search

KelvinTegelaar / CIPP

CIPP is a M365 multitenant management solution
https://cyberdrain.com / https://cipp.app
GNU Affero General Public License v3.0
814 stars 5.03k forks source link

[Feature Request]: Standards -> Check if Standard Protection or Strict Protection is ENABLED #2886

Closed erikhoenderdos closed 2 months ago

erikhoenderdos commented 2 months ago

Description of the new feature - must be an in-depth explanation of the feature you want, reasoning why, and the added benefits for MSPs as a whole.

We would like to check if our custommers have the Preset Security Policies enabled (Standard Protection or Strict Protection)

Currently it is possible in CIPP to check the status of the default policys and their values. We don't use them because our client tenants use the preset security policies from Microsoft.

In example: If i check the default policy for the value of Phishing email threshold my custommer reports 0 but i have the security defaults enabled. So there is an additionial policy at Policies & Rules > Threat policies > Anti -phising named "Standard Preset Security Policy" This default policy sets the Phishing email threshold to 3.

It's documented on this learn document: https://learn.microsoft.com/en-us/defender-office-365/preset-security-policies for all the powershell cmdlets see: https://learn.microsoft.com/en-us/defender-office-365/preset-security-policies#preset-security-policies-in-exchange-online-powershell

So in short, could their be a mechanisme to check if these preset policys are enabled?

please be aware that you always need to enable the preset once using webinterface before using the powershell cmdlets below The only supported method for creating the individual security policies for Standard or Strict preset security policies is to turn on the preset security policy in the Microsoft Defender portal for the first time.

PowerShell commands you would normally use to achieve above request

Standard preset security policy: Get-EOPProtectionPolicyRule -Identity "Standard Preset Security Policy" Get-ATPProtectionPolicyRule -Identity "Standard Preset Security Policy" Enable-EOPProtectionPolicyRule -Identity "Standard Preset Security Policy" Enable-EOPProtectionPolicyRule -Identity "Strict Preset Security Policy"

Strict preset security policy Get-EOPProtectionPolicyRule -Identity "Strict Preset Security Policy" Get-ATPProtectionPolicyRule -Identity "Strict Preset Security Policy" Enable-EOPProtectionPolicyRule -Identity "Standard Preset Security Policy"; Enable-ATPProtectionPolicyRule -Identity "Standard Preset Security Policy" Enable-EOPProtectionPolicyRule -Identity "Strict Preset Security Policy"; Enable-ATPProtectionPolicyRule -Identity "Strict Preset Security Policy"

KelvinTegelaar commented 2 months ago

We currently have an Feature Request stop as we're doing a rewrite; outside of our feature stop, only if you are sponsoring at the $99,- dollar level you are able to make feature requests.