Wat is het verschil tussen de verschillende paketten? Een overzicht van de verschillende checks en de paketten. Feature Free Bouncer Fixer MDR Login Protection Clone Intervention Screen ✅ ✅ ✅ ✅ Clone Detection ✅ ✅ ✅ ✅ Login Authenticity Seal ✅ ✅ ✅ ✅ Log Monitoring ✅ ✅ ✅ Microsoft365 Portal Clone Detected ✅ ✅ ✅ ✅ Exchange log stoppage detection ✅ Entra ID log stoppage detection ✅ Suspicious login (cloud provider) ✅ ✅ ✅ Suspicious login (threat intelligence) ✅ ✅ ✅ Suspicious login (empty user agent) ✅ ✅ ✅ Suspicious login (pattern) ✅ ✅ ✅ Click on phishing link ✅ ✅ ✅ Visits to phishing sites ✅ ✅ ✅ SharePoint log stoppage detection ✅ Teams log stoppage detection ✅ AzureAD EntraID Access ✅ ✅ Count licensed users ✅ ✅ get a list of admins (non pim) ✅ ✅ retrieve a list of administrators (with pim) ✅ ✅ Check ATTIC Named Location ✅ ✅ Unmanaged Attic named location ✅ ✅ Missing Roles ✅ ✅ Conditional Access Policies ✅ ✅ ✅ Limit App-registrations to admins ✅ ✅ Security Defaults enabled ✅ ✅ App consent policy ✅ ✅ Guest users with role assignment ✅ ✅ Users without MFA ✅ ✅ Emergency Access Account ✅ ✅ Admin without MFA ✅ ✅ New app-consent by admin ✅ ✅ Pushnotifications Microsoft Authenticator enabled ✅ ✅ MFA Number Matching ✅ ✅ Appname in MS Authenticator ✅ ✅ MFA Fraud Alerts enabled ✅ ✅ App-consent via Admin ✅ ✅ Custom banned password list ✅ ✅ Bitlocker keys not readable ✅ ✅ Directory Sync Softmatch ✅ ✅ Access Guest Users ✅ ✅ Guest user invites ✅ ✅ Location in MS Authenticator ✅ ✅ MFA exclusion added ✅ ✅ Tenant creation ✅ ✅ Hidden admin roles ✅ ✅ MFA Block OTP ✅ ✅ App Secret expires ✅ ✅ App Certificate expires ✅ ✅ Block SMS sign-in ✅ ✅ Minimize local admins ✅ ✅ Global admins non-local admins ✅ ✅ Security Defaults enabled but you have a premium license ✅ ✅ Monitor Conditional Access ✅ ✅ LAPS and Entra ID ✅ ✅ FIDO2 Authentication ✅ ✅ Phishing-resistant MFA for Admins ✅ ✅ Block Device Code Flow Authentication ✅ ✅ CA Report-only policies present ✅ ✅ Detection of potentially harmful apps ✅ ✅ Dynamic Group Vulnerability Analysis ✅ ✅ Role Assignable Group Privilege Escalation ✅ ✅ Directory Synchronization ✅ ✅ Guest added to role with high privileges ✅ Sign-in attempt with disabled account ✅ Emergency access account used ✅ User becomes Admin (non-PIM) ✅ Guest invite with high privileges ✅ New GDAP-relationship ✅ User with Tier0 role (PIM) ✅ User with Tier0 role (non-PIM) ✅ User becomes Admin (non-PIM) ✅ AITM activity (CloudFlare) ✅ AITM activity (didsomeoneclone.me) ✅ AITM activity (Azure) ✅ AITM activity (Amazon) ✅ Successful sign in using fast http user agent ✅ Authentication methods modified ✅ Authentication methods modified for user that could PIM to high privileged role ✅ AITM activity (User Agent pattern) ✅ Guest made eligible for PIM admin role ✅ Admin started SSPR ✅ Admin started SSPR (PIM) ✅ External user added to high privilege role (outside of PIM) ✅ Owner added to Subscription ✅ Python User-Agent detected ✅ Device code flow sign in on Tier0 account ✅ Suspicious country sign in on Tier0 account ✅ ExchangeOnline Exchange Online Access ✅ ✅ Audit logging works ✅ ✅ Microsoft 365 Auditlogs ✅ ✅ Mailbox auditing ✅ ✅ Organization Customization ✅ ✅ List inactive accounts ✅ ✅ Attachments file filter ✅ ✅ Modern authentication (Exchange) ✅ ✅ Labels for external mail ✅ ✅ Malware notifications (outgoing) ✅ ✅ Malware notifications (incoming) ✅ ✅ Outbound spam filter ✅ ✅ Content Filtering Policy ✅ ✅ External calendar sharing ✅ ✅ MX-records ✅ ✅ Remote domains and automatic forwarding ✅ ✅ LinkedIn Synchronization ✅ ✅ Outlook MailTips ✅ ✅ Auto-forwarding policy ✅ ✅ Delegate Admins ✅ ✅ Emergency Access Account Password ✅ ✅ Initiation emergency account ✅ ✅ Email plus-addressing ✅ ✅ Mailbox auditing bypass ✅ ✅ Security Group Creation ✅ ✅ Autodiscover configured ✅ ✅ Anti-Phishing mailtips ✅ ✅ Safe Links ✅ ✅ External storage in Outlook ✅ ✅ Spamscanning exception ✅ ✅ Safe Attachments ✅ ✅ Anti-phishing policy ✅ ✅ Outlook add-ins ✅ ✅ Spam notifications to administrator ✅ ✅ Mailbox auditing ✅ ✅ Transport Rule redirects email ✅ ✅ Mailbox Forwarding Baseline Check ✅ ✅ Suspicious Mailbox Rules Detection ✅ ✅ Check SharePoint Url ✅ ✅ Exchange on-premise ✅ ✅ New email forwarding rule ✅ Suspicious keyword in mailbox rule ✅ Mailbox external forwarding ✅ Transport rule forwards mail to external domain ✅ Transport rule with suspicious keywords ✅ Large number of external shares ✅ Teams Authenticity Seal Validator App ✅ ✅ External storage in Teams ✅ ✅ Teams Channels and Email ✅ ✅ Block external consumer chats ✅ ✅ Block anonymous users to start meetings ✅ ✅ Block anonymous users joining meetings ✅ ✅ Scan Messages for Unsafe Links ✅ ✅ Scan Messages for Unsafe Files ✅ ✅ Report a security concern ✅ ✅ Sharepoint Public SharePoint sites ✅ ✅ Microsoft 365 Defender ✅ ✅ Resharing by Guests ✅ ✅ Legacy authentication (SharePoint) ✅ ✅ Sharepoint Invites ✅ ✅ Malware in SharePoint ✅ Malware from SharePoint ✅ Intune Attic AitM Blocker installed ✅ ✅ ✅ SecureScore Customer Lockbox ✅ ✅ Limited admin roles ✅ ✅ Legacy authentication (Exchange) ✅ ✅ MFA for all users ✅ ✅ MFA enforced for admins ✅ ✅ 2 to 4 global admins ✅ ✅ Automatic password expiry ✅ ✅ Self-service password reset ✅ ✅ Sign-in Risk policy ✅ ✅ User Risk Policy ✅ ✅ SecureScore statistics ✅ ✅ MFA all users via conditional access ✅ ✅ SecureScore - MFA ✅ ✅ Compliance Protection Alert Notifications ✅ ✅ General Attic Monthly Report ✅ ✅ ✅ Defender Microsoft Defender Alert ✅ MISP Login from known IP [MISP] ✅ Office activity from known IP [MISP] ✅ Known URL in email [MISP] ✅ Known sender in email [MISP] ✅ Known attachment in email [MISP] ✅ Azure activity from known IP [MISP] ✅
