From 2bd24651b635a613fbc3db2168cc37e864c04079 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kristian=20Kj=C3=A6rg=C3=A5rd?= Date: Fri, 6 Jun 2025 22:48:03 +0200 Subject: [PATCH] feat: add FormsPhishingProtection standard --- src/data/standards.json | 417 ++++++++++------------------------------ 1 file changed, 105 insertions(+), 312 deletions(-) diff --git a/src/data/standards.json b/src/data/standards.json index d70ddafcbd6c..9269ed3c29bc 100644 --- a/src/data/standards.json +++ b/src/data/standards.json @@ -75,17 +75,12 @@ "impactColour": "info", "addedDate": "2024-03-19", "powershellEquivalent": "New-MailContact", - "recommendedBy": [ - "CIPP" - ] + "recommendedBy": ["CIPP"] }, { "name": "standards.AuditLog", "cat": "Global Standards", - "tag": [ - "CIS", - "mip_search_auditlog" - ], + "tag": ["CIS", "mip_search_auditlog"], "helpText": "Enables the Unified Audit Log for tracking and auditing activities. Also runs Enable-OrganizationCustomization if necessary.", "addedComponent": [], "label": "Enable the Unified Audit Log", @@ -93,10 +88,7 @@ "impactColour": "info", "addedDate": "2021-11-16", "powershellEquivalent": "Enable-OrganizationCustomization", - "recommendedBy": [ - "CIS", - "CIPP" - ] + "recommendedBy": ["CIS", "CIPP"] }, { "name": "standards.ProfilePhotos", @@ -146,9 +138,7 @@ "remediate": false }, "powershellEquivalent": "Portal only", - "recommendedBy": [ - "CIPP" - ] + "recommendedBy": ["CIPP"] }, { "name": "standards.Branding", @@ -210,10 +200,7 @@ { "name": "standards.EnableCustomerLockbox", "cat": "Global Standards", - "tag": [ - "CIS", - "CustomerLockBoxEnabled" - ], + "tag": ["CIS", "CustomerLockBoxEnabled"], "helpText": "Enables Customer Lockbox that offers an approval process for Microsoft support to access organization data", "docsDescription": "Customer Lockbox ensures that Microsoft can't access your content to do service operations without your explicit approval. Customer Lockbox ensures only authorized requests allow access to your organizations data.", "addedComponent": [], @@ -222,9 +209,7 @@ "impactColour": "info", "addedDate": "2024-01-08", "powershellEquivalent": "Set-OrganizationConfig -CustomerLockBoxEnabled $true", - "recommendedBy": [ - "CIS" - ] + "recommendedBy": ["CIS"] }, { "name": "standards.EnablePronouns", @@ -251,9 +236,7 @@ "impactColour": "info", "addedDate": "2021-11-16", "powershellEquivalent": "Update-MgBetaAdminReportSetting -BodyParameter @{displayConcealedNames = $true}", - "recommendedBy": [ - "CIPP" - ] + "recommendedBy": ["CIPP"] }, { "name": "standards.DisableGuestDirectory", @@ -267,9 +250,7 @@ "impactColour": "info", "addedDate": "2022-05-04", "powershellEquivalent": "Set-AzureADMSAuthorizationPolicy -GuestUserRoleId '2af84b1e-32c8-42b7-82bc-daa82404023b'", - "recommendedBy": [ - "CIPP" - ] + "recommendedBy": ["CIPP"] }, { "name": "standards.DisableBasicAuthSMTP", @@ -283,18 +264,12 @@ "impactColour": "warning", "addedDate": "2021-11-16", "powershellEquivalent": "Set-TransportConfig -SmtpClientAuthenticationDisabled $true", - "recommendedBy": [ - "CIS", - "CIPP" - ] + "recommendedBy": ["CIS", "CIPP"] }, { "name": "standards.ActivityBasedTimeout", "cat": "Global Standards", - "tag": [ - "CIS", - "spo_idle_session_timeout" - ], + "tag": ["CIS", "spo_idle_session_timeout"], "helpText": "Enables and sets Idle session timeout for Microsoft 365 to 1 hour. This policy affects most M365 web apps", "addedComponent": [ { @@ -332,9 +307,7 @@ "impactColour": "warning", "addedDate": "2022-04-13", "powershellEquivalent": "Portal or Graph API", - "recommendedBy": [ - "CIS" - ] + "recommendedBy": ["CIS"] }, { "name": "standards.AuthMethodsSettings", @@ -470,16 +443,12 @@ "impactColour": "info", "addedDate": "2023-04-25", "powershellEquivalent": "Portal or Graph API", - "recommendedBy": [ - "CIPP" - ] + "recommendedBy": ["CIPP"] }, { "name": "standards.PWdisplayAppInformationRequiredState", "cat": "Entra (AAD) Standards", - "tag": [ - "CIS" - ], + "tag": ["CIS"], "helpText": "Enables the MS authenticator app to display information about the app that is requesting authentication. This displays the application name.", "docsDescription": "Allows users to use Passwordless with Number Matching and adds location information from the last request", "addedComponent": [], @@ -488,9 +457,7 @@ "impactColour": "info", "addedDate": "2021-11-16", "powershellEquivalent": "Update-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration", - "recommendedBy": [ - "CIS" - ] + "recommendedBy": ["CIS"] }, { "name": "standards.allowOTPTokens", @@ -550,9 +517,7 @@ "impactColour": "info", "addedDate": "2022-12-08", "powershellEquivalent": "Update-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration", - "recommendedBy": [ - "CIPP" - ] + "recommendedBy": ["CIPP"] }, { "name": "standards.EnableHardwareOAuth", @@ -582,6 +547,20 @@ "powershellEquivalent": "Update-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration", "recommendedBy": [] }, + { + "name": "standards.FormsPhishingProtection", + "cat": "Global Standards", + "tag": ["CIS", "Security", "PhishingProtection"], + "helpText": "Enables internal phishing protection for Microsoft Forms to help prevent malicious forms from being created and shared within the organization. This feature scans forms created by internal users for potential phishing content and suspicious patterns.", + "docsDescription": "Enables internal phishing protection for Microsoft Forms by setting the isInOrgFormsPhishingScanEnabled property to true. This security feature helps protect organizations from internal phishing attacks through Microsoft Forms by automatically scanning forms created by internal users for potential malicious content, suspicious links, and phishing patterns. When enabled, Forms will analyze form content and block or flag potentially dangerous forms before they can be shared within the organization.", + "addedComponent": [], + "label": "Enable internal phishing protection for Forms", + "impact": "Low Impact", + "impactColour": "info", + "addedDate": "2025-06-06", + "powershellEquivalent": "Graph API", + "recommendedBy": ["CIS", "CIPP"] + }, { "name": "standards.TAP", "cat": "Entra (AAD) Standards", @@ -612,17 +591,12 @@ "impactColour": "info", "addedDate": "2022-03-15", "powershellEquivalent": "Update-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration", - "recommendedBy": [ - "CIPP" - ] + "recommendedBy": ["CIPP"] }, { "name": "standards.PasswordExpireDisabled", "cat": "Entra (AAD) Standards", - "tag": [ - "CIS", - "PWAgePolicyNew" - ], + "tag": ["CIS", "PWAgePolicyNew"], "helpText": "Disables the expiration of passwords for the tenant by setting the password expiration policy to never expire for any user.", "docsDescription": "Sets passwords to never expire for tenant, recommended to use in conjunction with secure password requirements.", "addedComponent": [], @@ -631,10 +605,7 @@ "impactColour": "info", "addedDate": "2021-11-16", "powershellEquivalent": "Update-MgDomain", - "recommendedBy": [ - "CIS", - "CIPP" - ] + "recommendedBy": ["CIS", "CIPP"] }, { "name": "standards.ExternalMFATrusted", @@ -670,9 +641,7 @@ { "name": "standards.DisableTenantCreation", "cat": "Entra (AAD) Standards", - "tag": [ - "CIS" - ], + "tag": ["CIS"], "helpText": "Restricts creation of M365 tenants to the Global Administrator or Tenant Creator roles.", "docsDescription": "Users by default are allowed to create M365 tenants. This disables that so only admins can create new M365 tenants.", "addedComponent": [], @@ -681,17 +650,12 @@ "impactColour": "info", "addedDate": "2022-11-29", "powershellEquivalent": "Update-MgPolicyAuthorizationPolicy", - "recommendedBy": [ - "CIS", - "CIPP" - ] + "recommendedBy": ["CIS", "CIPP"] }, { "name": "standards.EnableAppConsentRequests", "cat": "Entra (AAD) Standards", - "tag": [ - "CIS" - ], + "tag": ["CIS"], "helpText": "Enables App consent admin requests for the tenant via the GA role. Does not overwrite existing reviewer settings", "docsDescription": "Enables the ability for users to request admin consent for applications. Should be used in conjunction with the \"Require admin consent for applications\" standards", "addedComponent": [ @@ -706,9 +670,7 @@ "impactColour": "info", "addedDate": "2023-11-27", "powershellEquivalent": "Update-MgPolicyAdminConsentRequestPolicy", - "recommendedBy": [ - "CIS" - ] + "recommendedBy": ["CIS"] }, { "name": "standards.NudgeMFA", @@ -765,9 +727,7 @@ { "name": "standards.DisableAppCreation", "cat": "Entra (AAD) Standards", - "tag": [ - "CIS" - ], + "tag": ["CIS"], "helpText": "Disables the ability for users to create App registrations in the tenant.", "docsDescription": "Disables the ability for users to create applications in Entra. Done to prevent breached accounts from creating an app to maintain access to the tenant, even after the breached account has been secured.", "addedComponent": [], @@ -776,10 +736,7 @@ "impactColour": "info", "addedDate": "2024-03-20", "powershellEquivalent": "Update-MgPolicyAuthorizationPolicy", - "recommendedBy": [ - "CIS", - "CIPP" - ] + "recommendedBy": ["CIS", "CIPP"] }, { "name": "standards.DisableSecurityGroupUsers", @@ -838,17 +795,12 @@ "impactColour": "warning", "addedDate": "2022-10-20", "powershellEquivalent": "Graph API", - "recommendedBy": [ - "CIS", - "CIPP" - ] + "recommendedBy": ["CIS", "CIPP"] }, { "name": "standards.OauthConsent", "cat": "Entra (AAD) Standards", - "tag": [ - "CIS" - ], + "tag": ["CIS"], "helpText": "Disables users from being able to consent to applications, except for those specified in the field below", "docsDescription": "Requires users to get administrator consent before sharing data with applications. You can preapprove specific applications.", "addedComponent": [ @@ -864,17 +816,12 @@ "impactColour": "warning", "addedDate": "2021-11-16", "powershellEquivalent": "Update-MgPolicyAuthorizationPolicy", - "recommendedBy": [ - "CIS", - "CIPP" - ] + "recommendedBy": ["CIS", "CIPP"] }, { "name": "standards.OauthConsentLowSec", "cat": "Entra (AAD) Standards", - "tag": [ - "IntegratedApps" - ], + "tag": ["IntegratedApps"], "helpText": "Sets the default oauth consent level so users can consent to applications that have low risks.", "docsDescription": "Allows users to consent to applications with low assigned risk.", "label": "Allow users to consent to applications with low security risk (Prevent OAuth phishing. Lower impact, less secure)", @@ -927,9 +874,7 @@ { "name": "standards.StaleEntraDevices", "cat": "Entra (AAD) Standards", - "tag": [ - "CIS" - ], + "tag": ["CIS"], "helpText": "Remediate is currently not available. Cleans up Entra devices that have not connected/signed in for the specified number of days.", "docsDescription": "Remediate is currently not available. Cleans up Entra devices that have not connected/signed in for the specified number of days. First disables and later deletes the devices. More info can be found in the [Microsoft documentation](https://learn.microsoft.com/en-us/entra/identity/devices/manage-stale-devices)", "addedComponent": [ @@ -990,9 +935,7 @@ "impactColour": "danger", "addedDate": "2023-12-18", "powershellEquivalent": "Update-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration", - "recommendedBy": [ - "CIPP" - ] + "recommendedBy": ["CIPP"] }, { "name": "standards.DisableVoice", @@ -1006,9 +949,7 @@ "impactColour": "danger", "addedDate": "2023-12-18", "powershellEquivalent": "Update-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration", - "recommendedBy": [ - "CIPP" - ] + "recommendedBy": ["CIPP"] }, { "name": "standards.DisableEmail", @@ -1094,9 +1035,7 @@ { "name": "standards.OutBoundSpamAlert", "cat": "Exchange Standards", - "tag": [ - "CIS" - ], + "tag": ["CIS"], "helpText": "Set the Outbound Spam Alert e-mail address", "docsDescription": "Sets the e-mail address to which outbound spam alerts are sent.", "addedComponent": [ @@ -1111,9 +1050,7 @@ "impactColour": "info", "addedDate": "2023-05-03", "powershellEquivalent": "Set-HostedOutboundSpamFilterPolicy", - "recommendedBy": [ - "CIS" - ] + "recommendedBy": ["CIS"] }, { "name": "standards.MessageExpiration", @@ -1176,9 +1113,7 @@ "impactColour": "info", "addedDate": "2024-04-26", "powershellEquivalent": "Set-RemoteDomain -Identity 'Default' -TNEFEnabled $false", - "recommendedBy": [ - "CIPP" - ] + "recommendedBy": ["CIPP"] }, { "name": "standards.FocusedInbox", @@ -1292,9 +1227,7 @@ { "name": "standards.SpoofWarn", "cat": "Exchange Standards", - "tag": [ - "CIS" - ], + "tag": ["CIS"], "helpText": "Adds or removes indicators to e-mail messages received from external senders in Outlook. Works on all Outlook clients/OWA", "docsDescription": "Adds or removes indicators to e-mail messages received from external senders in Outlook. You can read more about this feature on [Microsoft's Exchange Team Blog.](https://techcommunity.microsoft.com/t5/exchange-team-blog/native-external-sender-callouts-on-email-in-outlook/ba-p/2250098)", "addedComponent": [ @@ -1328,18 +1261,12 @@ "impactColour": "info", "addedDate": "2021-11-16", "powershellEquivalent": "Set-ExternalInOutlook \u2013Enabled $true or $false", - "recommendedBy": [ - "CIS", - "CIPP" - ] + "recommendedBy": ["CIS", "CIPP"] }, { "name": "standards.EnableMailTips", "cat": "Exchange Standards", - "tag": [ - "CIS", - "exo_mailtipsenabled" - ], + "tag": ["CIS", "exo_mailtipsenabled"], "helpText": "Enables all MailTips in Outlook. MailTips are the notifications Outlook and Outlook on the web shows when an email you create, meets some requirements", "addedComponent": [ { @@ -1355,10 +1282,7 @@ "impactColour": "info", "addedDate": "2024-01-14", "powershellEquivalent": "Set-OrganizationConfig", - "recommendedBy": [ - "CIS", - "CIPP" - ] + "recommendedBy": ["CIS", "CIPP"] }, { "name": "standards.TeamsMeetingsByDefault", @@ -1408,9 +1332,7 @@ { "name": "standards.RotateDKIM", "cat": "Exchange Standards", - "tag": [ - "CIS" - ], + "tag": ["CIS"], "helpText": "Rotate DKIM keys that are 1024 bit to 2048 bit", "addedComponent": [], "label": "Rotate DKIM keys that are 1024 bit to 2048 bit", @@ -1418,17 +1340,12 @@ "impactColour": "info", "addedDate": "2023-03-14", "powershellEquivalent": "Rotate-DkimSigningConfig", - "recommendedBy": [ - "CIS", - "CIPP" - ] + "recommendedBy": ["CIS", "CIPP"] }, { "name": "standards.AddDKIM", "cat": "Exchange Standards", - "tag": [ - "CIS" - ], + "tag": ["CIS"], "helpText": "Enables DKIM for all domains that currently support it", "addedComponent": [], "label": "Enables DKIM for all domains that currently support it", @@ -1436,18 +1353,12 @@ "impactColour": "info", "addedDate": "2023-03-14", "powershellEquivalent": "New-DkimSigningConfig and Set-DkimSigningConfig", - "recommendedBy": [ - "CIS", - "CIPP" - ] + "recommendedBy": ["CIS", "CIPP"] }, { "name": "standards.EnableMailboxAuditing", "cat": "Exchange Standards", - "tag": [ - "CIS", - "exo_mailboxaudit" - ], + "tag": ["CIS", "exo_mailboxaudit"], "helpText": "Enables Mailbox auditing for all mailboxes and on tenant level. Disables audit bypass on all mailboxes. Unified Audit Log needs to be enabled for this standard to function.", "docsDescription": "Enables mailbox auditing on tenant level and for all mailboxes. Disables audit bypass on all mailboxes. By default Microsoft does not enable mailbox auditing for Resource Mailboxes, Public Folder Mailboxes and DiscoverySearch Mailboxes. Unified Audit Log needs to be enabled for this standard to function.", "addedComponent": [], @@ -1456,10 +1367,7 @@ "impactColour": "info", "addedDate": "2024-01-08", "powershellEquivalent": "Set-OrganizationConfig -AuditDisabled $false", - "recommendedBy": [ - "CIS", - "CIPP" - ] + "recommendedBy": ["CIS", "CIPP"] }, { "name": "standards.SendReceiveLimitTenant", @@ -1562,9 +1470,7 @@ { "name": "standards.EXOOutboundSpamLimits", "cat": "Exchange Standards", - "tag": [ - "CIS" - ], + "tag": ["CIS"], "helpText": "Configures the outbound spam recipient limits (external per hour, internal per hour, per day) and the action to take when a limit is reached. The 'Set Outbound Spam Alert e-mail' standard is recommended to configure together with this one. ", "docsDescription": "Configures the Exchange Online outbound spam recipient limits for external per hour, internal per hour, and per day, along with the action to take (e.g., BlockUser, Alert) when these limits are exceeded. This helps prevent abuse and manage email flow. Microsoft's recommendations can be found [here.](https://learn.microsoft.com/en-us/defender-office-365/recommended-settings-for-eop-and-office365#eop-outbound-spam-policy-settings) The 'Set Outbound Spam Alert e-mail' standard is recommended to configure together with this one.", "addedComponent": [ @@ -1613,18 +1519,12 @@ "impactColour": "info", "addedDate": "2025-05-13", "powershellEquivalent": "Set-HostedOutboundSpamFilterPolicy", - "recommendedBy": [ - "CIPP", - "CIS" - ] + "recommendedBy": ["CIPP", "CIS"] }, { "name": "standards.DisableExternalCalendarSharing", "cat": "Exchange Standards", - "tag": [ - "CIS", - "exo_individualsharing" - ], + "tag": ["CIS", "exo_individualsharing"], "helpText": "Disables the ability for users to share their calendar with external users. Only for the default policy, so exclusions can be made if needed.", "docsDescription": "Disables external calendar sharing for the entire tenant. This is not a widely used feature, and it's therefore unlikely that this will impact users. Only for the default policy, so exclusions can be made if needed by making a new policy and assigning it to users.", "addedComponent": [], @@ -1633,16 +1533,12 @@ "impactColour": "info", "addedDate": "2024-01-08", "powershellEquivalent": "Get-SharingPolicy | Set-SharingPolicy -Enabled $False", - "recommendedBy": [ - "CIS" - ] + "recommendedBy": ["CIS"] }, { "name": "standards.AutoAddProxy", "cat": "Exchange Standards", - "tag": [ - "CIS" - ], + "tag": ["CIS"], "helpText": "Automatically adds all available domains as a proxy address.", "docsDescription": "Automatically finds all available domain names in the tenant, and tries to add proxy addresses based on the user's UPN to each of these.", "addedComponent": [], @@ -1661,10 +1557,7 @@ { "name": "standards.DisableAdditionalStorageProviders", "cat": "Exchange Standards", - "tag": [ - "CIS", - "exo_storageproviderrestricted" - ], + "tag": ["CIS", "exo_storageproviderrestricted"], "helpText": "Disables the ability for users to open files in Outlook on the Web, from other providers such as Box, Dropbox, Facebook, Google Drive, OneDrive Personal, etc.", "docsDescription": "Disables additional storage providers in OWA. This is to prevent users from using personal storage providers like Dropbox, Google Drive, etc. Usually this has little user impact.", "addedComponent": [], @@ -1673,9 +1566,7 @@ "impactColour": "info", "addedDate": "2024-01-17", "powershellEquivalent": "Get-OwaMailboxPolicy | Set-OwaMailboxPolicy -AdditionalStorageProvidersEnabled $False", - "recommendedBy": [ - "CIS" - ] + "recommendedBy": ["CIS"] }, { "name": "standards.AntiSpamSafeList", @@ -1809,10 +1700,7 @@ { "name": "standards.DisableOutlookAddins", "cat": "Exchange Standards", - "tag": [ - "CIS", - "exo_outlookaddins" - ], + "tag": ["CIS", "exo_outlookaddins"], "helpText": "Disables the ability for users to install add-ins in Outlook. This is to prevent users from installing malicious add-ins.", "docsDescription": "Disables users from being able to install add-ins in Outlook. Only admins are able to approve add-ins for the users. This is done to reduce the threat surface for data exfiltration.", "addedComponent": [], @@ -1821,9 +1709,7 @@ "impactColour": "warning", "addedDate": "2024-02-05", "powershellEquivalent": "Get-ManagementRoleAssignment | Remove-ManagementRoleAssignment", - "recommendedBy": [ - "CIS" - ] + "recommendedBy": ["CIS"] }, { "name": "standards.SafeSendersDisable", @@ -1841,9 +1727,7 @@ "impactColour": "warning", "addedDate": "2023-10-26", "powershellEquivalent": "Set-MailboxJunkEmailConfiguration", - "recommendedBy": [ - "CIPP" - ] + "recommendedBy": ["CIPP"] }, { "name": "standards.DelegateSentItems", @@ -1877,9 +1761,7 @@ "impactColour": "warning", "addedDate": "2022-05-25", "powershellEquivalent": "Set-Mailbox", - "recommendedBy": [ - "CIPP" - ] + "recommendedBy": ["CIPP"] }, { "name": "standards.UserSubmissions", @@ -1921,9 +1803,7 @@ { "name": "standards.DisableSharedMailbox", "cat": "Exchange Standards", - "tag": [ - "CIS" - ], + "tag": ["CIS"], "helpText": "Blocks login for all accounts that are marked as a shared mailbox. This is Microsoft best practice to prevent direct logons to shared mailboxes.", "docsDescription": "Shared mailboxes can be directly logged into if the password is reset, this presents a security risk as do all shared login credentials. Microsoft's recommendation is to disable the user account for shared mailboxes. It would be a good idea to review the sign-in reports to establish potential impact.", "addedComponent": [], @@ -1932,19 +1812,12 @@ "impactColour": "warning", "addedDate": "2021-11-16", "powershellEquivalent": "Get-Mailbox & Update-MgUser", - "recommendedBy": [ - "CIS", - "CIPP" - ] + "recommendedBy": ["CIS", "CIPP"] }, { "name": "standards.EXODisableAutoForwarding", "cat": "Exchange Standards", - "tag": [ - "CIS", - "mdo_autoforwardingmode", - "mdo_blockmailforward" - ], + "tag": ["CIS", "mdo_autoforwardingmode", "mdo_blockmailforward"], "helpText": "Disables the ability for users to automatically forward e-mails to external recipients.", "docsDescription": "Disables the ability for users to automatically forward e-mails to external recipients. This is to prevent data exfiltration. Please check if there are any legitimate use cases for this feature before implementing, like forwarding invoices and such.", "addedComponent": [], @@ -1953,10 +1826,7 @@ "impactColour": "danger", "addedDate": "2024-07-26", "powershellEquivalent": "Set-HostedOutboundSpamFilterPolicy -AutoForwardingMode 'Off'", - "recommendedBy": [ - "CIS", - "CIPP" - ] + "recommendedBy": ["CIS", "CIPP"] }, { "name": "standards.RetentionPolicyTag", @@ -2037,11 +1907,7 @@ { "name": "standards.SafeLinksPolicy", "cat": "Defender Standards", - "tag": [ - "CIS", - "mdo_safelinksforemail", - "mdo_safelinksforOfficeApps" - ], + "tag": ["CIS", "mdo_safelinksforemail", "mdo_safelinksforOfficeApps"], "helpText": "This creates a Safe Links policy that automatically scans, tracks, and and enables safe links for Email, Office, and Teams for both external and internal senders", "addedComponent": [ { @@ -2073,9 +1939,7 @@ "impactColour": "info", "addedDate": "2024-03-25", "powershellEquivalent": "Set-SafeLinksPolicy or New-SafeLinksPolicy", - "recommendedBy": [ - "CIS" - ] + "recommendedBy": ["CIS"] }, { "name": "standards.AntiPhishPolicy", @@ -2288,19 +2152,12 @@ "impactColour": "info", "addedDate": "2024-03-25", "powershellEquivalent": "Set-AntiPhishPolicy or New-AntiPhishPolicy", - "recommendedBy": [ - "CIS" - ] + "recommendedBy": ["CIS"] }, { "name": "standards.SafeAttachmentPolicy", "cat": "Defender Standards", - "tag": [ - "CIS", - "mdo_safedocuments", - "mdo_commonattachmentsfilter", - "mdo_safeattachmentpolicy" - ], + "tag": ["CIS", "mdo_safedocuments", "mdo_commonattachmentsfilter", "mdo_safeattachmentpolicy"], "helpText": "This creates a Safe Attachment policy", "addedComponent": [ { @@ -2366,16 +2223,12 @@ "impactColour": "info", "addedDate": "2024-03-25", "powershellEquivalent": "Set-SafeAttachmentPolicy or New-SafeAttachmentPolicy", - "recommendedBy": [ - "CIS" - ] + "recommendedBy": ["CIS"] }, { "name": "standards.AtpPolicyForO365", "cat": "Defender Standards", - "tag": [ - "CIS" - ], + "tag": ["CIS"], "helpText": "This creates a Atp policy that enables Defender for Office 365 for SharePoint, OneDrive and Microsoft Teams.", "addedComponent": [ { @@ -2391,9 +2244,7 @@ "impactColour": "info", "addedDate": "2024-03-25", "powershellEquivalent": "Set-AtpPolicyForO365", - "recommendedBy": [ - "CIS" - ] + "recommendedBy": ["CIS"] }, { "name": "standards.PhishingSimulations", @@ -2443,12 +2294,7 @@ { "name": "standards.MalwareFilterPolicy", "cat": "Defender Standards", - "tag": [ - "CIS", - "mdo_zapspam", - "mdo_zapphish", - "mdo_zapmalware" - ], + "tag": ["CIS", "mdo_zapspam", "mdo_zapphish", "mdo_zapmalware"], "helpText": "This creates a Malware filter policy that enables the default File filter and Zero-hour auto purge for malware.", "addedComponent": [ { @@ -2534,9 +2380,7 @@ "impactColour": "info", "addedDate": "2024-03-25", "powershellEquivalent": "Set-MalwareFilterPolicy or New-MalwareFilterPolicy", - "recommendedBy": [ - "CIS" - ] + "recommendedBy": ["CIS"] }, { "name": "standards.PhishSimSpoofIntelligence", @@ -2966,9 +2810,7 @@ "impactColour": "info", "addedDate": "2023-05-19", "powershellEquivalent": "Graph API", - "recommendedBy": [ - "CIPP" - ] + "recommendedBy": ["CIPP"] }, { "name": "standards.intuneBrandingProfile", @@ -3319,9 +3161,7 @@ { "name": "standards.SPAzureB2B", "cat": "SharePoint Standards", - "tag": [ - "CIS" - ], + "tag": ["CIS"], "helpText": "Ensure SharePoint and OneDrive integration with Azure AD B2B is enabled", "addedComponent": [], "label": "Enable SharePoint and OneDrive integration with Azure AD B2B", @@ -3329,16 +3169,12 @@ "impactColour": "info", "addedDate": "2024-07-09", "powershellEquivalent": "Set-SPOTenant -EnableAzureADB2BIntegration $true", - "recommendedBy": [ - "CIS" - ] + "recommendedBy": ["CIS"] }, { "name": "standards.SPDisallowInfectedFiles", "cat": "SharePoint Standards", - "tag": [ - "CIS" - ], + "tag": ["CIS"], "helpText": "Ensure Office 365 SharePoint infected files are disallowed for download", "addedComponent": [], "label": "Disallow downloading infected files from SharePoint", @@ -3346,10 +3182,7 @@ "impactColour": "info", "addedDate": "2024-07-09", "powershellEquivalent": "Set-SPOTenant -DisallowInfectedFileDownload $true", - "recommendedBy": [ - "CIS", - "CIPP" - ] + "recommendedBy": ["CIS", "CIPP"] }, { "name": "standards.SPDisableLegacyWorkflows", @@ -3367,9 +3200,7 @@ { "name": "standards.SPDirectSharing", "cat": "SharePoint Standards", - "tag": [ - "CIS" - ], + "tag": ["CIS"], "helpText": "Ensure default link sharing is set to Direct in SharePoint and OneDrive", "addedComponent": [], "label": "Default sharing to Direct users", @@ -3377,17 +3208,12 @@ "impactColour": "warning", "addedDate": "2024-07-09", "powershellEquivalent": "Set-SPOTenant -DefaultSharingLinkType Direct", - "recommendedBy": [ - "CIS", - "CIPP" - ] + "recommendedBy": ["CIS", "CIPP"] }, { "name": "standards.SPExternalUserExpiration", "cat": "SharePoint Standards", - "tag": [ - "CIS" - ], + "tag": ["CIS"], "helpText": "Ensure guest access to a site or OneDrive will expire automatically", "addedComponent": [ { @@ -3401,16 +3227,12 @@ "impactColour": "warning", "addedDate": "2024-07-09", "powershellEquivalent": "Set-SPOTenant -ExternalUserExpireInDays 30 -ExternalUserExpirationRequired $True", - "recommendedBy": [ - "CIS" - ] + "recommendedBy": ["CIS"] }, { "name": "standards.SPEmailAttestation", "cat": "SharePoint Standards", - "tag": [ - "CIS" - ], + "tag": ["CIS"], "helpText": "Ensure re-authentication with verification code is restricted", "addedComponent": [ { @@ -3424,10 +3246,7 @@ "impactColour": "warning", "addedDate": "2024-07-09", "powershellEquivalent": "Set-SPOTenant -EmailAttestationRequired $true -EmailAttestationReAuthDays 15", - "recommendedBy": [ - "CIS", - "CIPP" - ] + "recommendedBy": ["CIS", "CIPP"] }, { "name": "standards.DisableAddShortcutsToOneDrive", @@ -3494,10 +3313,7 @@ { "name": "standards.DisableSharePointLegacyAuth", "cat": "SharePoint Standards", - "tag": [ - "CIS", - "spo_legacy_auth" - ], + "tag": ["CIS", "spo_legacy_auth"], "helpText": "Disables the ability to authenticate with SharePoint using legacy authentication methods. Any applications that use legacy authentication will need to be updated to use modern authentication.", "docsDescription": "Disables the ability for users and applications to access SharePoint via legacy basic authentication. This will likely not have any user impact, but will block systems/applications depending on basic auth or the SharePointOnlineCredentials class.", "addedComponent": [], @@ -3506,17 +3322,12 @@ "impactColour": "warning", "addedDate": "2024-02-05", "powershellEquivalent": "Set-SPOTenant -LegacyAuthProtocolsEnabled $false", - "recommendedBy": [ - "CIS", - "CIPP" - ] + "recommendedBy": ["CIS", "CIPP"] }, { "name": "standards.sharingCapability", "cat": "SharePoint Standards", - "tag": [ - "CIS" - ], + "tag": ["CIS"], "helpText": "Sets the default sharing level for OneDrive and SharePoint. This is a tenant wide setting and overrules any settings set on the site level", "addedComponent": [ { @@ -3549,17 +3360,12 @@ "impactColour": "danger", "addedDate": "2022-06-15", "powershellEquivalent": "Update-MgBetaAdminSharePointSetting", - "recommendedBy": [ - "CIS", - "CIPP" - ] + "recommendedBy": ["CIS", "CIPP"] }, { "name": "standards.DisableReshare", "cat": "SharePoint Standards", - "tag": [ - "CIS" - ], + "tag": ["CIS"], "helpText": "Disables the ability for external users to share files they don't own. Sharing links can only be made for People with existing access", "docsDescription": "Disables the ability for external users to share files they don't own. Sharing links can only be made for People with existing access. This is a tenant wide setting and overrules any settings set on the site level", "addedComponent": [], @@ -3568,10 +3374,7 @@ "impactColour": "danger", "addedDate": "2022-06-15", "powershellEquivalent": "Update-MgBetaAdminSharePointSetting", - "recommendedBy": [ - "CIS", - "CIPP" - ] + "recommendedBy": ["CIS", "CIPP"] }, { "name": "standards.DisableUserSiteCreate", @@ -3635,9 +3438,7 @@ { "name": "standards.sharingDomainRestriction", "cat": "SharePoint Standards", - "tag": [ - "CIS" - ], + "tag": ["CIS"], "helpText": "Restricts sharing to only users with the specified domain. This is useful for organizations that only want to share with their own domain.", "addedComponent": [ { @@ -3744,9 +3545,7 @@ "impactColour": "info", "addedDate": "2024-11-12", "powershellEquivalent": "Set-CsTeamsMeetingPolicy -AllowAnonymousUsersToJoinMeeting $false -AllowAnonymousUsersToStartMeeting $false -AutoAdmittedUsers EveryoneInCompanyExcludingGuests -AllowPSTNUsersToBypassLobby $false -MeetingChatEnabledType EnabledExceptAnonymous -DesignatedPresenterRoleMode $DesignatedPresenterRoleMode -AllowExternalParticipantGiveRequestControl $false", - "recommendedBy": [ - "CIS" - ] + "recommendedBy": ["CIS"] }, { "name": "standards.TeamsEmailIntegration", @@ -3766,9 +3565,7 @@ "impactColour": "info", "addedDate": "2024-07-30", "powershellEquivalent": "Set-CsTeamsClientConfiguration -AllowEmailIntoChannel $false", - "recommendedBy": [ - "CIS" - ] + "recommendedBy": ["CIS"] }, { "name": "standards.TeamsGuestAccess", @@ -3827,9 +3624,7 @@ "impactColour": "info", "addedDate": "2024-07-28", "powershellEquivalent": "Set-CsTeamsClientConfiguration -AllowGoogleDrive $false -AllowShareFile $false -AllowBox $false -AllowDropBox $false -AllowEgnyte $false", - "recommendedBy": [ - "CIS" - ] + "recommendedBy": ["CIS"] }, { "name": "standards.TeamsEnrollUser", @@ -4440,8 +4235,6 @@ "impactColour": "info", "addedDate": "2025-05-28", "powershellEquivalent": "Set-Mailbox -RecipientLimits", - "recommendedBy": [ - "CIPP" - ] + "recommendedBy": ["CIPP"] } -] \ No newline at end of file +]