Mondoo Microsoft 365 (MS365) Resource Pack Reference
The Microsoft 365 (MS365) resource pack lets you use MQL to query and assess the security of your Microsoft 365 identities and configuration.
Resources included in this pack:
| ID | DESCRIPTION |
|---|---|
| microsoft | Microsoft |
| microsoft.application | Microsoft Entra ID application registration |
| microsoft.application.permission | Microsoft Service Principal Permission |
| microsoft.application.role | Microsoft Entra ID app roles are custom roles to assign permissions to users or apps |
| microsoft.conditionalAccess | Microsoft Conditional Access Policies |
| microsoft.conditionalAccess.countryNamedLocation | Microsoft Conditional Access Country named location |
| microsoft.conditionalAccess.ipNamedLocation | Microsoft Conditional Access IP named location |
| microsoft.conditionalAccess.namedLocations | Container for Microsoft Conditional Access Named Locations |
| microsoft.devicemanagement | Microsoft device management |
| microsoft.devicemanagement.devicecompliancepolicy | Microsoft device compliance policy |
| microsoft.devicemanagement.deviceconfiguration | Microsoft device configuration |
| microsoft.domain | Microsoft domain |
| microsoft.domaindnsrecord | Microsoft domain DNS record |
| microsoft.group | Microsoft group |
| microsoft.keyCredential | Microsoft Entra AD Application certificate |
| microsoft.passwordCredential | Microsoft Entra AD Application secrets |
| microsoft.policies | Microsoft policies |
| microsoft.rolemanagement | Deprecated: use microsoft.roles instead |
| microsoft.rolemanagement.roleassignment | Microsoft role assignment |
| microsoft.rolemanagement.roledefinition | Microsoft role definition |
| microsoft.security | Microsoft Security |
| microsoft.security.riskyUser | Microsoft Entra users who are at risk |
| microsoft.security.securityscore | Microsoft Secure Score |
| microsoft.serviceprincipal | Microsoft service principal (Enterprise application) |
| microsoft.serviceprincipal.assignment | Microsoft Service Principal Assignment |
| microsoft.tenant | Microsoft Entra tenant |
| microsoft.user | Microsoft Entra ID user |
| microsoft.user.authenticationMethods | Microsoft Entra authentication methods |
| ms365.exchangeonline | Microsoft 365 Exchange Online |
| ms365.exchangeonline.exoMailbox | Microsoft 365 Exchange Online Mailbox |
| ms365.exchangeonline.externalSender | Microsoft 365 Exchange Online External Sender |
| ms365.exchangeonline.reportSubmissionPolicy | Report Submission Policy configuration |
| ms365.exchangeonline.teamsProtectionPolicy | Teams Protection Policy configuration |
| ms365.sharepointonline | Microsoft 365 SharePoint Online |
| ms365.sharepointonline.site | Microsoft 365 SharePoint Site |
| ms365.teams | Microsoft 365 Teams |
| ms365.teams.teamsMeetingPolicyConfig | Microsoft 365 Teams meeting policy configuration |
| ms365.teams.teamsMessagingPolicyConfig | Teams meeting policy configuration |
| ms365.teams.tenantFederationConfig | Microsoft 365 Teams tenant federation configuration |