) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Microsoft Defender for Office 365 - SCuBA 1.5.0 Checklist Details (Checklist Revisions)
NOTE
This is not the current revision of this Checklist, view the current revision.
Supporting Resources:
-
Download Prose - Alert policies in Microsoft 365
- Microsoft Corporation
Target:
| Target | CPE Name |
|---|---|
| Microsoft Windows Defender | cpe:/a:microsoft:windows_defender (View CVEs) |
Checklist Highlights
- Checklist Name:
- Microsoft Defender for Office 365 - SCuBA
- Checklist ID:
- 1083
- Version:
- 1.5.0
- Type:
- Compliance
- Review Status:
- Final
- Authority:
- Governmental Authority: Cybersecurity and Infrastructure Security Agency (CISA)
- Original Publication Date:
- 12/20/2023
Checklist Summary:
Microsoft 365 (M365) Defender is a cloud-based enterprise defense suite that coordinates prevention, detection, investigation, and response. This set of tools and features are used to detect many types of attacks. This baseline focuses on the features of Defender for Office 365, but some settings are actually configured in the Microsoft Purview compliance portal. However, for simplicity, both the M365 Defender and Microsoft Purview compliance portal items are contained in this baseline. Generally, use of Microsoft Defender is not required by the baselines of the core M365 products (Exchange Online, Teams, etc.). This baseline serves as a guide should an agency elect to use Defender as their tool of choice. Please note that some of the controls in the core baselines require the use of a dedicated security tool, such as Defender.
Checklist Role:
- Operating System
Known Issues:
Not Provided
Target Audience:
The CISA SCuBA SCBs for M365 help secure federal information assets stored within M365 cloud business application environments through consistent, effective, and manageable security configurations. CISA created baselines tailored to the federal government’s threats and risk tolerance with the knowledge that every organization has different threat models and risk tolerance. Non-governmental organizations may also find value in applying these baselines to reduce risks.
Target Operational Environment:
- Managed
- Standalone
Testing Information:
Not Provided
Regulatory Compliance:
Not Provided
Comments/Warnings/Miscellaneous:
Not Provided
Disclaimer:
The information in this document is being provided “as is” for INFORMATIONAL PURPOSES ONLY. CISA does not endorse any commercial product or service, including any subjects of analysis. Any reference to specific commercial entities or commercial products, processes, or services by service mark, trademark, manufacturer, or otherwise, does not constitute or imply endorsement, recommendation, or favoritism by CISA. This document does not address, ensure compliance with, or supersede any law, regulation, or other authority. Entities are responsible for complying with any recordkeeping, privacy, and other laws that may apply to the use of technology. This document is not intended to, and does not, create any right or benefit for anyone against the United States, its departments, agencies, or entities, its officers, employees, or agents, or any other person.
Product Support:
CyberSharedServices@cisa.dhs.gov
Point of Contact:
CyberSharedServices@cisa.dhs.gov
Sponsor:
Not Provided
Licensing:
Portions of this document are adapted from documents in Microsoft’s M365 and Azure GitHub repositories. The respective documents are subject to copyright and are adapted under the terms of the Creative Commons Attribution 4.0 International license. Sources are linked throughout this document. The United States government has adapted selections of these documents to develop innovative and scalable configuration standards to strengthen the security of widely used cloud-based software services.
Change History:
checklist approved - 2/5/24 updated to final - 3/7/24
Dependency/Requirements:
| URL | Description |
|---|
References:
| Reference URL | Description |
|---|