC2, HIPAA, ISO27001, GDPR, FedRAMP, HITRUST, PCI-DSS
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
MGG-095 |
SecurityEnabled Security Feature Disabled
Property 'SecurityEnabled' has value eq False which may indicate a security misconfiguration. Sample values observed: true, false
|
451
|
MicrosoftGraphGroups |
M
2-4 hrs
|
Why This Matters
A critical security feature has been turned off, leaving your organization exposed. Security features exist for a reason - disabling them creates exploitable gaps that attackers actively look for.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Investigation Required: This finding needs human review to determine the appropriate action.
Recommended Action: Security team should review the affected items and determine if they are legitimate or require remediation.
Compliance Impact: This finding affects: SOC2, NIST, CIS, ISO27001, GDPR
Technical Remediation:
Review property 'SecurityEnabled' in MicrosoftGraphGroups module. Consider enabling this security feature by setting the property to true.
|
| Medium |
SECURESCORE-M365-MDA_SNOW_cauthRequiredScriptedProcessor |
Enable script request authorization
Secure Score control not implemented. This remediation enforces the basic authentication while processing script requests on the instance.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Cloud applications handle sensitive business data. Without proper security controls, data can be accessed by unauthorized users or exfiltrated to external locations.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-admincenter_owned_apps_and_services |
Ensure 'User owned apps and services' is restricted
Secure Score control not implemented. Implementation of this change will impact both end users and administrators. End users will not be able to install add-ins that they may want to install.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
This security finding indicates a gap in your security posture. Unaddressed security gaps accumulate risk and increase the likelihood of a successful attack.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-MDA_SF_forceRelogin |
Force (admin) relogin after Login-As-User
Secure Score control not implemented. Your users will not be impacted by this setting.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Cloud applications handle sensitive business data. Without proper security controls, data can be accessed by unauthorized users or exfiltrated to external locations.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-MDA_SF_enableCSRFOnGet |
Enable CSRF protection on GET requests on non-setup pages
Secure Score control not implemented. Your users will not be impacted by this setting.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Cloud applications handle sensitive business data. Without proper security controls, data can be accessed by unauthorized users or exfiltrated to external locations.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-MDA_SF_enableCSPOnEmail |
Enable Content Security Policy protection for email templates
Secure Score control not implemented. Your users will not be impacted by this setting.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Cloud applications handle sensitive business data. Without proper security controls, data can be accessed by unauthorized users or exfiltrated to external locations.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-MDA_SF_enableCSRFOnPost |
Enable CSRF protection on POST requests on non-setup pages
Secure Score control not implemented. Your users will not be impacted by this setting.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Cloud applications handle sensitive business data. Without proper security controls, data can be accessed by unauthorized users or exfiltrated to external locations.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-MDA_SF_enableContentSniffingProtection |
Enable Content Sniffing protection
Secure Score control not implemented. Your users will not be impacted by this setting.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Cloud applications handle sensitive business data. Without proper security controls, data can be accessed by unauthorized users or exfiltrated to external locations.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-MDA_SF_enableClickjackSetup |
Enable clickjack protection for Setup pages
Secure Score control not implemented. Your users will not be impacted by this setting.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Cloud applications handle sensitive business data. Without proper security controls, data can be accessed by unauthorized users or exfiltrated to external locations.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-CustomerLockBoxEnabled |
Ensure the customer lockbox feature is enabled
Secure Score control not implemented. Until the request is approved, the Microsoft engineer will not be granted access to customer data.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Email is the #1 attack vector - 90% of cyberattacks start with a phishing email. Weak email security enables credential theft, ransomware delivery, and business email compromise (BEC) fraud.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-MDA_SF_enableClickjackNonsetupUser |
Enable clickjack protection for customer VisualForce pages with standard headers
Secure Score control not implemented. Your users will not be impacted by this setting.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Cloud applications handle sensitive business data. Without proper security controls, data can be accessed by unauthorized users or exfiltrated to external locations.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-MDA_SF_password_questionRestriction |
Password question requirement
Secure Score control not implemented. User will not be allowed to contain password in the password question.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Cloud applications handle sensitive business data. Without proper security controls, data can be accessed by unauthorized users or exfiltrated to external locations.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-MDA_SF_requireHttpOnly |
Require HttpOnly attribute
Secure Score control not implemented. If you have a custom or packaged application that uses JavaScript to access session ID cookies, selecting Require HttpOnly attribute breaks your application. It denies the application access to the cookie. Also if you select this setting, the AJAX Toolkit debugging window isn’t available.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Cloud applications handle sensitive business data. Without proper security controls, data can be accessed by unauthorized users or exfiltrated to external locations.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-MDA_Atlassian_mobile_UsersAffected |
Atlassian mobile app security - Users that are affected by policies
Secure Score control not implemented. If your policy applies to all users - both managed and unmanaged - within your organization, including any new users that are added after the policy is created.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Cloud applications handle sensitive business data. Without proper security controls, data can be accessed by unauthorized users or exfiltrated to external locations.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-MDA_SF_password_minimumPasswordLength |
Minimum password length
Secure Score control not implemented. Your users must set passwword at least in this length.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Cloud applications handle sensitive business data. Without proper security controls, data can be accessed by unauthorized users or exfiltrated to external locations.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-MDA_CitrixSF_MinimumLength |
Enable password minimum length
Secure Score control not implemented. This setting enforce minimum characters length for password for all Citrix Share File users.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Cloud applications handle sensitive business data. Without proper security controls, data can be accessed by unauthorized users or exfiltrated to external locations.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-MDA_CitrixSF_MinimumNumeric |
Enable password minimum numeric characters
Secure Score control not implemented. This setting enforce minimum numeric characters for password for all Citrix Share File users.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Cloud applications handle sensitive business data. Without proper security controls, data can be accessed by unauthorized users or exfiltrated to external locations.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-MDA_CitrixSF_MinimumSpecialCharacters |
Enable password minimum special characters
Secure Score control not implemented. This setting enforce minimum special characters for password for all Citrix Share File users.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Cloud applications handle sensitive business data. Without proper security controls, data can be accessed by unauthorized users or exfiltrated to external locations.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-MDA_CitrixSF_PasswordMaxAgeDays |
Enable password expiration policies
Secure Score control not implemented. This setting enforce password expiry time in days for all Citrix Share File users.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Cloud applications handle sensitive business data. Without proper security controls, data can be accessed by unauthorized users or exfiltrated to external locations.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-McasFirewallLogUpload |
Deploy a log collector to discover shadow IT activity
Secure Score control not implemented. This change has no known impact on your users.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Cloud applications handle sensitive business data. Without proper security controls, data can be accessed by unauthorized users or exfiltrated to external locations.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-MDA_DocuSign_EnhancedPassword |
Enhance password requirements
Secure Score control not implemented. This setting enforce enhanced password requirements in users' next signin.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Cloud applications handle sensitive business data. Without proper security controls, data can be accessed by unauthorized users or exfiltrated to external locations.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-IntegratedApps |
Ensure user consent to apps accessing company data on their behalf is not allowed
Secure Score control not implemented. When the consent policy is triggered, users cannot consent to unreliable apps. However, if the admin consent request is configured, it gives admins a secure way to review apps before granting access.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Identity is the new security perimeter. Compromised credentials are involved in 80% of breaches - weak identity controls give attackers legitimate access to your systems.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-MDA_DocuSign_PasswordExpires |
Password expiry requirements
Secure Score control not implemented. This settings specified password expiry requirements.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Cloud applications handle sensitive business data. Without proper security controls, data can be accessed by unauthorized users or exfiltrated to external locations.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-MDA_SF_password_historyRestriction |
Enforce password history
Secure Score control not implemented. Your users could not set new password that was already used in the last 3 times.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Cloud applications handle sensitive business data. Without proper security controls, data can be accessed by unauthorized users or exfiltrated to external locations.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-exo_transportrulesallowlistdomains |
Ensure Spam confidence level (SCL) is configured in mail transport rules with specific domains
Secure Score control not implemented. Care should be taken before implementation to ensure there is no business need for case-by-case allow-listing. Modifying allow-listed domains could affect incoming mail flow to an organization although modern systems sending legitimate mail should have no issue with this. Note - While specifying the action for each domain, some options may entirely block mail from this domain
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Email is the #1 attack vector - 90% of cyberattacks start with a phishing email. Weak email security enables credential theft, ransomware delivery, and business email compromise (BEC) fraud.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-MDA_GitHub_DependencyInsights |
Disable 'Allow members to view dependency insights'
Secure Score control not implemented. This setting blocks users from seeing dependencies insights for their repositories.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Cloud applications handle sensitive business data. Without proper security controls, data can be accessed by unauthorized users or exfiltrated to external locations.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-MDA_GitHub_EmailNotificationRestrictedToVerifiedOrApprovedDomains |
Enabled 'email notification delivery for this enterprise is restricted to verified or approved domains'
Secure Score control not implemented. This setting restricts email notifications only to verified or approved domains.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Cloud applications handle sensitive business data. Without proper security controls, data can be accessed by unauthorized users or exfiltrated to external locations.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-MDA_GitHub_IPallowListConfigurationForOrgResources |
Enforce IP allow list configuration for org resources
Secure Score control not implemented. This setting blocks users to login from specific IP addresses.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Cloud applications handle sensitive business data. Without proper security controls, data can be accessed by unauthorized users or exfiltrated to external locations.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-BlockLegacyAuthentication |
Enable Conditional Access policies to block legacy authentication
Secure Score control not implemented. Users accessing apps that don't support modern authentication will no longer be able to access them with this policy enabled.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Identity is the new security perimeter. Compromised credentials are involved in 80% of breaches - weak identity controls give attackers legitimate access to your systems.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-MDA_SF_password_complexity |
Password complexity requirement
Secure Score control not implemented. Your users must have complexed passwords.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Cloud applications handle sensitive business data. Without proper security controls, data can be accessed by unauthorized users or exfiltrated to external locations.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-MDA_SF_enableClickjackNonsetupSFDC |
Enable clickjack protection for non-Setup for Salesforce pages
Secure Score control not implemented. Your users will not be impacted by this setting.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Cloud applications handle sensitive business data. Without proper security controls, data can be accessed by unauthorized users or exfiltrated to external locations.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-MDA_SF_enableCacheAndAutocomplete |
Disable Caching and Autocomplete on Login Page via Session settings
Secure Score control not implemented. If enabled, after initial login, usernames are automatically populated into the <b>Username</b> field on the login page. If the user selects <b>Remember me</b> on the login page, the username persists after the session expires or the user logs out. The username also displays on the Switcher.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Cloud applications handle sensitive business data. Without proper security controls, data can be accessed by unauthorized users or exfiltrated to external locations.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-MDA_SF_enableAdminLoginAsAnyUser |
Disable Administrators Can Log In As Any User
Secure Score control not implemented. You users must grant access before admins can log into their users.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Cloud applications handle sensitive business data. Without proper security controls, data can be accessed by unauthorized users or exfiltrated to external locations.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-MDA_Okta_PasswordExpires |
Password expiry requirements
Secure Score control not implemented. This settings specified password expiry requirements.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Cloud applications handle sensitive business data. Without proper security controls, data can be accessed by unauthorized users or exfiltrated to external locations.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-MDA_SF_enableClickjackNonsetupUserHeaderless |
Enable clickjack protection for customer VisualForce pages with headers disabled
Secure Score control not implemented. Your users will not be impacted by this setting.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Cloud applications handle sensitive business data. Without proper security controls, data can be accessed by unauthorized users or exfiltrated to external locations.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-MDA_Okta_EnhancedPassword |
Enhance password requirements
Secure Score control not implemented. This setting enforce enhanced password requirements in users' next signin.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Cloud applications handle sensitive business data. Without proper security controls, data can be accessed by unauthorized users or exfiltrated to external locations.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-exo_mailtipsenabled |
Ensure MailTips are enabled for end users
Secure Score control not implemented. Setting up MailTips gives a visual aid to users when they send emails to large groups of recipients or send emails to recipients not within the tenant.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Email is the #1 attack vector - 90% of cyberattacks start with a phishing email. Weak email security enables credential theft, ransomware delivery, and business email compromise (BEC) fraud.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-MDA_GitHub_SAML |
Enable single sign on (SSO)
Secure Score control not implemented. This setting enforce Single Sing On (SSO) for all GitHub users.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Cloud applications handle sensitive business data. Without proper security controls, data can be accessed by unauthorized users or exfiltrated to external locations.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-MDA_GitHub_PublicRepoCreation |
Disable 'Members will be able to create public repositories, visible to anyone'
Secure Score control not implemented. This setting blocks users from creating public repositories.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Cloud applications handle sensitive business data. Without proper security controls, data can be accessed by unauthorized users or exfiltrated to external locations.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-exo_oauth2clientprofileenabled |
Ensure modern authentication for Exchange Online is enabled
Secure Score control not implemented. Users of older email clients, such as Outlook 2013 and Outlook 2016, will no longer be able to authenticate to Exchange using Basic Authentication, which will necessitate migration to modern authentication practices.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Email is the #1 attack vector - 90% of cyberattacks start with a phishing email. Weak email security enables credential theft, ransomware delivery, and business email compromise (BEC) fraud.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-exo_outlookaddins |
Ensure users installing Outlook add-ins is not allowed
Secure Score control not implemented. Implementing this change will impact both end users and administrators. End users will be unable to integrate third-party applications they desire, and administrators may receive requests to grant permission for necessary third-party apps</p>
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Email is the #1 attack vector - 90% of cyberattacks start with a phishing email. Weak email security enables credential theft, ransomware delivery, and business email compromise (BEC) fraud.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-MDA_GitHub_OutsideCollabInvitation |
Disable 'Allow repository administrators to invite outside collaborators to repositories for this organization
Secure Score control not implemented. This setting blocks repositories admins to add outside collaborators.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Cloud applications handle sensitive business data. Without proper security controls, data can be accessed by unauthorized users or exfiltrated to external locations.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-exo_mailboxaudit |
Ensure mailbox auditing for all users is Enabled
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Email is the #1 attack vector - 90% of cyberattacks start with a phishing email. Weak email security enables credential theft, ransomware delivery, and business email compromise (BEC) fraud.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-MDA_SF_password_obscureSecretAnswer |
Obscure secret answer for password resets
Secure Score control not implemented. Your users will not see their answers to their security questions password reset when typing.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Cloud applications handle sensitive business data. Without proper security controls, data can be accessed by unauthorized users or exfiltrated to external locations.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-MDA_SNOW_enablePasswordPolicy |
Enable Password Reset Policy Checks
Secure Score control not implemented. Setting the property to true turns on password policy checks when a user resets their password.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Cloud applications handle sensitive business data. Without proper security controls, data can be accessed by unauthorized users or exfiltrated to external locations.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-AATP_Sensor |
Install Defender for Identity Sensor on all Domain Controllers
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Your ability to detect and respond to threats is compromised. Without proper threat protection, attacks can persist undetected for months.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-mip_search_auditlog |
Ensure Microsoft 365 audit log search is Enabled
Secure Score control not implemented. None.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Sensitive data (customer info, financials, IP) could be leaked or stolen. Data breaches result in regulatory fines, lawsuits, and irreparable reputation damage.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-mip_purviewlabelconsent |
Extend M365 sensitivity labeling to assets in Microsoft Purview data map
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Sensitive data (customer info, financials, IP) could be leaked or stolen. Data breaches result in regulatory fines, lawsuits, and irreparable reputation damage.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-mip_management_API_enabled_four_workloads |
Ensure Office 365 Management Activity API is Enabled for some workloads (see description)
Secure Score control not implemented. None.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Sensitive data (customer info, financials, IP) could be leaked or stolen. Data breaches result in regulatory fines, lawsuits, and irreparable reputation damage.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-mip_DLP_policies_Teams |
Ensure DLP policies are enabled for Microsoft Teams
Secure Score control not implemented. Enabling a Teams DLP policy will allow sensitive data in Teams channels or chat messages to be detected or blocked.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Sensitive data (customer info, financials, IP) could be leaked or stolen. Data breaches result in regulatory fines, lawsuits, and irreparable reputation damage.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-mip_autosensitivitylabelspolicies |
Ensure that Auto-labeling data classification policies are set up and used
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Sensitive data (customer info, financials, IP) could be leaked or stolen. Data breaches result in regulatory fines, lawsuits, and irreparable reputation damage.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-meeting_restrictanonymousjoin_v1 |
Restrict anonymous users from joining meetings
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Collaboration tools contain sensitive conversations and documents. Weak security enables data leaks and unauthorized access to confidential information.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-meeting_pstnusersbypasslobby_v1 |
Restrict dial-in users from bypassing a meeting lobby
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Collaboration tools contain sensitive conversations and documents. Weak security enables data leaks and unauthorized access to confidential information.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-meeting_externalrequestcontrol_v1 |
Limit external participants from having control in a Teams meeting
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Collaboration tools contain sensitive conversations and documents. Weak security enables data leaks and unauthorized access to confidential information.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-meeting_designatedpresenter_v1 |
Configure which users are allowed to present in Teams meetings
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Collaboration tools contain sensitive conversations and documents. Weak security enables data leaks and unauthorized access to confidential information.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-AATP_Vpn |
Configure VPN integration
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Your ability to detect and respond to threats is compromised. Without proper threat protection, attacks can persist undetected for months.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-meeting_anonymousstartmeeting_v1 |
Restrict anonymous users from starting Teams meetings
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Collaboration tools contain sensitive conversations and documents. Weak security enables data leaks and unauthorized access to confidential information.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-mdo_zapspam |
Create zero-hour auto purge policies for spam messages
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Email is the #1 attack vector - 90% of cyberattacks start with a phishing email. Weak email security enables credential theft, ransomware delivery, and business email compromise (BEC) fraud.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-mdo_zapphish |
Create zero-hour auto purge policies for phishing messages
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Email is the #1 attack vector - 90% of cyberattacks start with a phishing email. Weak email security enables credential theft, ransomware delivery, and business email compromise (BEC) fraud.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-mdo_unusualcharacterssafetytips |
Enable the user impersonation unusual characters safety tip 
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Email is the #1 attack vector - 90% of cyberattacks start with a phishing email. Weak email security enables credential theft, ransomware delivery, and business email compromise (BEC) fraud.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-mdo_thresholdreachedaction |
Block users who reached the message limit
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Email is the #1 attack vector - 90% of cyberattacks start with a phishing email. Weak email security enables credential theft, ransomware delivery, and business email compromise (BEC) fraud.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-mip_sensitivitylabelspolicies |
Publish M365 sensitivity label data classification policies
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Sensitive data (customer info, financials, IP) could be leaked or stolen. Data breaches result in regulatory fines, lawsuits, and irreparable reputation damage.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-mdo_spam_notifications_only_for_admins |
Ensure Exchange Online Spam Policies are set to notify administrators
Secure Score control not implemented. If the recommendation is applied, group owners could receive more access requests than usual, especially regarding groups originally meant to be public.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Email is the #1 attack vector - 90% of cyberattacks start with a phishing email. Weak email security enables credential theft, ransomware delivery, and business email compromise (BEC) fraud.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-OneAdmin |
Designate more than one global admin
Secure Score control not implemented. Admins with global admin roles will have access to all administrative features including the ability to assign admin roles to other users. They should have more secure account authentication, like multifactor authentication, to protect these extra privileges from attackers.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Identity is the new security perimeter. Compromised credentials are involved in 80% of breaches - weak identity controls give attackers legitimate access to your systems.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-RoleOverlap |
Use least privileged administrative roles
Secure Score control not implemented. If an admin is assigned a more limited administrator role, they will lose some of the privileges that they had before. Make sure that these users have enough privileges to complete their day-to-day work.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Identity is the new security perimeter. Compromised credentials are involved in 80% of breaches - weak identity controls give attackers legitimate access to your systems.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-scid_59 |
Enable 'Require domain users to elevate when setting a network's location'
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-scid_49 |
Disable Microsoft Defender Firewall notifications when programs are blocked for Public profile
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-scid_46 |
Disable Microsoft Defender Firewall notifications when programs are blocked for Private profile
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-scid_43 |
Disable Microsoft Defender Firewall notifications when programs are blocked for Domain profile
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-scid_40 |
Disable 'Domain member: Disable machine account password changes'
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-SelfServicePasswordReset |
Ensure 'Self service password reset enabled' is set to 'All'
Secure Score control not implemented. Users will be able to self-service password reset in Microsoft Entra ID and no longer need to engage help desk.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Identity is the new security perimeter. Compromised credentials are involved in 80% of breaches - weak identity controls give attackers legitimate access to your systems.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-SigninRiskPolicy |
Enable Microsoft Entra ID Identity Protection sign-in risk policies
Secure Score control not implemented. When the policy triggers, the user will need MFA to access the account. If a user hasn't registered for MFA, they’re blocked from accessing their account. If account access is blocked, an admin would need to recover the account.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Identity is the new security perimeter. Compromised credentials are involved in 80% of breaches - weak identity controls give attackers legitimate access to your systems.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-spo_block_onedrive_sync_unmanaged_devices |
Block OneDrive for Business sync from unmanaged devices
Secure Score control not implemented. Enabling this feature will prevent users from using the OneDrive for Business Sync client on devices that are not joined to the domains that were defined
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
SharePoint stores critical business documents. Misconfigured permissions can expose sensitive data to unauthorized users or the public internet.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-spo_external_sharing_managed |
Ensure SharePoint external sharing is managed through domain whitelist/blacklists
Secure Score control not implemented. Enabling this feature will prevent users from sharing documents with domains outside of the organization unless allowed.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
SharePoint stores critical business documents. Misconfigured permissions can expose sensitive data to unauthorized users or the public internet.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-spo_external_users_sharing |
Ensure that SharePoint guest users cannot share items they don't own
Secure Score control not implemented. Impact associated with this change is highly dependent upon current practices. If users do not regularly share with external parties, then minimal impact is likely. However, if users do regularly share with guests/externally, minimum impacts could occur as those external users will be unable to 're-share' content
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
SharePoint stores critical business documents. Misconfigured permissions can expose sensitive data to unauthorized users or the public internet.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-spo_idle_session_timeout |
Sign out inactive users in SharePoint Online
Secure Score control not implemented. When a user is inactive in SharePoint and OneDrive for a period of time that you specify, a notification message will appear. If users don't select “Continue”, they're automatically signed out.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
SharePoint stores critical business documents. Misconfigured permissions can expose sensitive data to unauthorized users or the public internet.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-spo_legacy_auth |
Ensure modern authentication for SharePoint applications is required
Secure Score control not implemented. Implementation of modern authentication for SharePoint will require users to authenticate to SharePoint using modern authentication. This may cause a minor impact to typical user behavior.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
SharePoint stores critical business documents. Misconfigured permissions can expose sensitive data to unauthorized users or the public internet.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-sway_block_sharing_with_outside_users |
Ensure that Sways cannot be shared with people outside of your organization
Secure Score control not implemented. Interactive reports, presentations, newsletters and other items created in Sway will not be shared outside the organization by users.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Collaboration tools contain sensitive conversations and documents. Weak security enables data leaks and unauthorized access to confidential information.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-scid_23 |
Enable 'Block third party cookies'
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Endpoints (computers, phones, tablets) are the front line of your security. Unprotected endpoints give attackers direct access to your network and data.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-UserRiskPolicy |
Enable Microsoft Entra ID Identity Protection user risk policies
Secure Score control not implemented. When the policy triggers, access to the account will either be blocked or the user would be required to use multifactor authentication and change their password. Users who haven't registered MFA on their account will be blocked from accessing it. If account access is blocked, an admin would need to recover the account. Thus, it is important to configure the MFA registration policy for all users who are a part of the user risk policy to ensure that they have registered MFA.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Identity is the new security perimeter. Compromised credentials are involved in 80% of breaches - weak identity controls give attackers legitimate access to your systems.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-PWAgePolicyNew |
Ensure the 'Password expiration policy' is set to 'Set passwords to never expire (recommended)'
Secure Score control not implemented. Your users will no longer need to periodically create new passwords.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Identity is the new security perimeter. Compromised credentials are involved in 80% of breaches - weak identity controls give attackers legitimate access to your systems.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-mdo_similaruserssafetytips |
Enable the user impersonation safety tip
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Email is the #1 attack vector - 90% of cyberattacks start with a phishing email. Weak email security enables credential theft, ransomware delivery, and business email compromise (BEC) fraud.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-meeting_autoadmitusers_v1 |
Only invited users should be automatically admitted to Teams meetings
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Collaboration tools contain sensitive conversations and documents. Weak security enables data leaks and unauthorized access to confidential information.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-mdo_safelinksforOfficeApps |
Ensure Safe Links for Office Applications is Enabled
Secure Score control not implemented. User impact associated with this change is minor - users may experience a very short delay when clicking on URLs in Office documents before being directed to the requested site. Users should be informed of the change as, in the event a link is unsafe and blocked, they will receive a message that it has been blocked.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Email is the #1 attack vector - 90% of cyberattacks start with a phishing email. Weak email security enables credential theft, ransomware delivery, and business email compromise (BEC) fraud.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-MDA_SNOW_uiSessionTimeout |
Enable session activity timeout
Secure Score control not implemented. This remediation enforces timely expiration of user account.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Cloud applications handle sensitive business data. Without proper security controls, data can be accessed by unauthorized users or exfiltrated to external locations.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-MDA_SNOW_systemSecurity |
Activate security jump start (ACL rules) plugin
Secure Score control not implemented. There is significant functional impact if this plugin is installed without auditing of the existing ACLs on the instance. Customer is required to outreach ServiceNow before the remediation can occur.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Cloud applications handle sensitive business data. Without proper security controls, data can be accessed by unauthorized users or exfiltrated to external locations.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-MDA_SNOW_sncUserLockoutCheck |
Enable managing failed login attempts
Secure Score control not implemented. This remediation would enable administrator of the instance to monitor and report any malicious user access.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Cloud applications handle sensitive business data. Without proper security controls, data can be accessed by unauthorized users or exfiltrated to external locations.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-AATP_HoneyToken |
Set a honeytoken account
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Your ability to detect and respond to threats is compromised. Without proper threat protection, attacks can persist undetected for months.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-mdo_similardomainssafetytips |
Enable the domain impersonation safety tip
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Email is the #1 attack vector - 90% of cyberattacks start with a phishing email. Weak email security enables credential theft, ransomware delivery, and business email compromise (BEC) fraud.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-AATP_EntraConnectComputersWithNoMdiSensorInstalled |
Install Defender for Identity Sensor on Entra Connect servers
Secure Score control not implemented. This change has no known impact on your users.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Your ability to detect and respond to threats is compromised. Without proper threat protection, attacks can persist undetected for months.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-MDA_SNOW_scriptSecureAjaxgliderecord |
Apply access control rule (ACL) validation when server-side records are accessed using GlideAjax APIs within a client script
Secure Score control not implemented. This remediation enforces the ACL relationship with server-side records when the requests are made using the AJAXGlideRecord API calls. If the ACL configuration is not properly configured, then there is potential impact.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Cloud applications handle sensitive business data. Without proper security controls, data can be accessed by unauthorized users or exfiltrated to external locations.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-MDA_SNOW_scriptCcsiIsPublic |
Set client-callable script includes to private
Secure Score control not implemented. Privacy on client-callable script includes.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Cloud applications handle sensitive business data. Without proper security controls, data can be accessed by unauthorized users or exfiltrated to external locations.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-aad_admin_accounts_separate_unassigned_cloud_only |
Ensure Administrative accounts are separate and cloud-only
Secure Score control not implemented. Administrative users will have to switch accounts and utilizing login/logout functionality when performing Administrative tasks, as well as not benefiting from SSO.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Identity is the new security perimeter. Compromised credentials are involved in 80% of breaches - weak identity controls give attackers legitimate access to your systems.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-aad_limited_administrative_roles |
Ensure 'Microsoft Azure Management' is limited to administrative roles
Secure Score control not implemented. <p>Because the policy is applied to the Azure management portal and API, services, or clients with an Azure API service dependency, can indirectly be impacted. For example:</p> <ul> <li>Classic deployment model APIs</li> <li>Azure PowerShell</li> <li>Azure CLI</li> <li>Azure DevOps</li> <li>Azure Data Factory portal</li> <li>Azure Event Hubs</li> <li>Azure Service Bus</li> <li>Azure SQL Database</li> <li>SQL Managed Instance</li> <li>Azure Synapse</li> <li>Visual Studio subscriptions administrator portal</li> <li>Microsoft IoT Central</li> </ul>
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Identity is the new security perimeter. Compromised credentials are involved in 80% of breaches - weak identity controls give attackers legitimate access to your systems.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-aad_linkedin_connection_disables |
Ensure 'LinkedIn account connections' is disabled
Secure Score control not implemented. Users will not be able to sync contacts or use LinkedIn integration.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Identity is the new security perimeter. Compromised credentials are involved in 80% of breaches - weak identity controls give attackers legitimate access to your systems.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-aad_managed_approved_public_groups_only |
Ensure that only organizationally managed/approved public groups exist
Secure Score control not implemented. If the recommendation is applied, group owners could receive more access requests than usual, especially regarding groups originally meant to be public.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Identity is the new security perimeter. Compromised credentials are involved in 80% of breaches - weak identity controls give attackers legitimate access to your systems.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-AATP_AdcsComputersWithNoMdiSensorInstalled |
Install Defender for Identity Sensor on ADCS servers
Secure Score control not implemented. This change has no known impact on your users.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Your ability to detect and respond to threats is compromised. Without proper threat protection, attacks can persist undetected for months.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-AATP_EntraConnectAccountsWithConnectorAccountAsDefaultAdmin |
Replace Enterprise or Domain Admin account for Entra Connect AD DS Connector account
Secure Score control not implemented. According to Entra best practice, starting with build 1.4.###.#, Enterprise Admin and Domain Admin accounts can no longer be used as the AD DS Connector account to improve security. Go to the <a href='https://learn.microsoft.com/en-us/entra/identity/hybrid/connect/reference-connect-accounts-permissions#accounts-used-for-microsoft-entra-connect' target='_blank'> Accounts used for Microsoft Entra connect</a> for more details. This prevents over-privileging the connector account, reducing the risk of domain-wide compromise if the account is attacked. Users must now create or assign a lower-privileged account specifically for directory synchronization, ensuring better adherence to the principle of least privilege and protecting critical admin accounts.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Your ability to detect and respond to threats is compromised. Without proper threat protection, attacks can persist undetected for months.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-AATP_AdfsComputersWithNoMdiSensorInstalled |
Install Defender for Identity Sensor on ADFS servers
Secure Score control not implemented. This change has no known impact on your users.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Your ability to detect and respond to threats is compromised. Without proper threat protection, attacks can persist undetected for months.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-MDA_SNOW_userCookieMaxLifeSpanInDays |
Enable absolute session timeout
Secure Score control not implemented. Forcing the user to relogin after specific days.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Cloud applications handle sensitive business data. Without proper security controls, data can be accessed by unauthorized users or exfiltrated to external locations.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-MDA_Zendesk_BlockAccountAssumption |
Block account assumption
Secure Score control not implemented. See in learn more link.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Cloud applications handle sensitive business data. Without proper security controls, data can be accessed by unauthorized users or exfiltrated to external locations.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-MDA_Zendesk_AdminPassChange |
Block admins to set passwords
Secure Score control not implemented. See in learn more link.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Cloud applications handle sensitive business data. Without proper security controls, data can be accessed by unauthorized users or exfiltrated to external locations.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-mdo_antiphishingpolicies |
Ensure that an anti-phishing policy has been created
Secure Score control not implemented. Turning on Anti-Phishing should not cause an impact, messages will be displayed when applicable
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Email is the #1 attack vector - 90% of cyberattacks start with a phishing email. Weak email security enables credential theft, ransomware delivery, and business email compromise (BEC) fraud.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-mdo_recipientlimitperday |
Set a daily message limit
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Email is the #1 attack vector - 90% of cyberattacks start with a phishing email. Weak email security enables credential theft, ransomware delivery, and business email compromise (BEC) fraud.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-mdo_recipientinternallimitperhour |
Set maximum number of internal recipients that a user can send to within an hour
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Email is the #1 attack vector - 90% of cyberattacks start with a phishing email. Weak email security enables credential theft, ransomware delivery, and business email compromise (BEC) fraud.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-mdo_recipientexternallimitperhour |
Set maximum number of external recipients that a user can email per hour
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Email is the #1 attack vector - 90% of cyberattacks start with a phishing email. Weak email security enables credential theft, ransomware delivery, and business email compromise (BEC) fraud.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-mdo_quarantineretentionperiod |
Retain spam in quarantine for 30 days
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Email is the #1 attack vector - 90% of cyberattacks start with a phishing email. Weak email security enables credential theft, ransomware delivery, and business email compromise (BEC) fraud.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-mdo_connectionfilter |
Don't add allowed IP addresses in the connection filter policy
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Email is the #1 attack vector - 90% of cyberattacks start with a phishing email. Weak email security enables credential theft, ransomware delivery, and business email compromise (BEC) fraud.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-mdo_bulkthreshold |
Set the email bulk complaint level (BCL) threshold to be 6 or lower
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Email is the #1 attack vector - 90% of cyberattacks start with a phishing email. Weak email security enables credential theft, ransomware delivery, and business email compromise (BEC) fraud.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-mdo_bulkspamaction |
Set action to take on bulk spam detection
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Email is the #1 attack vector - 90% of cyberattacks start with a phishing email. Weak email security enables credential theft, ransomware delivery, and business email compromise (BEC) fraud.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-mdo_autoforwardingmode |
Set automatic email forwarding rules to be system controlled
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Email is the #1 attack vector - 90% of cyberattacks start with a phishing email. Weak email security enables credential theft, ransomware delivery, and business email compromise (BEC) fraud.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-AATP_EntraConnectAccountsOldPasswords |
Rotate password for Entra Connect AD DS Connector account
Secure Score control not implemented. A compromised AD DS Connector account can grant access to high-privilege functions like replication and password resets, allowing attackers to modify synchronization settings and compromise security in both cloud and on-premises environments.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Your ability to detect and respond to threats is compromised. Without proper threat protection, attacks can persist undetected for months.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-mdo_allowedsenderscombined |
Ensure that no sender domains are allowed for anti-spam policies
Secure Score control not implemented. Unknown
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Email is the #1 attack vector - 90% of cyberattacks start with a phishing email. Weak email security enables credential theft, ransomware delivery, and business email compromise (BEC) fraud.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-MDA_Zoom_PasswordReq |
Enhance password requirements
Secure Score control not implemented. This setting enforce enhanced password requirements in users' next signin.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Cloud applications handle sensitive business data. Without proper security controls, data can be accessed by unauthorized users or exfiltrated to external locations.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-MDA_Zoom_MeetingE2eEncryption |
Enforce end to end encryption in all Zoom meetings
Secure Score control not implemented. This setting enforce end to end encryption in all Zoom meetings.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Cloud applications handle sensitive business data. Without proper security controls, data can be accessed by unauthorized users or exfiltrated to external locations.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-MDA_Zoom_BlockDomains |
Block users in specific domains from joining meetings and webinars
Secure Score control not implemented. This setting block users to signin from specific domains.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Cloud applications handle sensitive business data. Without proper security controls, data can be accessed by unauthorized users or exfiltrated to external locations.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-MDA_Zendesk_IPrestrictions |
Enable IP restrictions
Secure Score control not implemented. Enabling IP-based access restrictions can break third-party integrations that access your account. Make sure to create an allowlist for all external IPs that access your account through the Zendesk APIs. Some integrations use variable IP addresses that can't be included in an allowlist. If you want to use these integrations, you must disable IP restrictions.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Cloud applications handle sensitive business data. Without proper security controls, data can be accessed by unauthorized users or exfiltrated to external locations.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-MDA_Zendesk_enableapp |
Admins and agents can use the Zendesk Support mobile app
Secure Score control not implemented. See in learn more link.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Cloud applications handle sensitive business data. Without proper security controls, data can be accessed by unauthorized users or exfiltrated to external locations.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-MDA_Zendesk_EmailNotificationsforPassChange |
Send a notification on password change for admins, agents, and end users
Secure Score control not implemented. End users will get email notifications when their passwords change.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Cloud applications handle sensitive business data. Without proper security controls, data can be accessed by unauthorized users or exfiltrated to external locations.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECURESCORE-M365-MDA_Zendesk_bypassIPrestrictions |
Block customers to bypass IP restrictions
Secure Score control not implemented. Enabling IP-based access restrictions can break third-party integrations that access your account. Make sure to create an allowlist for all external IPs that access your account through the Zendesk APIs. Some integrations use variable IP addresses that can't be included in an allowlist. If you want to use these integrations, you must disable IP restrictions.
|
433
|
MicrosoftGraph.Security |
M
2-4 hrs
|
Why This Matters
Cloud applications handle sensitive business data. Without proper security controls, data can be accessed by unauthorized users or exfiltrated to external locations.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
DEFENDER-212 |
IsPersonalSite Security Feature Disabled
Property 'IsPersonalSite' has value eq False which may indicate a security misconfiguration. Sample values observed: true, false, null
|
211
|
MicrosoftGraph.Sites |
M
2-4 hrs
|
Why This Matters
A critical security feature has been turned off, leaving your organization exposed. Security features exist for a reason - disabling them creates exploitable gaps that attackers actively look for.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Investigation Required: This finding needs human review to determine the appropriate action.
Recommended Action: Security team should review the affected items and determine if they are legitimate or require remediation.
Compliance Impact: This finding affects: SOC2, NIST, CIS, ISO27001
Technical Remediation:
Review property 'IsPersonalSite' in MicrosoftGraph.Sites module. Consider enabling this security feature by setting the property to true.
|
| Medium |
APP-098 |
Application: No Owners Assigned
Application has no owners assigned. Cannot manage or rotate credentials if creator leaves.
|
138
|
MicrosoftGraph.Applications |
M
2-4 hrs
|
Why This Matters
A critical security feature has been turned off, leaving your organization exposed. Security features exist for a reason - disabling them creates exploitable gaps that attackers actively look for.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: SOC2, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
DEFENDER-109 |
IsAutoRegistered Security Feature Disabled
Property 'IsAutoRegistered' has value eq False which may indicate a security misconfiguration. Sample values observed: false
|
56
|
Azure.PrivateDns |
M
2-4 hrs
|
Why This Matters
A critical security feature has been turned off, leaving your organization exposed. Security features exist for a reason - disabling them creates exploitable gaps that attackers actively look for.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Investigation Required: This finding needs human review to determine the appropriate action.
Recommended Action: Security team should review the affected items and determine if they are legitimate or require remediation.
Compliance Impact: This finding affects: SOC2, NIST, CIS, ISO27001
Technical Remediation:
Review property 'IsAutoRegistered' in Azure.PrivateDns module. Consider enabling this security feature by setting the property to true.
|
| Medium |
AZURE-048 |
Azure Policy: No Governance Policies Deployed
No Azure policies deployed. Cannot enforce organizational standards.
|
36
|
Azure.Resources |
M
2-4 hrs
|
Why This Matters
A critical security feature has been turned off, leaving your organization exposed. Security features exist for a reason - disabling them creates exploitable gaps that attackers actively look for.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST, CIS, ISO27001, FedRAMP
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
AZURE-167 |
SubscriptionState Unhealthy State Detected
Property 'SubscriptionState' is in unhealthy state: Unknown. This may indicate provisioning failure, compliance violation, or disabled security control.
|
33
|
Azure.Advisor |
M
2-4 hrs
|
Why This Matters
This security finding indicates a gap in your security posture. Unaddressed security gaps accumulate risk and increase the likelihood of a successful attack.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Investigation Required: This finding needs human review to determine the appropriate action.
Recommended Action: Security team should review the affected items and determine if they are legitimate or require remediation.
Compliance Impact: This finding affects: ISO27001, NIST, GDPR, FedRAMP
Technical Remediation:
Review property 'SubscriptionState' in Azure.Advisor module. Investigate the root cause of unhealthy state. Check provisioning logs, compliance policies, or enable disabled controls.
|
| Medium |
AZURE-050 |
Azure Storage: Public Blob Access Allowed
Storage account allows public anonymous access to blob containers. Data exposure risk.
|
32
|
Azure.Storage |
M
2-4 hrs
|
Why This Matters
A critical security feature has been turned off, leaving your organization exposed. Security features exist for a reason - disabling them creates exploitable gaps that attackers actively look for.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: SOC2, NIST, HIPAA, ISO27001, PCI-DSS, GDPR, FedRAMP, HITRUST
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
DEVICE-CMP-001 |
Compliance Management Partner Not Active
Compliance management partner (如Jamf, VMware) has not sent heartbeat recently, indicating potential integration failure.
|
21
|
MicrosoftGraphDeviceManagement |
M
2-4 hrs
|
Why This Matters
Non-compliant devices accessing corporate data create security gaps. Lost or compromised devices are a leading cause of data breaches.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Investigation Required: This finding needs human review to determine the appropriate action.
Recommended Action: Security team should review the affected items and determine if they are legitimate or require remediation.
Compliance Impact: This finding affects: NIST, SOC2
Technical Remediation:
Verify compliance partner integration is functioning. Check network connectivity and partner service status.
|
| Medium |
AZURE-051 |
Azure VM: No Backup Configured
Virtual machines do not have Azure Backup configured. Data loss risk.
|
13
|
Azure.Compute |
M
2-4 hrs
|
Why This Matters
A critical security feature has been turned off, leaving your organization exposed. Security features exist for a reason - disabling them creates exploitable gaps that attackers actively look for.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: SOC2, ISO27001, HIPAA, FedRAMP, HITRUST
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
EXO-062 |
Exchange Transport Rule: Bypass Security Warnings
Transport rule bypasses external sender warnings. Users cannot identify external emails easily.
|
13
|
ExchangeOnline |
M
2-4 hrs
|
Why This Matters
A critical security feature has been turned off, leaving your organization exposed. Security features exist for a reason - disabling them creates exploitable gaps that attackers actively look for.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
DEFENDER-437 |
SendingFromDomainDisabled Security Feature Disabled
Property 'SendingFromDomainDisabled' has value eq False which may indicate a security misconfiguration. Sample values observed: false
|
12
|
ExchangeOnline |
M
2-4 hrs
|
Why This Matters
A critical security feature has been turned off, leaving your organization exposed. Security features exist for a reason - disabling them creates exploitable gaps that attackers actively look for.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Investigation Required: This finding needs human review to determine the appropriate action.
Recommended Action: Security team should review the affected items and determine if they are legitimate or require remediation.
Compliance Impact: This finding affects: SOC2, NIST, CIS, ISO27001
Technical Remediation:
Review property 'SendingFromDomainDisabled' in ExchangeOnline module. Consider enabling this security feature by setting the property to true.
|
| Medium |
GOV-002 |
|
12
|
|
M
2-4 hrs
|
Why This Matters
This security finding indicates a gap in your security posture. Unaddressed security gaps accumulate risk and increase the likelihood of a successful attack.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
DEFENDER-458 |
IsDefaultFederatedDomain Security Feature Disabled
Property 'IsDefaultFederatedDomain' has value eq False which may indicate a security misconfiguration. Sample values observed: false
|
11
|
ExchangeOnline |
M
2-4 hrs
|
Why This Matters
A critical security feature has been turned off, leaving your organization exposed. Security features exist for a reason - disabling them creates exploitable gaps that attackers actively look for.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Investigation Required: This finding needs human review to determine the appropriate action.
Recommended Action: Security team should review the affected items and determine if they are legitimate or require remediation.
Compliance Impact: This finding affects: SOC2, NIST, CIS, ISO27001, GDPR, FedRAMP, HITRUST
Technical Remediation:
Review property 'IsDefaultFederatedDomain' in ExchangeOnline module. Consider enabling this security feature by setting the property to true.
|
| Medium |
DEFENDER-515 |
IsCoexistenceDomain Security Feature Disabled
Property 'IsCoexistenceDomain' has value eq False which may indicate a security misconfiguration. Sample values observed: false
|
11
|
ExchangeOnline |
M
2-4 hrs
|
Why This Matters
A critical security feature has been turned off, leaving your organization exposed. Security features exist for a reason - disabling them creates exploitable gaps that attackers actively look for.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Investigation Required: This finding needs human review to determine the appropriate action.
Recommended Action: Security team should review the affected items and determine if they are legitimate or require remediation.
Compliance Impact: This finding affects: SOC2, NIST, CIS, ISO27001
Technical Remediation:
Review property 'IsCoexistenceDomain' in ExchangeOnline module. Consider enabling this security feature by setting the property to true.
|
| Medium |
TEAMS-006 |
Teams: Anonymous Meeting Join Enabled (Org-Wide)
Organization-wide Teams policy allows anonymous users to join meetings. Potential security and compliance risk.
|
8
|
MicrosoftTeams |
M
2-4 hrs
|
Why This Matters
Collaboration tools contain sensitive conversations and documents. Weak security enables data leaks and unauthorized access to confidential information.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Disable for sensitive organizations: Set-CsTeamsMeetingPolicy -AllowAnonymousUsersToJoinMeeting $false
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: ISO27001, SOC2, NIST, CIS, FedRAMP, HITRUST
Technical Remediation:
Disable for sensitive organizations: Set-CsTeamsMeetingPolicy -AllowAnonymousUsersToJoinMeeting $false
|
| Medium |
MISC-045 |
Teams: Anonymous Meeting Join Enabled
Teams allows anonymous users to join meetings. Potential security and compliance risk.
|
8
|
MicrosoftTeams |
M
2-4 hrs
|
Why This Matters
A critical security feature has been turned off, leaving your organization exposed. Security features exist for a reason - disabling them creates exploitable gaps that attackers actively look for.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST, HIPAA, ISO27001, GDPR, FedRAMP
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
DEVICE-053 |
Personal Device Enrollment Allowed
Users can enroll personal devices in Intune. BYOD may violate compliance requirements.
|
6
|
MicrosoftGraph.DeviceManagement |
M
2-4 hrs
|
Why This Matters
A critical security feature has been turned off, leaving your organization exposed. Security features exist for a reason - disabling them creates exploitable gaps that attackers actively look for.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: HIPAA, ISO27001, GDPR, FedRAMP
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
EXO-020 |
Spam Filter Action: Move to Junk (Weak)
Spam action is set to 'Move to Junk Mail' instead of 'Quarantine'. Users can still access spam.
|
6
|
ExchangeOnline |
XS
15-60 min
|
Why This Matters
Email is the #1 attack vector - 90% of cyberattacks start with a phishing email. Weak email security enables credential theft, ransomware delivery, and business email compromise (BEC) fraud.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Automated Fix Available: This can be remediated using PowerShell. Your IT team can run the command shown below to fix this issue.
Recommended Action: Schedule this fix with your IT team. For Critical/High severity items, consider expedited change procedures.
Compliance Impact: This finding affects: SOC2, NIST, CIS, HIPAA, FedRAMP, HITRUST
Technical Remediation:
Set-HostedContentFilterPolicy -Identity '<Name>' -SpamAction Quarantine
|
| Medium |
DEVICE-052 |
Compliance Grace Period Too Long
Device compliance grace period exceeds 7 days. Non-compliant devices retain access too long.
|
5
|
MicrosoftGraph.DeviceManagement |
M
2-4 hrs
|
Why This Matters
A critical security feature has been turned off, leaving your organization exposed. Security features exist for a reason - disabling them creates exploitable gaps that attackers actively look for.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST, CIS, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
MGI-003 |
Conditional Access Policy: Report-Only Mode
Conditional Access policy is in report-only mode. Policy is not enforced.
|
4
|
MicrosoftGraph.Identity.SignIns |
M
2-4 hrs
|
Why This Matters
Conditional Access policies are your adaptive security layer. Without proper policies, users can access sensitive resources from compromised devices or risky locations.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Enable enforcement: Update-MgIdentityConditionalAccessPolicy -ConditionalAccessPolicyId '<Id>' -State 'enabled'
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST, CIS, HIPAA, SOC2, FedRAMP
Technical Remediation:
Enable enforcement: Update-MgIdentityConditionalAccessPolicy -ConditionalAccessPolicyId '<Id>' -State 'enabled'
|
| Medium |
AZURE-059 |
Resource Locks: Production Resources Unprotected
Critical production resources have no delete or read-only locks. Accidental deletion risk.
|
4
|
Azure.Resources |
M
2-4 hrs
|
Why This Matters
A critical security feature has been turned off, leaving your organization exposed. Security features exist for a reason - disabling them creates exploitable gaps that attackers actively look for.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: SOC2, ISO27001, FedRAMP
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
AZURE-047 |
Azure Monitor: No Action Groups Configured
No action groups for Azure Monitor alerts. Security alerts will not notify administrators.
|
4
|
Azure.Monitor |
M
2-4 hrs
|
Why This Matters
A critical security feature has been turned off, leaving your organization exposed. Security features exist for a reason - disabling them creates exploitable gaps that attackers actively look for.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST, CIS, ISO27001, FedRAMP
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
STOR-001 |
Storage Account Security Review
|
4
|
|
M
2-4 hrs
|
Why This Matters
This security finding indicates a gap in your security posture. Unaddressed security gaps accumulate risk and increase the likelihood of a successful attack.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
AZURE-140 |
SubscriptionState Unhealthy State Detected
Property 'SubscriptionState' is in unhealthy state: Unknown. This may indicate provisioning failure, compliance violation, or disabled security control.
|
4
|
Azure.ApplicationInsights |
M
2-4 hrs
|
Why This Matters
This security finding indicates a gap in your security posture. Unaddressed security gaps accumulate risk and increase the likelihood of a successful attack.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Investigation Required: This finding needs human review to determine the appropriate action.
Recommended Action: Security team should review the affected items and determine if they are legitimate or require remediation.
Compliance Impact: This finding affects: ISO27001, NIST, GDPR, FedRAMP
Technical Remediation:
Review property 'SubscriptionState' in Azure.ApplicationInsights module. Investigate the root cause of unhealthy state. Check provisioning logs, compliance policies, or enable disabled controls.
|
| Medium |
MGI-034 |
Conditional Access: No Policies Configured
No Conditional Access policies are configured. All users can access resources without restrictions.
|
3
|
MicrosoftGraph.Identity.SignIns |
M
2-4 hrs
|
Why This Matters
A critical security feature has been turned off, leaving your organization exposed. Security features exist for a reason - disabling them creates exploitable gaps that attackers actively look for.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: SOC2, NIST, CIS, CMMC, ISO27001, GDPR, FedRAMP, HITRUST
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
DEFENDER-173 |
IsOpenAI Security Feature Disabled
Property 'IsOpenAI' has value eq False which may indicate a security misconfiguration. Sample values observed: false
|
3
|
Azure.CognitiveServices |
M
2-4 hrs
|
Why This Matters
A critical security feature has been turned off, leaving your organization exposed. Security features exist for a reason - disabling them creates exploitable gaps that attackers actively look for.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Investigation Required: This finding needs human review to determine the appropriate action.
Recommended Action: Security team should review the affected items and determine if they are legitimate or require remediation.
Compliance Impact: This finding affects: SOC2, NIST, CIS, ISO27001
Technical Remediation:
Review property 'IsOpenAI' in Azure.CognitiveServices module. Consider enabling this security feature by setting the property to true.
|
| Medium |
MGI-087 |
Sign-In Frequency Not Enforced
No CA policy enforces sign-in frequency. Users remain authenticated indefinitely.
|
3
|
MicrosoftGraph.Identity.SignIns |
M
2-4 hrs
|
Why This Matters
A critical security feature has been turned off, leaving your organization exposed. Security features exist for a reason - disabling them creates exploitable gaps that attackers actively look for.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST, ISO27001, GDPR
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
DNS-EMAIL-013 |
MTA-STS Not Configured
Domain does not have MTA-STS (SMTP MTA Strict Transport Security) configured. MTA-STS enforces TLS encryption for email in transit.
|
3
|
DNS |
M
2-4 hrs
|
Why This Matters
System.Object[]
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Configure MTA-STS: Add TXT record to _mta-sts.domain with 'v=STSv1; id=<timestamp>' and publish policy at https://mta-sts.domain/.well-known/mta-sts.txt
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST, HIPAA, FedRAMP, HITRUST
Technical Remediation:
Configure MTA-STS: Add TXT record to _mta-sts.domain with 'v=STSv1; id=<timestamp>' and publish policy at https://mta-sts.domain/.well-known/mta-sts.txt
|
| Medium |
MGI-088 |
Persistent Browser Session Allowed
CA allows persistent browser sessions. 'Stay signed in?' checkbox bypasses security controls.
|
3
|
MicrosoftGraph.Identity.SignIns |
M
2-4 hrs
|
Why This Matters
A critical security feature has been turned off, leaving your organization exposed. Security features exist for a reason - disabling them creates exploitable gaps that attackers actively look for.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
AZURE-233 |
SubscriptionState Unhealthy State Detected
Property 'SubscriptionState' is in unhealthy state: Unknown. This may indicate provisioning failure, compliance violation, or disabled security control.
|
3
|
Azure.CognitiveServices |
M
2-4 hrs
|
Why This Matters
This security finding indicates a gap in your security posture. Unaddressed security gaps accumulate risk and increase the likelihood of a successful attack.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Investigation Required: This finding needs human review to determine the appropriate action.
Recommended Action: Security team should review the affected items and determine if they are legitimate or require remediation.
Compliance Impact: This finding affects: ISO27001, NIST, GDPR, FedRAMP
Technical Remediation:
Review property 'SubscriptionState' in Azure.CognitiveServices module. Investigate the root cause of unhealthy state. Check provisioning logs, compliance policies, or enable disabled controls.
|
| Medium |
DEFENDER-171 |
IsMigrated Security Feature Disabled
Property 'IsMigrated' has value eq False which may indicate a security misconfiguration. Sample values observed: false
|
3
|
Azure.CognitiveServices |
M
2-4 hrs
|
Why This Matters
A critical security feature has been turned off, leaving your organization exposed. Security features exist for a reason - disabling them creates exploitable gaps that attackers actively look for.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Investigation Required: This finding needs human review to determine the appropriate action.
Recommended Action: Security team should review the affected items and determine if they are legitimate or require remediation.
Compliance Impact: This finding affects: SOC2, NIST, CIS, ISO27001
Technical Remediation:
Review property 'IsMigrated' in Azure.CognitiveServices module. Consider enabling this security feature by setting the property to true.
|
| Medium |
MISC-042 |
Device Registration: Users Can Join Devices
All users can join devices to Azure AD. Should be restricted for BYOD control.
|
2
|
MicrosoftGraph.Identity.SignIns |
M
2-4 hrs
|
Why This Matters
A critical security feature has been turned off, leaving your organization exposed. Security features exist for a reason - disabling them creates exploitable gaps that attackers actively look for.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST, CIS, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
EXO-133 |
Single Item Recovery Disabled
Single item recovery is disabled, preventing recovery of deleted items after retention period.
|
2
|
ExchangeOnline |
M
2-4 hrs
|
Why This Matters
A critical security feature has been turned off, leaving your organization exposed. Security features exist for a reason - disabling them creates exploitable gaps that attackers actively look for.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: SOC2, ISO27001, GDPR
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
EXO-009 |
Single Item Recovery Disabled
Single item recovery is disabled, preventing recovery of deleted items after retention period.
|
2
|
ExchangeOnline |
XS
15-60 min
|
Why This Matters
Compliance failures result in regulatory fines (up to 4% of global revenue for GDPR), audit failures, and loss of customer trust and business opportunities.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Automated Fix Available: This can be remediated using PowerShell. Your IT team can run the command shown below to fix this issue.
Recommended Action: Schedule this fix with your IT team. For Critical/High severity items, consider expedited change procedures.
Compliance Impact: This finding affects: ISO27001, NIST, CIS, SOC2, FedRAMP
Technical Remediation:
Set-Mailbox -Identity '<UserPrincipalName>' -SingleItemRecoveryEnabled $true
|
| Medium |
AZURE-191 |
SubscriptionState Unhealthy State Detected
Property 'SubscriptionState' is in unhealthy state: Unknown. This may indicate provisioning failure, compliance violation, or disabled security control.
|
2
|
Azure.Automation |
M
2-4 hrs
|
Why This Matters
This security finding indicates a gap in your security posture. Unaddressed security gaps accumulate risk and increase the likelihood of a successful attack.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Investigation Required: This finding needs human review to determine the appropriate action.
Recommended Action: Security team should review the affected items and determine if they are legitimate or require remediation.
Compliance Impact: This finding affects: ISO27001, NIST, GDPR, FedRAMP
Technical Remediation:
Review property 'SubscriptionState' in Azure.Automation module. Investigate the root cause of unhealthy state. Check provisioning logs, compliance policies, or enable disabled controls.
|
| Medium |
DEFENDER-079 |
DataEndpointEnabled Security Feature Disabled
Property 'DataEndpointEnabled' has value eq False which may indicate a security misconfiguration. Sample values observed: false
|
2
|
Azure.ContainerRegistry |
M
2-4 hrs
|
Why This Matters
A critical security feature has been turned off, leaving your organization exposed. Security features exist for a reason - disabling them creates exploitable gaps that attackers actively look for.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Investigation Required: This finding needs human review to determine the appropriate action.
Recommended Action: Security team should review the affected items and determine if they are legitimate or require remediation.
Compliance Impact: This finding affects: SOC2, NIST, CIS, ISO27001, GDPR, FedRAMP, HITRUST
Technical Remediation:
Review property 'DataEndpointEnabled' in Azure.ContainerRegistry module. Consider enabling this security feature by setting the property to true.
|
| Medium |
MANUAL-095 |
Voice Authentication Method Still Enabled
Voice call authentication is enabled. Voice calls are susceptible to social engineering and should be replaced with modern authentication methods.
|
1
|
|
M
2-4 hrs
|
Why This Matters
Identity is the new security perimeter. Compromised credentials are involved in 80% of breaches - weak identity controls give attackers legitimate access to your systems.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA SCuBA, NIST 800-63B, FedRAMP
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
MANUAL-097 |
Group Creation Not Restricted
Authorization policy allows all users to create Microsoft 365 groups and security groups. This should be restricted to administrators.
|
1
|
|
M
2-4 hrs
|
Why This Matters
This security finding indicates a gap in your security posture. Unaddressed security gaps accumulate risk and increase the likelihood of a successful attack.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CIS M365 Foundation 1.2.7, NIST 800-53 AC-6, ISO 27001 A.9.2.3, CMMC L2
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
MANUAL-113 |
Anyone links SHALL have an expiration date configured
CISA ScubaGear MS.SHAREPOINT.2.1v1: If 'Anyone' links are enabled, they SHALL expire within 30 days maximum to limit unauthorized access window.
|
1
|
|
M
2-4 hrs
|
Why This Matters
System.Object[]
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA Baseline, FedRAMP Moderate, NIST 800-53 AC-2(5)
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
MANUAL-119 |
Tenant SHALL have data residency location documented and configured for compliance
CISA ScubaGear requirement: Federal agencies and organizations with data sovereignty requirements SHALL verify and document the geographic location where Microsoft 365 data is stored (Multi-Geo or default region).
|
1
|
|
M
2-4 hrs
|
Why This Matters
This security finding indicates a gap in your security posture. Unaddressed security gaps accumulate risk and increase the likelihood of a successful attack.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA Baseline, FedRAMP High, NIST 800-53 SC-8
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
MANUAL-157 |
Mailbox Items Accessed in Bulk
Large number of mailbox items accessed in short timeframe. Potential email harvesting or data collection activity.
|
1
|
|
M
2-4 hrs
|
Why This Matters
Sensitive data (customer info, financials, IP) could be leaked or stolen. Data breaches result in regulatory fines, lawsuits, and irreparable reputation damage.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, SOC2, GDPR
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
MISC-036 |
Password Protection Custom Banned List Empty
Custom banned password list is empty. Organization-specific weak passwords not blocked.
|
1
|
MicrosoftGraph.Identity.SignIns |
M
2-4 hrs
|
Why This Matters
A critical security feature has been turned off, leaving your organization exposed. Security features exist for a reason - disabling them creates exploitable gaps that attackers actively look for.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST, CIS, ISO27001, GDPR
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
MANUAL-158 |
Anonymous Link Created for Sensitive Files
Anonymous sharing link created for SharePoint/OneDrive files. Anonymous links allow unauthenticated access and increase data exposure risk.
|
1
|
|
M
2-4 hrs
|
Why This Matters
Sensitive data (customer info, financials, IP) could be leaked or stolen. Data breaches result in regulatory fines, lawsuits, and irreparable reputation damage.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO 27001, GDPR, HIPAA
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
MANUAL-159 |
Anonymous Link Used Multiple Times
Anonymous sharing link accessed repeatedly. Potential data harvesting via shared link or unauthorized data access.
|
1
|
|
M
2-4 hrs
|
Why This Matters
Sensitive data (customer info, financials, IP) could be leaked or stolen. Data breaches result in regulatory fines, lawsuits, and irreparable reputation damage.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO 27001, GDPR
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
MISC-038 |
Cross-Tenant Access Default Inbound Trust All
Cross-tenant access policy trusts all external tenants by default. Should use explicit allow list.
|
1
|
MicrosoftGraph.Identity.SignIns |
M
2-4 hrs
|
Why This Matters
A critical security feature has been turned off, leaving your organization exposed. Security features exist for a reason - disabling them creates exploitable gaps that attackers actively look for.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST, ISO27001, GDPR, FedRAMP
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SCUBA-DEF-005 |
General report details function for impersonation protection
CISA federal baseline requirement: General report details function for impersonation protection
|
1
|
|
M
2-4 hrs
|
Why This Matters
Microsoft Defender protections are not fully enabled. Without active threat protection, malware and phishing attacks can succeed.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA Baseline, Federal Security Baseline
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
MISC-031 |
Admin Audit Log Age Limit Too Short
Admin audit log retention is less than 365 days. CIS Benchmark recommends 365+ days.
|
1
|
ExchangeOnline |
M
2-4 hrs
|
Why This Matters
A critical security feature has been turned off, leaving your organization exposed. Security features exist for a reason - disabling them creates exploitable gaps that attackers actively look for.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: SOC2, NIST, CIS, ISO27001, GDPR, FedRAMP, HITRUST
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
MISC-046 |
Teams: External Access Enabled for All Domains
Teams allows communication with all external domains. Increases phishing and data leak risk.
|
1
|
MicrosoftTeams |
M
2-4 hrs
|
Why This Matters
A critical security feature has been turned off, leaving your organization exposed. Security features exist for a reason - disabling them creates exploitable gaps that attackers actively look for.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST, ISO27001, GDPR
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SCUBA-DEF-006 |
Assert that at least one of the enabled policies includes
CISA federal baseline requirement: Assert that at least one of the enabled policies includes
|
1
|
|
M
2-4 hrs
|
Why This Matters
Microsoft Defender protections are not fully enabled. Without active threat protection, malware and phishing attacks can succeed.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA Baseline, Federal Security Baseline, FedRAMP
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-150 |
MT.1056: Ensure that no person has permanent access to all Azure subscriptions at the root scope
Ensure that no one has permanent access to all subscriptions through the Root Scope
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: Maester
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SCUBA-DEF-010 |
Step 2: determine the set of sensitive policies that apply to EXO, Teams, etc.
CISA federal baseline requirement: Step 2: determine the set of sensitive policies that apply to EXO, Teams, etc.
|
1
|
|
M
2-4 hrs
|
Why This Matters
Microsoft Defender protections are not fully enabled. Without active threat protection, malware and phishing attacks can succeed.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA Baseline, Federal Security Baseline, FedRAMP
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-007 |
MT.1034.$($EmergencyAccessUsers.IndexOf($_)): Emergency access users should not be blocked ($($_.userPrincipalName))
Checks if the user is blocked from using legacy authentication using the Conditional Access WhatIf Graph API endpoint
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: Maester
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-005 |
MT.1092: Intune APNS certificate should be valid for more than 30 days
The Apple Push Notification Service (APNS) Certificate is required for managing Apple devices with Microsoft Intune
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: Maester
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-004 |
MT.1094: Apple Volume Purchase Program Tokens should be valid for more than 30 days
The Apple Push Notification Service (APNS) Certificate is required for managing Apple devices with Microsoft Intune
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: Maester
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-003 |
MT.1095: Android Enterprise account connection should be healthy
The Apple Push Notification Service (APNS) Certificate is required for managing Apple devices with Microsoft Intune
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: Maester
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-002 |
MT.1097: Ensure all Intune Certificate Connectors are healthy and running supported versions
The Apple Push Notification Service (APNS) Certificate is required for managing Apple devices with Microsoft Intune
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: Maester
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-001 |
MT.1098: Mobile Threat Defense Connectors should be healthy
The Apple Push Notification Service (APNS) Certificate is required for managing Apple devices with Microsoft Intune
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: Maester
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SCUBA-SPO-012 |
SharePoint Default Link Type Set to Anyone
Setting the default sharing link type to "Anyone" makes it easy for users to accidentally create unauthenticated sharing links.
|
1
|
|
M
2-4 hrs
|
Why This Matters
SharePoint stores critical business documents. Misconfigured permissions can expose sensitive data to unauthorized users or the public internet.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CIS M365, NIST 800-53
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SCUBA-SPO-011 |
SharePoint Sites With External Sharing More Permissive Than Tenant
Individual sites with more permissive external sharing settings than the tenant override organizational security policies.
|
1
|
|
M
2-4 hrs
|
Why This Matters
SharePoint stores critical business documents. Misconfigured permissions can expose sensitive data to unauthorized users or the public internet.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CIS M365, NIST 800-53
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SCUBA-EID-035 |
Conditional Access Policies in Report-Only Mode
Conditional access policies in report-only mode do not enforce security controls, leaving the organization vulnerable.
|
1
|
|
M
2-4 hrs
|
Why This Matters
Azure/Entra ID is your identity foundation. Misconfigurations here affect every user and application in your organization.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CIS M365, NIST 800-53
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SCUBA-EID-034 |
Application Registrations With Owner Accounts Disabled
Applications with all owners disabled cannot be managed, leading to operational risks and inability to rotate credentials.
|
1
|
|
M
2-4 hrs
|
Why This Matters
Azure/Entra ID is your identity foundation. Misconfigurations here affect every user and application in your organization.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CIS M365, NIST 800-53
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SCUBA-EID-029 |
Enabled User Accounts Without Assigned Licenses
Enabled user accounts without licenses consume security resources without business justification and may represent forgotten test accounts.
|
1
|
|
M
2-4 hrs
|
Why This Matters
Azure/Entra ID is your identity foundation. Misconfigurations here affect every user and application in your organization.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CIS M365, NIST 800-53
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SCUBA-EID-028 |
Guest Users With No Activity in 90 Days
Guest users with no activity represent potential security risks and unnecessary attack surface.
|
1
|
|
M
2-4 hrs
|
Why This Matters
Azure/Entra ID is your identity foundation. Misconfigurations here affect every user and application in your organization.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CIS M365, NIST 800-53
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SCUBA-EID-026 |
Guest Users and Administrators Can Invite External Users
CISA MS.AAD.8.2v1: Guest invitations SHOULD only be allowed to administrators.
|
1
|
|
M
2-4 hrs
|
Why This Matters
Azure/Entra ID is your identity foundation. Misconfigurations here affect every user and application in your organization.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA Baseline, Federal Security Baseline, FedRAMP
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SCUBA-EID-024 |
MS.AAD.7.9v1
CISA federal baseline requirement: MS.AAD.7.9v1
|
1
|
|
M
2-4 hrs
|
Why This Matters
Azure/Entra ID is your identity foundation. Misconfigurations here affect every user and application in your organization.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA Baseline, Federal Security Baseline
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-151 |
MT.1065: Ensure all Recovery Services Vaults have soft delete enabled
This test ensures that all Recovery Services Vaults have Soft Delete enabled
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: Maester
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
MANUAL-090 |
Suspicious RBAC Change: Custom Management Role Created
Detects creation of custom management roles via New-ManagementRole. Attackers may create custom roles with specific permissions to maintain covert administrative access. HAWK forensic pattern.
|
1
|
|
M
2-4 hrs
|
Why This Matters
Privileged accounts are high-value targets. A compromised admin account gives attackers complete control over your environment.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SCUBA-EID-010 |
MFA Registration Requires Managed Device or Compliant Network Location
CISA MS.AAD.3.8v1: MFA registration SHALL require registration from a trusted location (managed device or compliant network).
|
1
|
|
M
2-4 hrs
|
Why This Matters
Azure/Entra ID is your identity foundation. Misconfigurations here affect every user and application in your organization.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA Baseline, Federal Security Baseline, FedRAMP
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SCUBA-EID-009 |
If policy matches basic conditions, & needed strings
CISA federal baseline requirement: If policy matches basic conditions, & needed strings
|
1
|
|
M
2-4 hrs
|
Why This Matters
Azure/Entra ID is your identity foundation. Misconfigurations here affect every user and application in your organization.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA Baseline, Federal Security Baseline
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SCUBA-DEF-033 |
Outbound Spam Filter Too Permissive
Outbound spam filter has high daily recipient limits (>500) that allow compromised accounts to send large spam campaigns before detection. This increases damage from account compromise and risks tenant reputation/deliverability.
|
1
|
|
M
2-4 hrs
|
Why This Matters
This security finding indicates a gap in your security posture. Unaddressed security gaps accumulate risk and increase the likelihood of a successful attack.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CIS M365 Foundations, NIST 800-53
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SCUBA-DEF-012 |
Step 4: ensure that some user is notified in the event of a DLP violation
CISA federal baseline requirement: Step 4: ensure that some user is notified in the event of a DLP violation
|
1
|
|
M
2-4 hrs
|
Why This Matters
Microsoft Defender protections are not fully enabled. Without active threat protection, malware and phishing attacks can succeed.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA Baseline, Federal Security Baseline, FedRAMP
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SCUBA-DEF-011 |
Step 3: Ensure that the action for the rules is set to block
CISA federal baseline requirement: Step 3: Ensure that the action for the rules is set to block
|
1
|
|
M
2-4 hrs
|
Why This Matters
Microsoft Defender protections are not fully enabled. Without active threat protection, malware and phishing attacks can succeed.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA Baseline, Federal Security Baseline, FedRAMP
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SCUBA-DEF-007 |
Calls function in util file to check if impersonation
CISA federal baseline requirement: Calls function in util file to check if impersonation
|
1
|
|
M
2-4 hrs
|
Why This Matters
Microsoft Defender protections are not fully enabled. Without active threat protection, malware and phishing attacks can succeed.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA Baseline, Federal Security Baseline, FedRAMP
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
MANUAL-088 |
Suspicious OAuth Consent: Broad-Scope Grant (AllPrincipals)
Detects OAuth consent grants with ConsentType of 'AllPrincipals' or permissions ending in '.All'. These grants apply tenant-wide and pose greater risk than user-specific consents. HAWK forensic indicator - Broad-Scope Grant category.
|
1
|
|
M
2-4 hrs
|
Why This Matters
Applications with excessive permissions can access and exfiltrate data. Malicious or compromised apps are a growing attack vector.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
MANUAL-073 |
Ensure password protection is enabled for on-prem Active Directory
Verifies that password protection is enabled for on-prem active directory
|
1
|
|
M
2-4 hrs
|
Why This Matters
This security finding indicates a gap in your security posture. Unaddressed security gaps accumulate risk and increase the likelihood of a successful attack.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CIS M365
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
MANUAL-081 |
Certificate-Based Authentication Enabled Without PKI Hardening
Certificate-based authentication (CBA) is enabled for user accounts. While CBA can be more secure than passwords, it introduces PKI infrastructure dependencies. If the certificate authority or private keys are compromised, attackers can forge authentication certificates. Weak certificate policies or lack of CRL/OCSP validation increase risk.
|
1
|
|
M
2-4 hrs
|
Why This Matters
This security finding indicates a gap in your security posture. Unaddressed security gaps accumulate risk and increase the likelihood of a successful attack.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: Federation Security, PKI Security, NIST 800-63B
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
MANUAL-021 |
Tenant License Level
Export of current Tenant license levels. This information can be used to determine what features and options are available currently for the Tenant, and to determine what licenses may be most beneficial for future use/upgrades.
|
1
|
|
M
2-4 hrs
|
Why This Matters
This security finding indicates a gap in your security posture. Unaddressed security gaps accumulate risk and increase the likelihood of a successful attack.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
MANUAL-010 |
Federation Trusts in Tenant
Federation Trusts are configured to allow businesses to collaborate or to operate in a hybrid configuration. These same features meant to empower an organization can be abused by attackers to execute malicious actions and maintain access to the Tenant. Accounts used in this manner are not created in the Tenant's directory and as such, will not be visible when auditing accounts.
|
1
|
|
M
2-4 hrs
|
Why This Matters
Azure/Entra ID is your identity foundation. Misconfigurations here affect every user and application in your organization.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
MANUAL-009 |
Tenant Federation Configuration
Federation of a tenant allows businesses to operate in a hybrid configuration. These same features meant to empower an organization can be abused by attackers to execute malicious actions and maintain access to the Tenant.
|
1
|
|
M
2-4 hrs
|
Why This Matters
Azure/Entra ID is your identity foundation. Misconfigurations here affect every user and application in your organization.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
MANUAL-001 |
ADFS Configuration Found
Active Directory Federation Services (ADFS) configured on this Tenant. ADFS Claims Rules may act as replacements for some features in Azure, hence rendering certain findings a "False Positive".
|
1
|
|
M
2-4 hrs
|
Why This Matters
Azure/Entra ID is your identity foundation. Misconfigurations here affect every user and application in your organization.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
EXO-026 |
Customer Lockbox Disabled
Customer Lockbox is not enabled. Microsoft support has unrestricted access to tenant data.
|
1
|
ExchangeOnline |
XS
15-60 min
|
Why This Matters
Compliance failures result in regulatory fines (up to 4% of global revenue for GDPR), audit failures, and loss of customer trust and business opportunities.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Automated Fix Available: This can be remediated using PowerShell. Your IT team can run the command shown below to fix this issue.
Recommended Action: Schedule this fix with your IT team. For Critical/High severity items, consider expedited change procedures.
Compliance Impact: This finding affects: ISO27001, NIST, CIS, HIPAA, SOC2, GDPR, FedRAMP, HITRUST
Technical Remediation:
Set-OrganizationConfig -CustomerLockboxEnabled $true
|
| Medium |
DISABLED-055 |
Retention Labels Not Published
Retention labels configured but not published to users. Cannot classify content properly.
|
1
|
SecurityAndCompliance |
M
2-4 hrs
|
Why This Matters
A critical security feature has been turned off, leaving your organization exposed. Security features exist for a reason - disabling them creates exploitable gaps that attackers actively look for.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: SOC2, ISO27001, GDPR, FedRAMP
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
DEFENDER-CONFIG-001 |
Microsoft Secure Score Below 70%
Organization's Microsoft Secure Score is below 70%, indicating significant security configuration gaps
|
1
|
MicrosoftDefender |
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Manual Configuration Required: This requires changes in the Microsoft 365 Admin Center or Azure Portal.
Recommended Action: Assign to your M365 administrator. This may require policy review and approval from security leadership.
Compliance Impact: This finding affects: NIST 800-53, ISO 27001, SOC2, CMMC
Technical Remediation:
Review Secure Score recommendations in Microsoft 365 Defender portal. Prioritize high-impact, low-effort improvements. Implement recommended controls. Track progress monthly toward 70% target.
|
| Medium |
DEFENDER-080 |
AnonymousPullEnabled Security Feature Disabled
Property 'AnonymousPullEnabled' has value eq False which may indicate a security misconfiguration. Sample values observed: false
|
1
|
Azure.ContainerRegistry |
M
2-4 hrs
|
Why This Matters
A critical security feature has been turned off, leaving your organization exposed. Security features exist for a reason - disabling them creates exploitable gaps that attackers actively look for.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Investigation Required: This finding needs human review to determine the appropriate action.
Recommended Action: Security team should review the affected items and determine if they are legitimate or require remediation.
Compliance Impact: This finding affects: SOC2, NIST, CIS, ISO27001, GDPR
Technical Remediation:
Review property 'AnonymousPullEnabled' in Azure.ContainerRegistry module. Consider enabling this security feature by setting the property to true.
|
| Medium |
CUSTOM-MFA-027 |
Inactive User Accounts Detected
Identifies user accounts with no recent sign-in activity (90+ days)
|
1
|
|
M
2-4 hrs
|
Why This Matters
Identity is the new security perimeter. Compromised credentials are involved in 80% of breaches - weak identity controls give attackers legitimate access to your systems.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
MANUAL-029 |
PowerShell Logins Using Known PowerShell Application IDs
Detects logins using known PowerShell application IDs (a0c73c16-a7e3-4564-9a95-2bdf47383716, 1b730954-1685-4b74-9bfd-dac224a7b894) or WinRM
|
1
|
|
M
2-4 hrs
|
Why This Matters
This security finding indicates a gap in your security posture. Unaddressed security gaps accumulate risk and increase the likelihood of a successful attack.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
CUSTOM-MFA-023 |
SSPR Allows Email Authentication
SSPR allows users to reset their password by authenticating with a registered MFA method. SSPR allows Email OTP as an MFA method by default. Note: Email OTP is only available in SSPR and does not satisfy MFA requirements outside of SSPR, reguardless of Tenant configuration.
|
1
|
|
M
2-4 hrs
|
Why This Matters
Identity is the new security perimeter. Compromised credentials are involved in 80% of breaches - weak identity controls give attackers legitimate access to your systems.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
CUSTOM-MFA-009 |
Directory Synchronization Enabled
Directory synchronization allows you to manage identities in your Active Directory Domain Services (AD DS) and all updates to user accounts, groups, and contacts are synchronized to the Azure Active Directory (Azure AD) tenant of your Microsoft 365 subscription.
|
1
|
|
M
2-4 hrs
|
Why This Matters
Identity is the new security perimeter. Compromised credentials are involved in 80% of breaches - weak identity controls give attackers legitimate access to your systems.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
CUSTOM-MFA-001 |
Users Found in Azure AD Roles
Privileged roles and users that have administrative rights in Microsoft 365 should be reviewed periodically to ensure best practice and validation of the assigned permissions.
|
1
|
|
M
2-4 hrs
|
Why This Matters
Identity is the new security perimeter. Compromised credentials are involved in 80% of breaches - weak identity controls give attackers legitimate access to your systems.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
AZURE-206 |
SubscriptionState Unhealthy State Detected
Property 'SubscriptionState' is in unhealthy state: Unknown. This may indicate provisioning failure, compliance violation, or disabled security control.
|
1
|
Azure.App |
M
2-4 hrs
|
Why This Matters
This security finding indicates a gap in your security posture. Unaddressed security gaps accumulate risk and increase the likelihood of a successful attack.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Investigation Required: This finding needs human review to determine the appropriate action.
Recommended Action: Security team should review the affected items and determine if they are legitimate or require remediation.
Compliance Impact: This finding affects: ISO27001, NIST, GDPR, FedRAMP
Technical Remediation:
Review property 'SubscriptionState' in Azure.App module. Investigate the root cause of unhealthy state. Check provisioning logs, compliance policies, or enable disabled controls.
|
| Medium |
AZURE-163 |
SubscriptionState Unhealthy State Detected
Property 'SubscriptionState' is in unhealthy state: Unknown. This may indicate provisioning failure, compliance violation, or disabled security control.
|
1
|
Azure.Fabric |
M
2-4 hrs
|
Why This Matters
This security finding indicates a gap in your security posture. Unaddressed security gaps accumulate risk and increase the likelihood of a successful attack.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Investigation Required: This finding needs human review to determine the appropriate action.
Recommended Action: Security team should review the affected items and determine if they are legitimate or require remediation.
Compliance Impact: This finding affects: ISO27001, NIST, GDPR, FedRAMP
Technical Remediation:
Review property 'SubscriptionState' in Azure.Fabric module. Investigate the root cause of unhealthy state. Check provisioning logs, compliance policies, or enable disabled controls.
|
| Medium |
AZURE-138 |
SubscriptionState Unhealthy State Detected
Property 'SubscriptionState' is in unhealthy state: Unknown. This may indicate provisioning failure, compliance violation, or disabled security control.
|
1
|
Azure.ContainerRegistry |
M
2-4 hrs
|
Why This Matters
This security finding indicates a gap in your security posture. Unaddressed security gaps accumulate risk and increase the likelihood of a successful attack.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Investigation Required: This finding needs human review to determine the appropriate action.
Recommended Action: Security team should review the affected items and determine if they are legitimate or require remediation.
Compliance Impact: This finding affects: ISO27001, NIST, GDPR, FedRAMP
Technical Remediation:
Review property 'SubscriptionState' in Azure.ContainerRegistry module. Investigate the root cause of unhealthy state. Check provisioning logs, compliance policies, or enable disabled controls.
|
| Medium |
SPO-043 |
SharePoint: External Sharing Too Permissive
SharePoint allows 'Anyone' links (anonymous sharing). Files accessible without authentication.
|
1
|
PnP.PowerShell |
M
2-4 hrs
|
Why This Matters
A critical security feature has been turned off, leaving your organization exposed. Security features exist for a reason - disabling them creates exploitable gaps that attackers actively look for.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: SOC2, NIST, HIPAA, ISO27001, GDPR, FedRAMP, HITRUST, PCI-DSS
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SPO-044 |
SharePoint: OneDrive Sync from Unmanaged Devices
OneDrive sync allowed from unmanaged devices. Corporate data can sync to personal computers.
|
1
|
PnP.PowerShell |
M
2-4 hrs
|
Why This Matters
A critical security feature has been turned off, leaving your organization exposed. Security features exist for a reason - disabling them creates exploitable gaps that attackers actively look for.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: SOC2, NIST, HIPAA, ISO27001, GDPR, FedRAMP, HITRUST
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SPO-099 |
SharePoint: Access Requests Enabled
Users can request access to sites. Potential for unauthorized access via social engineering.
|
1
|
PnP.PowerShell |
M
2-4 hrs
|
Why This Matters
A critical security feature has been turned off, leaving your organization exposed. Security features exist for a reason - disabling them creates exploitable gaps that attackers actively look for.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST, ISO27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
CUSTOM-MFA-011 |
Directory Synchronization Service Account Found
Directory synchronization allows you to manage identities in your Active Directory Domain Services (AD DS) and all updates to user accounts, groups, and contacts are synchronized to the Azure Active Directory (Azure AD) tenant of your Microsoft 365 subscription.
|
1
|
|
M
2-4 hrs
|
Why This Matters
Identity is the new security perimeter. Compromised credentials are involved in 80% of breaches - weak identity controls give attackers legitimate access to your systems.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
MANUAL-039 |
OneDrive Sharing Links with Excessive Permissions
Reports on OneDrive sharing links that grant edit permissions externally
|
1
|
|
M
2-4 hrs
|
Why This Matters
Sensitive data (customer info, financials, IP) could be leaked or stolen. Data breaches result in regulatory fines, lawsuits, and irreparable reputation damage.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
MANUAL-040 |
Ensure enabling of external data sharing is restricted
Verifies that enabling of external data sharing is restricted
|
1
|
|
M
2-4 hrs
|
Why This Matters
This security finding indicates a gap in your security posture. Unaddressed security gaps accumulate risk and increase the likelihood of a successful attack.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CIS M365
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
MANUAL-042 |
Ensure the customer lockbox feature is enabled
Verifies that the customer lockbox feature is enabled
|
1
|
|
M
2-4 hrs
|
Why This Matters
This security finding indicates a gap in your security posture. Unaddressed security gaps accumulate risk and increase the likelihood of a successful attack.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CIS M365
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
MANUAL-080 |
Desktop SSO (Seamless SSO) Enabled Without Adequate Monitoring
Desktop SSO (Seamless Single Sign-On / Seamless SSO) is enabled for the tenant. While this improves user experience, it creates a Kerberos-based attack surface where attackers with on-premises access can potentially authenticate to cloud resources. If the AZUREADSSOACC computer account is compromised, attackers can forge Kerberos tickets for cloud authentication.
|
1
|
|
M
2-4 hrs
|
Why This Matters
This security finding indicates a gap in your security posture. Unaddressed security gaps accumulate risk and increase the likelihood of a successful attack.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: Federation Security, NIST 800-63B, Identity Security
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
MANUAL-079 |
Ensure shareable links are restricted
Verifies that shareable links are restricted
|
1
|
|
M
2-4 hrs
|
Why This Matters
This security finding indicates a gap in your security posture. Unaddressed security gaps accumulate risk and increase the likelihood of a successful attack.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CIS M365
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
MANUAL-078 |
Ensure that Sways cannot be shared with people outside of your organization
Verifies that sways cannot be shared with people outside of your organization
|
1
|
|
M
2-4 hrs
|
Why This Matters
This security finding indicates a gap in your security posture. Unaddressed security gaps accumulate risk and increase the likelihood of a successful attack.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CIS M365
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
MANUAL-077 |
Ensure Priority accounts have
Verifies that priority accounts have
|
1
|
|
M
2-4 hrs
|
Why This Matters
This security finding indicates a gap in your security posture. Unaddressed security gaps accumulate risk and increase the likelihood of a successful attack.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CIS M365
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
MANUAL-076 |
Ensure Office 365 SharePoint infected files are disallowed for download
Verifies that office 365 sharepoint infected files are disallowed for download
|
1
|
|
M
2-4 hrs
|
Why This Matters
This security finding indicates a gap in your security posture. Unaddressed security gaps accumulate risk and increase the likelihood of a successful attack.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CIS M365
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
MANUAL-075 |
Ensure custom script execution is restricted on personal sites
Verifies that custom script execution is restricted on personal sites
|
1
|
|
M
2-4 hrs
|
Why This Matters
This security finding indicates a gap in your security posture. Unaddressed security gaps accumulate risk and increase the likelihood of a successful attack.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CIS M365
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
MANUAL-074 |
Ensure the self-service password reset activity report is reviewed at least weekly
Verifies that the self-service password reset activity report is reviewed at least weekly
|
1
|
|
M
2-4 hrs
|
Why This Matters
This security finding indicates a gap in your security posture. Unaddressed security gaps accumulate risk and increase the likelihood of a successful attack.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CIS M365
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-008 |
CIS.M365.1.2.1: Ensure that only organizationally managed/approved public groups exist
Ensure that only organizationally managed and approved public groups exist
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CIS M365
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
MANUAL-072 |
Ensure custom banned passwords lists are used
Verifies that custom banned passwords lists are used
|
1
|
|
M
2-4 hrs
|
Why This Matters
This security finding indicates a gap in your security posture. Unaddressed security gaps accumulate risk and increase the likelihood of a successful attack.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CIS M365
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
MANUAL-071 |
Ensure SharePoint external sharing is managed through domain whitelist/blacklists
Verifies that sharepoint external sharing is managed through domain whitelist/blacklists
|
1
|
|
M
2-4 hrs
|
Why This Matters
This security finding indicates a gap in your security posture. Unaddressed security gaps accumulate risk and increase the likelihood of a successful attack.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CIS M365
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
MANUAL-070 |
Ensure SharePoint and OneDrive integration with Azure AD B2B is enabled
Verifies that sharepoint and onedrive integration with azure ad b2b is enabled
|
1
|
|
M
2-4 hrs
|
Why This Matters
This security finding indicates a gap in your security posture. Unaddressed security gaps accumulate risk and increase the likelihood of a successful attack.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CIS M365
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
MANUAL-069 |
Ensure reauthentication with verification code is restricted
Verifies that reauthentication with verification code is restricted
|
1
|
|
M
2-4 hrs
|
Why This Matters
This security finding indicates a gap in your security posture. Unaddressed security gaps accumulate risk and increase the likelihood of a successful attack.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CIS M365
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
MANUAL-068 |
Ensure link sharing is restricted in SharePoint and OneDrive
Verifies that link sharing is restricted in sharepoint and onedrive
|
1
|
|
M
2-4 hrs
|
Why This Matters
This security finding indicates a gap in your security posture. Unaddressed security gaps accumulate risk and increase the likelihood of a successful attack.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CIS M365
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
MANUAL-067 |
Ensure only organizers and co-organizers can present
Verifies that only organizers and co-organizers can present
|
1
|
|
M
2-4 hrs
|
Why This Matters
Collaboration tools contain sensitive conversations and documents. Weak security enables data leaks and unauthorized access to confidential information.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CIS M365
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
MANUAL-066 |
Ensure meeting chat does not allow anonymous users
Verifies that meeting chat does not allow anonymous users
|
1
|
|
M
2-4 hrs
|
Why This Matters
Collaboration tools contain sensitive conversations and documents. Weak security enables data leaks and unauthorized access to confidential information.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CIS M365
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
MANUAL-065 |
Ensure SharePoint Online Information Protection policies are set up and used
Verifies that sharepoint online information protection policies are set up and used
|
1
|
|
M
2-4 hrs
|
Why This Matters
This security finding indicates a gap in your security posture. Unaddressed security gaps accumulate risk and increase the likelihood of a successful attack.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CIS M365
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
MANUAL-064 |
Ensure user consent to apps accessing company data on their behalf is not allowed
Verifies that user consent to apps accessing company data on their behalf is not allowed
|
1
|
|
M
2-4 hrs
|
Why This Matters
Identity is the new security perimeter. Compromised credentials are involved in 80% of breaches - weak identity controls give attackers legitimate access to your systems.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CIS M365
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
MANUAL-063 |
Ensure the option to remain signed in is hidden
Verifies that the option to remain signed in is hidden
|
1
|
|
M
2-4 hrs
|
Why This Matters
Identity is the new security perimeter. Compromised credentials are involved in 80% of breaches - weak identity controls give attackers legitimate access to your systems.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CIS M365
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
MANUAL-061 |
Ensure that collaboration invitations are sent to allowed domains only
Verifies that collaboration invitations are sent to allowed domains only
|
1
|
|
M
2-4 hrs
|
Why This Matters
Identity is the new security perimeter. Compromised credentials are involved in 80% of breaches - weak identity controls give attackers legitimate access to your systems.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CIS M365
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
MANUAL-057 |
Ensure the Account Provisioning Activity report is reviewed at least weekly
Verifies that the account provisioning activity report is reviewed at least weekly
|
1
|
|
M
2-4 hrs
|
Why This Matters
Without proper audit logging, you cannot detect breaches, investigate incidents, or prove compliance. Attackers specifically target logging to hide their activities.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CIS M365
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
MANUAL-045 |
Ensure only people in my org can bypass the lobby
Verifies that only people in my org can bypass the lobby
|
1
|
|
M
2-4 hrs
|
Why This Matters
Collaboration tools contain sensitive conversations and documents. Weak security enables data leaks and unauthorized access to confidential information.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CIS M365
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
MANUAL-083 |
User Enumeration Vulnerability Exposed via Authentication Endpoints
Tenant allows user enumeration via public authentication endpoints. Attackers can use the Get-CredentialType or login endpoints to determine if specific email addresses are valid user accounts in the tenant (IfExistsResult = 0 or 6). This information aids in targeted phishing campaigns, password spray attacks, and reconnaissance.
|
1
|
|
M
2-4 hrs
|
Why This Matters
This security finding indicates a gap in your security posture. Unaddressed security gaps accumulate risk and increase the likelihood of a successful attack.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: Attack Surface Management, Identity Security
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-009 |
CIS.M365.8.2.2: Ensure communication with unmanaged Teams users is disabled
Communication with unmanaged Teams users is disabled
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CIS M365
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SCUBA-EID-011 |
Checks to ensure a managed device is required to perform MFA registration
CISA federal baseline requirement: Checks to ensure a managed device is required to perform MFA registration
|
1
|
|
M
2-4 hrs
|
Why This Matters
Azure/Entra ID is your identity foundation. Misconfigurations here affect every user and application in your organization.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA Baseline, Federal Security Baseline, FedRAMP
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-011 |
CIS.M365.1.1.3: Ensure that between two and four global admins are designated
A minimum of two users and a maximum of four users SHALL be provisioned with the Global Administrator role
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CIS M365
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-108 |
ORCA.106: Quarantine retention period is 30 days.
Generated on 08/10/2025 15:41:31 by
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: ORCA
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-107 |
ORCA.104: High Confidence Phish action set to Quarantine message.
Generated on 08/10/2025 15:41:31 by
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: ORCA
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-104 |
ORCA.101: Bulk is marked as spam.
Generated on 08/10/2025 15:41:31 by
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: ORCA
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-103 |
ORCA.100: Bulk Complaint Level threshold is between 4 and 6.
Generated on 08/10/2025 15:41:31 by
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: ORCA
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-102 |
MT.1064: Ensure that write permissions are required to create new management groups
By default, all users can create management groups in Azure. This should be restricted to prevent unauthorized hierarchy changes.
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: Maester
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-101 |
MT.1053: Ensure Intune device clean-up rule is configured
Intune should automatically clean up stale device records to maintain accurate inventory and reduce license waste.
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: Maester
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-100 |
MT.1054: Ensure built-in Device Compliance Policy marks devices with no compliance policy assigned as 'Not compliant'
Devices without assigned compliance policies should default to non-compliant status to enforce security baselines.
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: Maester
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-099 |
MT.1096: Ensure at least one Intune Multi Admin Approval policy is configured
Multi-admin approval for Intune policy changes provides an additional security control for high-risk operations.
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: Maester
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-098 |
MT.1099: Windows Diagnostic Data Processing should be enabled
Windows diagnostic data should be processed to enable Windows Update for Business reports and Endpoint Analytics.
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: Maester
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-096 |
MT.1101: Default Branding Profile should be customized
The default organizational branding should be customized to provide a professional appearance and reduce phishing risk.
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: Maester
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-095 |
MT.1102: Windows Feature Update Policy Settings should not reference end of support builds
Ensures that Intune Windows Update policies do not target Windows builds that are end-of-life or near end-of-support.
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: Maester
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-094 |
MT.1103: Ensure Intune RBAC groups are protected by Restricted Management Administrative Units or Role Assignable groups
Intune RBAC groups should be protected to prevent unauthorized membership changes that could lead to privilege escalation.
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: Maester
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-093 |
MT.1105: Ensure MDM Authority is set to Intune
The Mobile Device Management authority should be set to Microsoft Intune for cloud-based device management.
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: Maester
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-092 |
MT.1055: Microsoft 365 Group (and Team) creation should be restricted to approved users
By default, all users can create Microsoft 365 Groups. This should be restricted to prevent sprawl and maintain governance.
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: Maester
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-091 |
MT.1062: Ensure Direct Send is set to be rejected
Direct Send allows applications to send email without authentication. This should be restricted to prevent email spoofing.
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: Maester
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-090 |
MT.1043: Ensure Spam Confidence Level (SCL) is configured in mail transport rules with specific domains
SCL should not be set to -1 (bypass spam filtering) for specific domains, as this creates a security bypass.
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: Maester
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-089 |
MT.1041: Ensure users installing Outlook add-ins is not allowed
Prevents users from installing potentially malicious Outlook add-ins that could compromise mailbox security.
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: Maester
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-088 |
MT.1076: MOERA (Microsoft Online Email Routing Address) SHOULD NOT be used for sent mail
The .onmicrosoft.com address (MOERA) should not be used as the primary sending domain. Organizations should use custom domains.
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: Maester
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-087 |
MT.1074: Ensure no more than 100 outbound mails per day are sent using the .onmicrosoft.com domain
Restricts usage of the default .onmicrosoft.com domain for outbound mail to prevent it being used for spam or phishing.
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: Maester
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-010 |
CIS.M365.2.1.13: Ensure the connection filter safe list is off (Only Checks Default Policy)
The connection filter should not have the safe list enabled
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CIS M365
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-085 |
MT.1040: Ensure additional storage providers are restricted in Outlook on the web
Third-party storage providers in OWA can lead to data exfiltration. Verify they are disabled or restricted.
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: Maester
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-084 |
MT.1039: Ensure MailTips are enabled for end users
MailTips provide warnings to users before sending email (large distribution lists, external recipients, etc.). This enhances security awareness.
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: Maester
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-083 |
MT.1084: Microsoft Entra seamless single sign-on should be disabled for all domains in EntraID Connect servers
Seamless SSO can be exploited if on-premises infrastructure is compromised. This checks if Seamless SSO is disabled for security hardening.
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: Maester
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-082 |
MT.1070: Restrict device join to selected users/groups or none
Ensures that Entra ID device join is restricted to specific users or groups, not allowed for all users by default.
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: Maester
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-081 |
MT.1091: Registering user should not be added as local administrator on the device during Microsoft Entra join
Verifies that users joining devices to Entra ID are not automatically granted local administrator rights on those devices.
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: Maester
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-080 |
CISA.MS.AAD.3.5: The authentication methods SMS, Voice Call, and Email One-Time Passcode (OTP) SHALL be disabled.
The authentication methods SMS, Voice Call, and Email One-Time Passcode (OTP) SHALL be disabled
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-079 |
CISA.MS.AAD.7.5: Provisioning users to highly privileged roles SHALL NOT occur outside of a PAM system.
Provisioning users to highly privileged roles SHALL NOT occur outside of a PAM system
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-078 |
CIS.M365.2.1.11: Ensure comprehensive attachment filtering is applied
The common attachment types filter should be comprehensive
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CIS M365
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-077 |
CISA.MS.SHAREPOINT.1.3: External sharing SHALL be restricted to approved external domains and/or users in approved security groups per interagency collaboration needs.
External sharing SHALL be restricted to approved external domains and/or users in approved security groups per interagency collaboration needs
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-109 |
ORCA.107: End-user spam notification is enabled.
Generated on 08/10/2025 15:41:31 by
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: ORCA
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-110 |
ORCA.108.1: DNS Records have been set up to support DKIM.
Generated on 08/10/2025 15:41:31 by
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: ORCA
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-111 |
ORCA.108: DKIM signing is set up for all your custom domains.
Generated on 08/10/2025 15:41:31 by
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: ORCA
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-113 |
ORCA.110: Internal Sender notifications are disabled.
Generated on 08/10/2025 15:41:31 by
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: ORCA
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-149 |
MT1060.<_.Name>.1: Drift baseline in '<_.Name>' is valid JSON
MT1060.<_.Name>.1: Drift baseline in '<_.Name>' is valid JSON
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: Maester
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-148 |
MT1060.<_.Name>.3: Drift current in '<_.Name>' has no missing properties
MT1060.<_.Name>.3: Drift current in '<_.Name>' has no missing properties
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: Maester
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-147 |
MT1060.<_.Name>.4: Drift all values in '<_.Name>' match
MT1060.<_.Name>.4: Drift all values in '<_.Name>' match
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: Maester
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-146 |
MT.1037: Only users with Presenter role are allowed to present in Teams meetings
Restricting who can present limits meeting disruptions and reduces the risk of unwanted or inappropriate content being shared
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: Maester
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-145 |
MT.1045: Only invited users should be automatically admitted to Teams meetings
Restricting who can present limits meeting disruptions and reduces the risk of unwanted or inappropriate content being shared
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: Maester
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-144 |
MT.1047: Restrict anonymous users from starting Teams meetings
Restricting who can present limits meeting disruptions and reduces the risk of unwanted or inappropriate content being shared
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: Maester
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-143 |
MT.1048: Limit external participants from having control in a Teams meeting
Restricting who can present limits meeting disruptions and reduces the risk of unwanted or inappropriate content being shared
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: Maester
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-142 |
MT.1042: Restrict dial-in users from bypassing a meeting lobby
Restricting who can present limits meeting disruptions and reduces the risk of unwanted or inappropriate content being shared
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: Maester
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-141 |
MT.1068: Restrict non-admin users from creating tenants.
This function checks if the Entra ID tenant creation is restricted to admin users by querying the authorization policy settings
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: Maester
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-140 |
MT.1030: Eligible role assignments on Control Plane are in use by administrators
Eligible (PIM) role assignments should be actively used. Unused eligible assignments should be removed to reduce attack surface.
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: Maester
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-139 |
MT.1029: Stale accounts are not assigned to privileged roles
Accounts that have not signed in recently should not hold privileged role assignments, as they may be abandoned or compromised.
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: Maester
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-138 |
MT.1028: No user with mailbox and permanent role assignment on Control Plane
Users with privileged role assignments should not have mailboxes (use cloud-only admin accounts instead) to reduce compromise risk.
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: Maester
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-137 |
ORCA.244: Policies are configured to honor sending domains DMARC.
Generated on 08/10/2025 15:41:32 by
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: ORCA
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-136 |
ORCA.243: Authenticated Receive Chain is set up for domains not pointing to EOP/MDO, or all domains point to EOP/MDO.
Generated on 08/10/2025 15:41:32 by
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: ORCA
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-076 |
CISA.MS.SHAREPOINT.1.1: External sharing for SharePoint SHALL be limited to Existing guests or Only People in your organization.
External sharing for SharePoint SHALL be limited to Existing guests or Only People in your organization
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-135 |
ORCA.242: Important protection alerts responsible for AIR activities are enabled.
Generated on 08/10/2025 15:41:32 by
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: ORCA
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-132 |
ORCA.234: Click through is disabled for Safe Documents.
Generated on 08/10/2025 15:41:32 by
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: ORCA
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-131 |
ORCA.233.1: Domains are pointed directly at EOP or enhanced filtering is configured on all default connectors.
Generated on 08/10/2025 15:41:32 by
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: ORCA
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-130 |
ORCA.230: Each domain has a Anti-phishing policy applied to it, or the default policy is being used.
Generated on 08/10/2025 15:41:32 by
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: ORCA
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-129 |
ORCA.228: No trusted senders in Anti-phishing policy.
Generated on 08/10/2025 15:41:32 by
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: ORCA
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-127 |
ORCA.225: Safe Documents is enabled for Office clients.
Generated on 08/10/2025 15:41:32 by
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: ORCA
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-126 |
ORCA.222: Domain Impersonation action is set to move to Quarantine.
Generated on 08/10/2025 15:41:32 by
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: ORCA
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-125 |
ORCA.220: Advanced Phish filter Threshold level is adequate.
Generated on 08/10/2025 15:41:32 by
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: ORCA
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-121 |
ORCA.120.1: Zero Hour Autopurge Enabled for Phish.
ORCA.120.1: Zero Hour Autopurge Enabled for Phish.
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: ORCA
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-120 |
ORCA.119: Similar Domains Safety Tips is enabled.
Generated on 08/10/2025 15:41:31 by
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: ORCA
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-119 |
ORCA.116: Mailbox intelligence based impersonation protection action set to move message to junk mail folder.
Generated on 08/10/2025 15:41:31 by
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: ORCA
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-118 |
ORCA.115: Mailbox intelligence based impersonation protection is enabled in anti-phishing policies.
Generated on 08/10/2025 15:41:31 by
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: ORCA
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-117 |
ORCA.114: No IP Allow Lists have been configured.
Generated on 08/10/2025 15:41:31 by
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: ORCA
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-115 |
ORCA.112: Anti-spoofing protection action is configured to Move message to the recipients' Junk Email folders in Anti-phishing policy.
Generated on 08/10/2025 15:41:31 by
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: ORCA
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-114 |
ORCA.111: Anti-phishing policy exists and EnableUnauthenticatedSender is true.
Generated on 08/10/2025 15:41:31 by
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: ORCA
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-134 |
ORCA.240: Outlook is configured to display external tags for external emails.
Generated on 08/10/2025 15:41:32 by
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: ORCA
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-075 |
CISA.MS.EXO.2.1: A list of approved IP addresses for sending mail SHALL be maintained.
A list of approved IP addresses for sending mail SHALL be maintained
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-086 |
MT.1083: Ensure Delicensing Resiliency is enabled
Delicensing resiliency prevents mailbox deactivation when licenses are removed, providing a grace period for license recovery.
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: Maester
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-133 |
ORCA.239: No exclusions for the built-in protection policies.
Generated on 08/10/2025 15:41:32 by
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: ORCA
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-047 |
CISA.MS.EXO.4.3: The DMARC point of contact for aggregate reports SHALL include [email protected]. The DMARC point of contact for aggregate reports SHALL include reports@dmarc
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-046 |
CISA.MS.EXO.8.2: The DLP solution SHALL protect personally identifiable information (PII) and sensitive information, as defined by the agency.
The DLP solution SHALL protect personally identifiable information (PII) and sensitive information, as defined by the agency
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-045 |
CISA.MS.EXO.8.4: At a minimum, the DLP solution SHALL restrict sharing credit card numbers, U.S. Individual Taxpayer Identification Numbers (ITIN), and U.S. Social Security numbers (SSN) via email.
At a minimum, the DLP solution SHALL restrict sharing credit card numbers, U
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-022 |
CISA.MS.EXO.12.1: IP allow lists SHOULD NOT be created.
IP allow lists SHOULD NOT be created
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-023 |
CISA.MS.EXO.12.2: Safe lists SHOULD NOT be enabled.
Safe lists SHOULD NOT be enabled
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-024 |
CISA.MS.AAD.5.3: An admin consent workflow SHALL be configured for applications.
An admin consent workflow SHALL be configured for applications
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-025 |
CISA.MS.AAD.5.2: Only administrators SHALL be allowed to consent to applications.
Only administrators SHALL be allowed to consent to applications
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-026 |
CISA.MS.AAD.5.1: Only administrators SHALL be allowed to register applications.
Only administrators SHALL be allowed to register applications
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-027 |
CISA.MS.AAD.7.4: Permanent active role assignments SHALL NOT be allowed for highly privileged roles.
Permanent active role assignments SHALL NOT be allowed for highly privileged roles
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-028 |
CISA.MS.EXO.9.3: Disallowed file types SHALL be determined and enforced.
Emails SHALL be filtered by attachment file types
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-042 |
CISA.MS.AAD.4.1: Security logs SHALL be sent to the agency's security operations center for monitoring.
Security logs SHALL be sent to the agency's security operations center for monitoring
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-029 |
CISA.MS.EXO.9.2: The attachment filter SHOULD attempt to determine the true file type and assess the file extension.
Emails SHALL be filtered by attachment file types
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-031 |
CISA.MS.EXO.10.1: Emails SHALL be scanned for malware.
Emails SHALL be filtered by attachment file types
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-032 |
CISA.MS.EXO.17.1: Microsoft Purview Audit (Standard) logging SHALL be enabled.
Microsoft Purview Audit (Standard) logging SHALL be enabled
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-033 |
CISA.MS.EXO.17.3: Audit logs SHALL be maintained for at least the minimum duration dictated by OMB M-21-31 (Appendix C).
Audit logs SHALL be maintained for at least the minimum duration dictated by OMB M-21-31 (Appendix C)
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-074 |
CISA.MS.EXO.2.2: An SPF policy SHALL be published for each domain, designating only these addresses as approved senders.
An SPF policy SHALL be published for each domain, designating only these addresses as approved senders
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-034 |
CISA.MS.AAD.3.3: If Microsoft Authenticator is enabled, it SHALL be configured to show login context information.
If Microsoft Authenticator is enabled, it SHALL be configured to show login context information
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-035 |
CISA.MS.EXO.1.1: Automatic forwarding to external domains SHALL be disabled.
Automatic forwarding to external domains SHALL be disabled
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-036 |
CISA.MS.EXO.9.5: At a minimum, click-to-run files SHOULD be blocked (e.g., .exe, .cmd, and .vbe).
Emails SHALL be filtered by attachment file types
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-043 |
CISA.MS.EXO.8.1: A DLP solution SHALL be used.
A DLP solution SHALL be used
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-039 |
CISA.MS.EXO.6.2: Calendar details SHALL NOT be shared with all domains.
Calendar details SHALL NOT be shared with all domains
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-040 |
CISA.MS.AAD.7.3: Privileged users SHALL be provisioned cloud-only accounts separate from an on-premises directory or other federated identity providers.
Privileged users SHALL be provisioned cloud-only accounts separate from an on-premises directory or other federated identity providers
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-030 |
CISA.MS.EXO.9.1: Emails SHALL be filtered by attachment file types.
Emails SHALL be filtered by attachment file types
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-021 |
CISA.MS.AAD.7.8: User activation of the Global Administrator role SHALL trigger an alert.
User activation of the Global Administrator role SHALL trigger an alert
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-048 |
CISA.MS.EXO.4.1: A DMARC policy SHALL be published for every second-level domain.
A DMARC policy SHALL be published for every second-level domain
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-049 |
CISA.MS.EXO.4.2: The DMARC message rejection option SHALL be p=reject.
The DMARC message rejection option SHALL be p=reject
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-071 |
CISA.MS.EXO.14.2: Spam and high confidence spam SHALL be moved to either the junk email folder or the quarantine folder.
Spam and high confidence spam SHALL be moved to either the junk email folder or the quarantine folder
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-070 |
CISA.MS.EXO.5.1: SMTP AUTH SHALL be disabled.
SMTP authentication SHALL be disabled
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-069 |
CISA.MS.EXO.15.2: Direct download links SHOULD be scanned for malware.
Direct download links SHOULD be scanned for malware
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-064 |
CISA.MS.AAD.2.2: A notification SHOULD be sent to the administrator when high-risk users are detected.
A notification SHOULD be sent to the administrator when high-risk users are detected
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-063 |
CISA.MS.AAD.3.2: If phishing-resistant MFA has not been enforced, an alternative MFA method SHALL be enforced for all users.
If phishing-resistant MFA has not been enforced, an alternative MFA method SHALL be enforced for all users
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-062 |
CISA.MS.AAD.3.4: The Authentication Methods Manage Migration feature SHALL be set to Migration Complete.
The Authentication Methods Manage Migration feature SHALL be set to Migration Complete
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-016 |
CIS.M365.1.2.2: Ensure sign-in to shared mailboxes is blocked
Ensure Sign ins are blocked for shared mailboxes
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CIS M365
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-061 |
CISA.MS.AAD.3.7: Managed devices SHOULD be required for authentication.
Managed devices SHOULD be required for authentication
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-060 |
CISA.MS.EXO.10.3: Email scanning SHALL be capable of reviewing emails after delivery.
Email scanning SHALL be capable of reviewing emails after delivery
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-020 |
CISA.MS.AAD.7.9: User activation of other highly privileged roles SHOULD trigger an alert.
User activation of the Global Administrator role SHALL trigger an alert
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-017 |
CIS.M365.8.6.1: Ensure users can report security concerns in Teams to internal destination
Report security concerns in Teams only to internal destination
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CIS M365
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-059 |
CISA.MS.EXO.10.2: Emails identified as containing malware SHALL be quarantined or dropped.
Emails identified as containing malware SHALL be quarantined or dropped
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-057 |
CISA.MS.EXO.11.2: User warnings, comparable to the user safety tips included with EOP, SHOULD be displayed.
Impersonation protection checks SHOULD be used
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-056 |
CISA.MS.EXO.11.1: Impersonation protection checks SHOULD be used.
Impersonation protection checks SHOULD be used
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-055 |
CISA.MS.AAD.8.1: Guest users SHOULD have limited or restricted access to Entra ID directory objects.
Guest users SHOULD have limited or restricted access to Azure AD directory objects
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-018 |
CIS.M365.8.4.1: Ensure all or a majority of third-party and custom apps are blocked
Ensure all or a majority of third-party and custom apps are blocked
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CIS M365
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-054 |
CISA.MS.AAD.8.2: Only users with the Guest Inviter role SHOULD be able to invite guest users.
Only users with the Guest Inviter role SHOULD be able to invite guest users
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-053 |
CISA.MS.AAD.7.1: A minimum of two users and a maximum of eight users SHALL be provisioned with the Global Administrator role.
A minimum of two users and a maximum of eight users SHALL be provisioned with the Global Administrator role
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-052 |
CISA.MS.EXO.7.1: External sender warnings SHALL be implemented.
External sender warnings SHALL be implemented
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-051 |
CISA.MS.EXO.16.2: Alerts SHOULD be sent to a monitored address or incorporated into a security information and event management (SIEM) system.
Alerts SHOULD be sent to a monitored address or incorporated into a security information and event management (SIEM) system
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-050 |
CISA.MS.EXO.9.4: Alternatively chosen filtering solutions SHOULD offer services comparable to Microsoft Defender's Common Attachment Filter.
Alternatively chosen filtering solutions SHOULD offer services comparable to Microsoft Defender's Common Attachment Filter
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-058 |
CISA.MS.EXO.11.3: The phishing protection solution SHOULD include an AI-based phishing detection tool comparable to EOP Mailbox Intelligence.
The phishing protection solution SHOULD include an AI-based phishing detection tool comparable to EOP Mailbox Intelligence
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Medium |
SECCONFIG-041 |
CISA.MS.AAD.8.3: Guest invites SHOULD only be allowed to specific external domains that have been authorized by the agency for legitimate business purposes.
Guest invites SHOULD only be allowed to specific external domains that have been authorized by the agency for legitimate business purposes
|
1
|
|
M
2-4 hrs
|
Why This Matters
Security settings are not optimally configured. Misconfigurations are the #1 cause of cloud breaches - attackers use automated tools to find and exploit them.
What Is The Risk
MODERATE RISK: While not immediately critical, this issue creates opportunities for attackers and increases compliance risk. Expected impact: $50K-$500K in potential losses if exploited, plus remediation costs.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Low |
DEVICE-APP-001 |
Applications Missing Publisher Information
Applications detected on devices are missing publisher information, making it difficult to assess trustworthiness.
|
2,133
|
MicrosoftGraphDeviceManagement |
L
4-8 hrs
|
Why This Matters
Applications with excessive permissions can access and exfiltrate data. Malicious or compromised apps are a growing attack vector.
What Is The Risk
ELEVATED RISK: This represents a security best practice violation. While not an immediate threat, it contributes to overall security debt and may be exploited in combination with other vulnerabilities.
What To Do
Investigation Required: This finding needs human review to determine the appropriate action.
Recommended Action: Security team should review the affected items and determine if they are legitimate or require remediation.
Compliance Impact: This finding affects: NIST, CIS
Technical Remediation:
Review applications without publisher information. Consider blocking unknown applications through app protection policies.
|
| Low |
MGU-107 |
User Account: Never Signed In (Provisioned >30 Days Ago)
Account created over 30 days ago but never used, indicating potential orphaned provisioning or abandoned account creation
|
2,049
|
MicrosoftGraphUsers |
L
4-8 hrs
|
Why This Matters
Identity is the new security perimeter. Compromised credentials are involved in 80% of breaches - weak identity controls give attackers legitimate access to your systems.
What Is The Risk
ELEVATED RISK: This represents a security best practice violation. While not an immediate threat, it contributes to overall security debt and may be exploited in combination with other vulnerabilities.
What To Do
Investigation Required: This finding needs human review to determine the appropriate action.
Recommended Action: Security team should review the affected items and determine if they are legitimate or require remediation.
Compliance Impact: This finding affects: CIS M365, NIST 800-53, ISO27001, SOC2
Technical Remediation:
Review and remove unused account: Remove-MgUser -UserId '<UserId>' -Confirm:$false
|
| Low |
EXO-073 |
Shared Mailbox Has Licensed User
Shared mailbox has assigned license. This wastes licensing costs.
|
499
|
ExchangeOnline |
M
2-4 hrs
|
Why This Matters
A critical security feature has been turned off, leaving your organization exposed. Security features exist for a reason - disabling them creates exploitable gaps that attackers actively look for.
What Is The Risk
ELEVATED RISK: This represents a security best practice violation. While not an immediate threat, it contributes to overall security debt and may be exploited in combination with other vulnerabilities.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Low |
EXO-008 |
Mailbox Retention Strategy Review
Mailbox does not have litigation hold enabled. NOTE: Litigation hold is NOT recommended for most organizations as it burns expensive licenses.
BEST PRACTICES by organization size:
- LARGE ORGS: Use in-place hold eDiscovery searches (no license cost, time-limited retention)
- SMALL ORGS: Convert departed user mailboxes to shared mailboxes (no license cost)
- LITIGATION HOLD: Only use for active legal matters on specific mailboxes (expensive - keeps license active)
This finding is INFORMATIONAL only - review your retention strategy.
|
492
|
ExchangeOnline |
L
4-8 hrs
|
Why This Matters
Compliance failures result in regulatory fines (up to 4% of global revenue for GDPR), audit failures, and loss of customer trust and business opportunities.
What Is The Risk
ELEVATED RISK: This represents a security best practice violation. While not an immediate threat, it contributes to overall security debt and may be exploited in combination with other vulnerabilities.
What To Do
Investigation Required: This finding needs human review to determine the appropriate action.
Recommended Action: Security team should review the affected items and determine if they are legitimate or require remediation.
Compliance Impact: This finding affects: ISO27001, NIST, CIS, SOC2, FedRAMP, HITRUST
Technical Remediation:
REVIEW YOUR RETENTION STRATEGY - DO NOT blindly enable litigation hold!
Option 1 (RECOMMENDED - Large Orgs): In-place Hold via eDiscovery
1. Create eDiscovery case in Compliance Center
2. Add mailbox to permanent in-place hold search
3. Set retention period (e.g., 7 years)
4. No license cost, can release after retention period
Option 2 (RECOMMENDED - Small Orgs): Convert to Shared Mailbox
Convert-Mailbox -Identity '<UserPrincipalName>' -Shared
Set-Mailbox -Identity '<UserPrincipalName>' -HiddenFromAddressListsEnabled $true
No license cost, preserves emails indefinitely
Option 3 (NOT RECOMMENDED): Litigation Hold
Set-Mailbox -Identity '<UserPrincipalName>' -LitigationHoldEnabled $true
WARNING: This KEEPS THE LICENSE ACTIVE = ongoing cost!
Only use for active legal matters on specific mailboxes
|
| Low |
EXO-010 |
Archive Mailbox Not Enabled
Archive mailbox is not enabled. Primary mailbox may exceed quota, causing email delivery failures.
|
483
|
ExchangeOnline |
S
1-2 hrs
|
Why This Matters
This security finding indicates a gap in your security posture. Unaddressed security gaps accumulate risk and increase the likelihood of a successful attack.
What Is The Risk
ELEVATED RISK: This represents a security best practice violation. While not an immediate threat, it contributes to overall security debt and may be exploited in combination with other vulnerabilities.
What To Do
Automated Fix Available: This can be remediated using PowerShell. Your IT team can run the command shown below to fix this issue.
Recommended Action: Schedule this fix with your IT team. For Critical/High severity items, consider expedited change procedures.
Compliance Impact: This finding affects: NIST, CIS
Technical Remediation:
Enable-Mailbox -Identity '<UserPrincipalName>' -Archive
|
| Low |
MGU-006 |
User Account Disabled But Has Licenses
Disabled user account still has assigned licenses. This wastes licensing costs.
|
26
|
MicrosoftGraphUsers |
M
2-4 hrs
|
Why This Matters
This security finding indicates a gap in your security posture. Unaddressed security gaps accumulate risk and increase the likelihood of a successful attack.
What Is The Risk
ELEVATED RISK: This represents a security best practice violation. While not an immediate threat, it contributes to overall security debt and may be exploited in combination with other vulnerabilities.
What To Do
Remediation Guidance: Remove licenses: Set-MgUserLicense -UserId '<Id>' -RemoveLicenses @('<SkuId>')
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST, CIS
Technical Remediation:
Remove licenses: Set-MgUserLicense -UserId '<Id>' -RemoveLicenses @('<SkuId>')
|
| Low |
MANUAL-085 |
Tenant Information Disclosure via Public Endpoints
Tenant metadata (tenant ID, domain names, Azure AD SKU, federation settings) can be discovered by unauthenticated attackers using public endpoints (OpenID configuration, Get-TenantID API). This information aids in reconnaissance for targeted attacks, password spraying, and phishing campaigns.
|
1
|
|
M
2-4 hrs
|
Why This Matters
This security finding indicates a gap in your security posture. Unaddressed security gaps accumulate risk and increase the likelihood of a successful attack.
What Is The Risk
ELEVATED RISK: This represents a security best practice violation. While not an immediate threat, it contributes to overall security debt and may be exploited in combination with other vulnerabilities.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: Attack Surface Management, Reconnaissance Defense
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Low |
DNS-EMAIL-009 |
DMARC Forensic Reporting Not Configured
DMARC record does not include 'ruf=' forensic reporting address. Organizations miss detailed failure reports for investigation.
|
1
|
DNS |
M
2-4 hrs
|
Why This Matters
System.Object[]
What Is The Risk
ELEVATED RISK: This represents a security best practice violation. While not an immediate threat, it contributes to overall security debt and may be exploited in combination with other vulnerabilities.
What To Do
Remediation Guidance: Add DMARC forensic reporting address: 'ruf=mailto:[email protected]'
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CIS, DMARC
Technical Remediation:
Add DMARC forensic reporting address: 'ruf=mailto:[email protected]'
|
| Low |
MANUAL-128 |
User Reported Message Settings Not Configured
User reported message settings (Report Message add-in) are not configured to send reported messages to security team. This prevents security operations from receiving user-reported phishing and spam, eliminating an important threat intelligence source.
|
1
|
|
M
2-4 hrs
|
Why This Matters
This security finding indicates a gap in your security posture. Unaddressed security gaps accumulate risk and increase the likelihood of a successful attack.
What Is The Risk
ELEVATED RISK: This represents a security best practice violation. While not an immediate threat, it contributes to overall security debt and may be exploited in combination with other vulnerabilities.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO 27001
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Low |
MANUAL-162 |
External Sharing Set on SharePoint/OneDrive
Content shared externally via SharePoint or OneDrive. External sharing increases data exposure risk and requires review for sensitive content.
|
1
|
|
M
2-4 hrs
|
Why This Matters
Sensitive data (customer info, financials, IP) could be leaked or stolen. Data breaches result in regulatory fines, lawsuits, and irreparable reputation damage.
What Is The Risk
ELEVATED RISK: This represents a security best practice violation. While not an immediate threat, it contributes to overall security debt and may be exploited in combination with other vulnerabilities.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: NIST 800-53, ISO 27001, GDPR, HIPAA
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Low |
SCUBA-DEF-016 |
SIEM incorporation cannot be checked programmatically
CISA federal baseline requirement: SIEM incorporation cannot be checked programmatically
|
1
|
|
M
2-4 hrs
|
Why This Matters
Microsoft Defender protections are not fully enabled. Without active threat protection, malware and phishing attacks can succeed.
What Is The Risk
ELEVATED RISK: This represents a security best practice violation. While not an immediate threat, it contributes to overall security debt and may be exploited in combination with other vulnerabilities.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA Baseline, Federal Security Baseline, FedRAMP
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Low |
MANUAL-038 |
Azure Resources Missing Required Tags
Checks resource tag compliance for governance and cost tracking
|
1
|
|
M
2-4 hrs
|
Why This Matters
This security finding indicates a gap in your security posture. Unaddressed security gaps accumulate risk and increase the likelihood of a successful attack.
What Is The Risk
ELEVATED RISK: This represents a security best practice violation. While not an immediate threat, it contributes to overall security debt and may be exploited in combination with other vulnerabilities.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Low |
MANUAL-033 |
License Usage Inefficiency Detected
Reports on license allocation and usage efficiency
|
1
|
|
M
2-4 hrs
|
Why This Matters
This security finding indicates a gap in your security posture. Unaddressed security gaps accumulate risk and increase the likelihood of a successful attack.
What Is The Risk
ELEVATED RISK: This represents a security best practice violation. While not an immediate threat, it contributes to overall security debt and may be exploited in combination with other vulnerabilities.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Low |
MANUAL-006 |
DLP Policies Not Enabled and Enforced
Policies were found in a state other than 'Enable'. The state of the policy determines what, if any, actions are taken when the policy is triggered. Reasons that a policy may be in a state other than 'Enable' include testing, policy deprecation, and auditing as well as potentially nefarious reasons. Policy state definitions are: - Enable: The policy is enabled for actions and notifications. This is the default value. - Disable: The policy is disabled. - TestWithNotifications: No actions are taken, but notifications are sent. - TestWithoutNotifications: An audit mode where no actions are taken, and no notifications are sent.
|
1
|
|
M
2-4 hrs
|
Why This Matters
System.Object[]
What Is The Risk
ELEVATED RISK: This represents a security best practice violation. While not an immediate threat, it contributes to overall security debt and may be exploited in combination with other vulnerabilities.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Low |
MANUAL-004 |
No Custom DLP Sensitive Information Types Defined
Organizations have sensitive information under their control such as financial data, proprietary data, credit card numbers, health records, or social security numbers. Default configurations may not meet the business needs, or compliance requirements of the organization. Custom-defined information types may be configured to mitigate any gaps that default settings do not address.
|
1
|
|
M
2-4 hrs
|
Why This Matters
System.Object[]
What Is The Risk
ELEVATED RISK: This represents a security best practice violation. While not an immediate threat, it contributes to overall security debt and may be exploited in combination with other vulnerabilities.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Low |
MANUAL-003 |
No Custom DLP Policies Found
Organizations have sensitive information under their control such as financial data, proprietary data, credit card numbers, health records, or social security numbers. To help protect this sensitive data and reduce risk, they need a way to prevent their users from inappropriately sharing it with people who should not have it. Default configurations may not meet the business needs, or compliance requirements of the organization. Custom policies can be configured to address any gaps that default settings do not remediate.
|
1
|
|
M
2-4 hrs
|
Why This Matters
System.Object[]
What Is The Risk
ELEVATED RISK: This represents a security best practice violation. While not an immediate threat, it contributes to overall security debt and may be exploited in combination with other vulnerabilities.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Low |
SCUBA-EID-030 |
Disabled Accounts Not Deleted After 90 Days
Disabled accounts that remain in the directory after 90 days represent unnecessary clutter and potential re-enablement risks.
|
1
|
|
M
2-4 hrs
|
Why This Matters
Azure/Entra ID is your identity foundation. Misconfigurations here affect every user and application in your organization.
What Is The Risk
ELEVATED RISK: This represents a security best practice violation. While not an immediate threat, it contributes to overall security debt and may be exploited in combination with other vulnerabilities.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CIS M365, NIST 800-53
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Info |
RPT-001 |
|
53,752
|
|
L
4-8 hrs
|
Why This Matters
Without proper audit logging, you cannot detect breaches, investigate incidents, or prove compliance. Attackers specifically target logging to hide their activities.
What Is The Risk
This security gap should be addressed as part of your ongoing security improvement program.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Info |
GRPG-002 |
Transitive Group Membership
|
23,175
|
|
L
4-8 hrs
|
Why This Matters
This security finding indicates a gap in your security posture. Unaddressed security gaps accumulate risk and increase the likelihood of a successful attack.
What Is The Risk
This security gap should be addressed as part of your ongoing security improvement program.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Info |
GRPG-001 |
|
17,873
|
|
L
4-8 hrs
|
Why This Matters
This security finding indicates a gap in your security posture. Unaddressed security gaps accumulate risk and increase the likelihood of a successful attack.
What Is The Risk
This security gap should be addressed as part of your ongoing security improvement program.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Info |
RPT-003 |
|
1,228
|
|
L
4-8 hrs
|
Why This Matters
This security finding indicates a gap in your security posture. Unaddressed security gaps accumulate risk and increase the likelihood of a successful attack.
What Is The Risk
This security gap should be addressed as part of your ongoing security improvement program.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Info |
SENT-003 |
Threat Intelligence Indicators
|
1,000
|
|
M
2-4 hrs
|
Why This Matters
Your ability to detect and respond to threats is compromised. Without proper threat protection, attacks can persist undetected for months.
What Is The Risk
This security gap should be addressed as part of your ongoing security improvement program.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Info |
RPT-002 |
|
1,000
|
|
M
2-4 hrs
|
Why This Matters
Without proper audit logging, you cannot detect breaches, investigate incidents, or prove compliance. Attackers specifically target logging to hide their activities.
What Is The Risk
This security gap should be addressed as part of your ongoing security improvement program.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Info |
DIRM-001 |
Device Registration Review
|
751
|
|
M
2-4 hrs
|
Why This Matters
Non-compliant devices accessing corporate data create security gaps. Lost or compromised devices are a leading cause of data breaches.
What Is The Risk
This security gap should be addressed as part of your ongoing security improvement program.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Info |
SENT-002 |
Sentinel Alert Rule Review
|
500
|
|
M
2-4 hrs
|
Why This Matters
This security finding indicates a gap in your security posture. Unaddressed security gaps accumulate risk and increase the likelihood of a successful attack.
What Is The Risk
This security gap should be addressed as part of your ongoing security improvement program.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Info |
FILE-002 |
|
368
|
|
M
2-4 hrs
|
Why This Matters
This security finding indicates a gap in your security posture. Unaddressed security gaps accumulate risk and increase the likelihood of a successful attack.
What Is The Risk
This security gap should be addressed as part of your ongoing security improvement program.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Info |
GOV-001 |
PIM Role Eligibility Schedule
|
59
|
|
M
2-4 hrs
|
Why This Matters
Privileged accounts are high-value targets. A compromised admin account gives attackers complete control over your environment.
What Is The Risk
This security gap should be addressed as part of your ongoing security improvement program.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Info |
AUTO-002 |
Runbook with Encrypted Variables
|
36
|
|
M
2-4 hrs
|
Why This Matters
This security finding indicates a gap in your security posture. Unaddressed security gaps accumulate risk and increase the likelihood of a successful attack.
What Is The Risk
This security gap should be addressed as part of your ongoing security improvement program.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Info |
STOR-003 |
Storage Container Inventory
|
24
|
|
M
2-4 hrs
|
Why This Matters
This security finding indicates a gap in your security posture. Unaddressed security gaps accumulate risk and increase the likelihood of a successful attack.
What Is The Risk
This security gap should be addressed as part of your ongoing security improvement program.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Info |
PAPP-001 |
PowerApps Environment Review
|
10
|
|
M
2-4 hrs
|
Why This Matters
This security finding indicates a gap in your security posture. Unaddressed security gaps accumulate risk and increase the likelihood of a successful attack.
What Is The Risk
This security gap should be addressed as part of your ongoing security improvement program.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Info |
FILE-001 |
|
8
|
|
M
2-4 hrs
|
Why This Matters
This security finding indicates a gap in your security posture. Unaddressed security gaps accumulate risk and increase the likelihood of a successful attack.
What Is The Risk
This security gap should be addressed as part of your ongoing security improvement program.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Info |
MON-001 |
Log Analytics Workspace Review
|
5
|
|
M
2-4 hrs
|
Why This Matters
This security finding indicates a gap in your security posture. Unaddressed security gaps accumulate risk and increase the likelihood of a successful attack.
What Is The Risk
This security gap should be addressed as part of your ongoing security improvement program.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Info |
DIRM-002 |
|
5
|
|
M
2-4 hrs
|
Why This Matters
This security finding indicates a gap in your security posture. Unaddressed security gaps accumulate risk and increase the likelihood of a successful attack.
What Is The Risk
This security gap should be addressed as part of your ongoing security improvement program.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Info |
AUTO-001 |
Automation Account Inventory
|
4
|
|
M
2-4 hrs
|
Why This Matters
This security finding indicates a gap in your security posture. Unaddressed security gaps accumulate risk and increase the likelihood of a successful attack.
What Is The Risk
This security gap should be addressed as part of your ongoing security improvement program.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Info |
RSV-001 |
|
2
|
|
M
2-4 hrs
|
Why This Matters
This security finding indicates a gap in your security posture. Unaddressed security gaps accumulate risk and increase the likelihood of a successful attack.
What Is The Risk
This security gap should be addressed as part of your ongoing security improvement program.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Informational |
SCUBA-EID-027 |
At this time we are unable to test for X because of Y
Manual verification required - At this time we are unable to test for X because of Y
|
1
|
|
M
2-4 hrs
|
Why This Matters
Azure/Entra ID is your identity foundation. Misconfigurations here affect every user and application in your organization.
What Is The Risk
This security gap should be addressed as part of your ongoing security improvement program.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA Baseline, Federal Security Baseline
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Informational |
SCUBA-DEF-014 |
At this time we are unable to test for X because of Y
Manual verification required - At this time we are unable to test for X because of Y
|
1
|
|
M
2-4 hrs
|
Why This Matters
Microsoft Defender protections are not fully enabled. Without active threat protection, malware and phishing attacks can succeed.
What Is The Risk
This security gap should be addressed as part of your ongoing security improvement program.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA Baseline, Federal Security Baseline
Technical Remediation:
Work with your IT team to remediate this finding.
|
| Informational |
SCUBA-DEF-013 |
At this time we are unable to test for X because of Y
Manual verification required - At this time we are unable to test for X because of Y
|
1
|
|
M
2-4 hrs
|
Why This Matters
Microsoft Defender protections are not fully enabled. Without active threat protection, malware and phishing attacks can succeed.
What Is The Risk
This security gap should be addressed as part of your ongoing security improvement program.
What To Do
Remediation Guidance: Work with your IT team to remediate this finding.
Recommended Action: Work with your IT and security teams to address this finding according to your change management process.
Compliance Impact: This finding affects: CISA Baseline, Federal Security Baseline
Technical Remediation:
Work with your IT team to remediate this finding.
|