Microsoft 365 CIS Benchmark 3.0: What You Need to Know

The CIS Microsoft 365 Benchmark version 3.0 is an updated set of security guidelines tailored for the Microsoft 365 environment. This new version reflects the latest best practices and security configurations suitable for Microsoft 365, addressing the evolving cybersecurity landscape. It includes revised recommendations, new security controls, and adjustments to existing guidelines, ensuring that users can effectively secure their Microsoft 365 deployments. The benchmark is designed to assist organizations in enhancing their security posture and achieving compliance with industry standards.

About the Center for Internet Security (CIS)

CIS is a nonprofit that develops IT system benchmarks to enhance cybersecurity readiness. Collaborating with various stakeholders, CIS continuously updates its benchmarks to respond to evolving security threats.

Microsoft 365 CIS Benchmark 3.0: What has changed?

The CIS Microsoft 365 Benchmark version 3.0 includes several changes and updates from the previous version. These updates are designed to align with the evolving configuration, features, and best security practices of Microsoft 365. The changes typically involve:

  • Adding new recommendations
  • Updating existing guidelines
  • Restructuring sections

The new Microsoft 365 version 3.0 release introduces 34 new recommendations, removes one that's out of date, and updates 15.

Comparing the provided lists from CIS Microsoft 365 Benchmark versions 3.0 and 2.0, it's evident that version 3.0 introduces more granular and diverse recommendations. While version 2.0 focuses broadly on areas like Azure Active Directory, application permissions, data management, and email security, version 3.0 expands on these areas and introduces specific guidelines for Microsoft Teams, Microsoft 365 Groups, Microsoft Defender, Microsoft Purview, SharePoint, Teams admin center, and more. This suggests a comprehensive approach in version 3.0, addressing a wider range of components within the Microsoft 365 ecosystem and offering more detailed security practices.

New sections and recommendations in CIS Microsoft 365 Benchmark version 3.0 include:

  • Microsoft 365 Defender - A new section focuses on settings relating to policies, rules, and security common to many Microsoft 365 applications.
  • Microsoft Purview - Also known as Compliance, this section contains settings related to all things compliance, data governance, information protection, and risk management
  • Microsoft Entra admin center - Also known as Identity, these recommendations relate to identity, conditional access, and was formerly named Azure AD.
  • Exchange admin center - New recommendations have enhanced focus on email security and audit.
  • SharePoint admin center - SharePoint and OneDrive recommendations receive refreshed attention.
  • Microsoft Teams admin center - Teams-specific settings and security considerations have been updated.
  • Microsoft Fabric - This is Microsoft's new name for Power BI. The section contains settings for everything related to Power BI configuration.

Monitor your infrastructure for security misconfigurations and maps those checks automatically to top compliance frameworks.

In with the new

There are 24 new security recommendations, too many to cover in detail, but here are some important changes:

  • Ensure users can report security concerns in Teams
  • Ensure sign-in to shared mailboxes is blocked
  • Ensure AccountEnabled is set to False for all Shared Mailboxes
  • Ensure that only organizationally managed/approved public groups exist
  • Ensure 'Restrict non-admin users from creating tenants' is set to 'Yes'
  • Ensure that password hash sync is enabled for hybrid deployments
  • Ensure SharePoint and OneDrive integration with Azure AD B2B is enabled
  • Ensure OneDrive content sharing is restricted
  • Ensure custom script execution is restricted on site collections
  • Ensure users can report security concerns in Teams
  • Ensure mailbox auditing for E3 users is Enabled
  • Ensure mailbox auditing for E5 users is Enabled
  • Ensure mailbox auditing for E5 users is Enabled
  • Ensure email from external senders is identified
  • Ensure users installing Outlook add-ins is not allowed
  • Ensure external content sharing is restricted
  • Ensure 'external access' is restricted in the Teams admin center
  • Ensure anonymous users can't join a meeting
  • Ensure anonymous users and dial-in callers can't start a meeting
  • Ensure only people in my org can bypass the lobby
  • Ensure users dialing in can't bypass the lobby
  • Ensure meeting chat does not allow anonymous users
  • Ensure only organizers and co-organizers can present
  • Ensure external participants can't give or request control
  • Secure your Microsoft 365 subscription with Mondoo

Navigating the complexities of compliance and security in an ever-evolving landscape can be daunting. Mondoo steps in as your ally, offering a robust solution for safeguarding your technology infrastructure. Our platform seamlessly integrates with your systems, ensuring continuous protection from development to production. We stay abreast of the latest CIS benchmarks, updating our services to keep your organization at the forefront of security and compliance. With Mondoo, you gain not just a tool, but a partner dedicated to mitigating risks and guiding you towards a secure, compliant future.

Mondoo positions you at the forefront of securing your Microsoft 365 environment, one of the most dynamically evolving platforms today. By leveraging our open source policies, you get a tangible sense of our offerings. This experience allows you to not just understand but feel the difference in how Mondoo enhances your security posture, ensuring you're not just keeping up, but staying ahead in the ever-changing realm of Microsoft 365 security.

To quickly test our open source policies for Microsoft 365 security with Mondoo, follow these steps:

  1. Register an application: Begin by creating an app for the Mondoo platform, a straightforward process detailed in our documentation, Register an Azure app.
  2. Execute commands: Use a set of simple commands to initiate the scanning process. These commands are designed for ease of use and efficiency: scan Microsoft 365.
  3. Implement open source policies: Finally, load our open source policies from the GitHub repository to harness Mondoo's robust security checks for Microsoft 365. Access our open source policies here.

Expand your security reach

If you find the outcomes with our open source policies impactful, consider connecting with us for more comprehensive solutions. Mondoo offers a wide array of policies that can thoroughly scan every facet of your Microsoft 365 setup, leveraging the power of CIS benchmarks. This expanded access ensures a more holistic approach to securing your digital environment against evolving threats and compliance needs.

Hossein Rouhani

Hossein Rouhani, a Security Engineer at Mondoo, excels in Azure ecosystem security, including Microsoft 365 and Azure Kubernetes, and is adept in cyber threat intelligence and penetration testing. His ethical hacking skills are matched by his personal dedication to kickboxing, embracing the "Strong in Body, Strong in Mind" philosophy. This discipline reflects in his cybersecurity approach, prioritizing resilience and strategy. As an influential cybersecurity voice, Hossein contributes to the community through conferences and publications, driving forward industry knowledge.

You might also like

Mondoo June 2024 Release Highlights
Mondoo May 2024 Release Highlights
Mondoo April 2024 Release Highlights