Versions Compared

Version Old Version 1 New Version 2
Changes made by

Ryan Seymour

Ryan Seymour

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Panel
panelIconId221f49e4-6c26-46d2-bdb3-d138d1a9e4a6
panelIcon:CS:
panelIconText:CS:
bgColor#E3FCEF

You can find this module at the Global and Company levelslevel only.

Panel
panelIconIdatlassian-info
panelIcon:info:
bgColor#F4F5F7

The Microsoft 365 Security Inspection Report provides a comprehensive overview of the security posture within the Microsoft 365 environment. It evaluates various security controls, identifies vulnerabilities, and offers recommendations to enhance security measures, ensuring robust protection against potential threats and breaches.

...

Visit our YouTube Channel for more video content: https://www.youtube.com/@connectsecure

...

Table of Contents

Table of Contents
stylenone

Microsoft 365 Security Inspection - Details

Access the Microsoft 365 Security Inspection from the Cloud Assessments category.

...

Getting Started - Application Thumbprint Certificate

Before you begin the setups below, you must download the Certificate for Application Thumbprint.

  1. Login to the ConnectSecure portal.

  2. Navigate to Global > Settings > Integrations > Microsoft 365 Security Inspector.

  3. Scroll down and tap the Download Certificate; this will be uploaded directly in the Azure Portal next.

...

M365 Audit - Setup in Azure Portal

  1. Log in to the Azure portal (http://portal.azure.com ).

  2. Tap on the ‘App registrations’ option in Azure services (or use the Search).

...

  1. Record the Application (client) ID and Directory (Tenant ID) values from the screen.

...

Generate Client Secret

  1. Click on the ‘Add a certificate or secret’ link from the Client credentials section.

...

  1. After the upload, you will see the Thumbprint value; record this for use in ConnectSecure.

...

Configure API Permissions

  1. Under the Manage section, tap on the Manifest option.

...

  1. Tap on API Permissions from the left panel, then tap the ‘Grant admin consent for…’ button.

...

Assign Roles in Microsoft Entra Roles and Administrators

Panel
bgColor#DEEBFF

Assign Roles in Microsoft Entra Roles and Administrators for O365

  • These Roles works for O365 Sync Scan

  • Global Reader Privileges

...

Info

Enter optional policy descriptions and justifications as required; this may vary depending on your Azure portal settings.

...

M365 Audit - Setup in ConnectSecure

  1. Login to your ConnectSecure portal (IE: portal.myconnectsecure.com)

  2. Please navigate back to Global > Settings > Integrations > Microsoft 365 Security Inspector, where we originally obtained the download certificate (application thumbprint).

Credentials

Complete the required fields with your values from the previous steps outlined above.

...

🏁 Proceed to Company Mapping below.

...

Company Mapping

You will need to map the ConnectSecure company to the M365 company.

...

  1. Tap on the Add, then Finish to complete mapping.

...

Start M365 Sync

Once you complete the mapping(s), navigate to Active Directory > M365 Audit Report.

...

Tap on the Word or PPT icons for report/PPT outputs.

...

Results Summary

...

Microsoft 365 Security Inspection Dashboard

Review the findings in the company-level dashboard.

...

Microsoft 365 Security Inspection Items

M365 Security Inspection Items

ADFS Configuration Found

Administrative Users with No Multi-Factor Authentication Enforced

Anti-Domain Spoofing Not Fully Enabled

Applications Registered to Tenant with Certificate Credentials

Applications Registered to Tenant with Client Secret (Password) Credentials

Azure PowerShell Service Principal Assignment Not Enforced

Azure PowerShell Service Principal Configuration Missing

Basic Authentication is Enabled

Calendar Sharing with External Users Enabled

Common Malicious Attachment Extensions are Not Filtered

Conditional Access Policies

Conditional Access Policies - Device Platforms

Conditional Access Policies - Legacy Authentication

DKIM Not Enabled for Exchange Online Domains

DLP Policies Not Enabled and Enforced

Dangerous Attachment Extensions are Not Filtered

Dangerous Default Permissions

Directory Synced Users Found in Admin Roles

Directory Synchronization Enabled

Directory Synchronization Service Account Found

Do Not Bypass the Safe Attachments Filter

Do Not Bypass the Safe Links Feature

Domains with No DKIM Selector 1 DNS Record

Domains with No SPF Records

Domains with SPF Soft Fail Configured

Domains with no DKIM Record Selector 2

Domains with no DMARC Records

Email Security Checks are Bypassed Based on Sender's’s Domain

Email Security Checks are Bypassed Based on Sender's’s IP

Entities Allowed to Perform Domain Spoofing

eDiscovery Case Administrators

Exchange Mailboxes Hidden from Global Address Lists Found

Exchange Mailboxes with Forwarding Rules to External Recipients

Exchange Mailboxes with FullAccess Delegates Found

Exchange Mailboxes with IMAP Enabled

Exchange Mailboxes with Internal Forwarding Rules Enabled

Exchange Mailboxes with POP-Enabled

Exchange Mailboxes with SendAs Delegates Found

Exchange Mailboxes with SendOnBehalfOf Delegates Found

Exchange Mobile Device Mailbox Security Policies

Exchange Modern Authentication is Not Enabled

Exchange Online Mailboxes with SMTP Authentication Enabled

Expired Domain Registration Found

Federation Trusts in Tenant

Iframes Not Identified as Spam

Improper Number of Company/Global Administrators

MFA Not Required for Device Registration

MFA Not Required for Security Information Registration

MSOnline (MSOL) PowerShell Module Enabled on Tenant

Mailbox Auditing Should be Enabled at the Tenant Level

Mailboxes without Mailbox Auditing Enabled

Malware Filter Policies Don't Alert for Internal Users Sending Malware

Microsoft Secure Defaults

Microsoft Teams Consumer Communication Policies

Microsoft Teams External Access Policies

Microsoft Teams External Domain Communication Policies

Microsoft Teams Policies Allow Anonymous Members

Microsoft Teams Users Allowed to Invite Anonymous Users

Microsoft Teams Users Allowed to Preview Links in Messages

No Conditional Access Policies Block Risky Sign-in

No Conditional Access Policies Mitigate User Risk

No Custom Anti-Malware Policy Present

No Custom Anti-Phishing Policy Present

No Spam Filters to Flag Emails containing IP Addresses as Spam

No Transport Rules to Block Exchange Auto-Forwarding

No Transport Rules to Block Executable Attachments

No Transport Rules to Block Large Attachments

Office Message Encryption is Not Enabled

Outgoing Sharing Invitations are Not Monitored

Password Expiration Period is Set

Password Synchronization Enabled

SMTP Authentication not Globally Disabled

SSPR Allows Email Authentication

Safe Attachments Not Enabled

Safe Links Click-Through is Allowed

Safe Links Does Not Flag Links in Real Time

Safe Links Not Enabled

Self-Serve Password Reset is Not Enabled

Service Principals Found on Tenant with Certificate Credentials

Service Principals Found on Tenant with Client Secret (Password) Credentials

SharePoint External Sharing Enabled (Global)

Simulated Phishing Transport Rules - Security Bypasses

Spam ZAP (Zero-Hour Auto Purge) Not Enabled

Suspicious Outgoing Spam Messages Not Monitored

Tenant Federation Configuration

Tenant License Level

Tenant Transport Rules

Third-Party File Sharing Enabled in Microsoft Teams

Third-Party Applications Allowed

Unified Audit Log Search is Not Enabled

User consent to OAUTH applications not restricted

Users Allowed to Link Work Accounts to LinkedIn

Users Found in Azure AD Roles

Users with No MFA Configured

...

Microsoft 365 Security Inspection - Toolbar Options

...

Sync

Tap to start a sync manually.

...

Alerts

View our timeline style of System Events captured for each company. You can set an optional date filter range to target a specific date range of events.

...

Info

Tap here to view your V4 Getting Started Info.

https://cybercns.atlassian.net/wiki/x/MIDKfw

...

image-20250206-144503.png

Click to access the related documentation page; this link is functional on all screens and will take you to the appropriate documentation page.

...

Layout Settings

Here, you can change the UI look and feel using various options, including the Theme for color, the Scheme for dark and light mode, the Layout for toolbar and module positions, and the toggle to set the table view default.

Panel
panelIconId1f44b
panelIcon:wave:
panelIconText👋
bgColor#DEEBFF

I prefer the Teal color, Light mode, and Classic layout with an asset table view.

...

Get Support

Our support team is here to help. Use one of three options to start a support request.

...