M365 CIS Foundation Benchmark (2.0.0)

Augmentt can assist with many aspects of M365 CIS compliance recommendations. Below is a list of the M365 CIS Foundation Benchmarks v.2.0.0 that Augmentt can help you fulfill.

CIS Microsoft 365 Benchmarks (cisecurity.org)

1.1.1 Augmentt’s MFA report/posture checks help you easily identify if Security Defaults is enabled or disabled.  You can easily deploy conditional access policies within Augmentt to apply this recommendation.

1.1.2 Augmentt’s MFA report/Admin MFA posture check and alerting helps you easily identify Admin accounts without MFA.  You can easily deploy conditional access policies within Augmentt to apply this recommendation.

1.1.3 Augmentt’s Idle Session Timeout verifies that you are applying session timeouts to avoid persistent sessions.  You can easily enable Idle Session Timeout to apply this recommendation.

1.1.4 Augmentt’s MFA report/User MFA posture check and alerting helps you easily identify accounts without MFA.  You can easily deploy conditional access policies within Augmentt to apply this recommendation.

1.1.5 MFA Number Matching is used to protect against MFA fatigue.  Deploy and monitor MFA via Augmentt’s MFA Number Matching security posture.

1.1.7 Augmentt’s Employee list and MFA posture helps you quickly identify how many administrator accounts you have and can filter for Roles.  Microsoft recommends between two and four global admins.

1.1.8 Self-Service Password Reset is monitored by Augmentt’s Security Posture

1.1.11 Augmentt monitors/alerts for the existence of a Conditional Access Policy blocking Legacy Authentication.

1.1.15 Augmentt monitors the Audit Log and provides alerts for members being added to Roles outside of PIM.

1.1.20 Augmentt’s security posture monitors Entra ID guest access, ensuring only admins can access the management portal.

1.2 Augmentt’s security posture monitors Exchange Online modern authentication.  Use Augmentt to easily deploy this configuration.

2.5 Augmentt’s security posture monitors Safe Attachments for Sharepoint/OneDrive and Microsoft Teams.  Use Augmentt to easily enable Defender for Office 365.

2.6 Augmentt’s security posture monitors the setting to disallow the download of infected files from Office 365.  Use Augmentt to easily enable this configuration.

2.7 Augmentt’s security posture monitors user app consent.  Use Augmentt to easily disable end user’s ability to consent to applications.

3.3 Augmentt’s security posture monitors Teams default sharing settings.

3.4 Augmentt’s security posture monitors for the existence of DLP Policies.

3.6 Augmentt’s security posture monitors Sharepoint default sharing settings as well as resharing by external users.  Use Augmentt to easily disable resharing by external users.

4.3 Augmentt’s security posture monitors outbound anti-spam policies to block automatic forwarding rules.  Use Augmentt to easily configure compliant outbound policies that block automatic forwarding.

4.7 Augmentt’s security posture monitors your domain’s DKIM status.  Use Augmentt to configure DKIM for all supported domains.

5.2 Augmentt’s security posture monitors the enablement status of the M365 Audit Log (now known as Purview).  Use Augmentt to enable the M365 Audit Log

5.3 Augmentt’s security posture monitors the enablement status Mailbox Auditing.  Use Augmentt to enable mailbox audits organization wide.

5.4 Augmentt’s alerting will collect and send notifications for Risky Sign-ins via email or integrated to your PSA.  These alerts are retained for 90 days for review.

5.6 Augmentt’s alerting will collect and send notifications for self-service password reset activity via email or integrated to your PSA.  These alerts are retained for 90 days for review.

5.7 Augmentt’s alerting will collect and send notifications for role and group change activity via email or integrated to your PSA.  These alerts are retained for 90 days for review.

5.8 Augmentt’s alerting will collect and send notifications for forwarding rule creations/enablement activity via email or integrated to your PSA.  These alerts are retained for 90 days for review.

5.11 Augmentt’s alerting will collect and send notifications on administrator role change activity via email or integrated to your PSA.  These alerts are retained for 90 days for review.