Research Microsoft "Security Assessments" capabilities

cisagov / ScubaGear

Automation to assess the state of your M365 tenant against CISA's baselines

https://www.cisa.gov/resources-tools/services/secure-cloud-business-applications-scuba-project

Creative Commons Zero v1.0 Universal

1.57k stars 211 forks source link

Research Microsoft "Security Assessments" capabilities #55

Open schrolla opened 1 year ago

schrolla commented 1 year ago

In a separate engagement with Microsoft, we learned about a feature of Azure that does "security assessments" of various MSFT products, including:

AD
Azure AD
Exchange Online
SPO

Here is the AAD one: https://learn.microsoft.com/en-us/services-hub/health/getting-started-azuread?source=recommendations

It would be good for us to evaluate these tools and the degree to which they overlap with our recommendations.

schrolla commented 9 months ago

Possible future exploration activity, but current documentation does not appear to include a list of possible recommendations for each product assessment. May need to contact Microsoft to see what those are to evaluate overlap.

schrolla commented 5 months ago

@mitchelbaker-cisa Double check if this assessment is still something to pursue.