M365 Hardening
Learn how to strengthen your environment's defenses by implementing Attic's recommended security configurations.
Operational
- Mailbox Auditing Check and Fix [CHK-1003]
- Exchange On-Premise Configuration Check [CHK-1927]
- SharePoint URL Check [CHK-1500]
- Retrieve role assignments for Attic app [CHK-1113]
- Get a list of Tier0 PIM users [CHK-1106]
- Count inactive users [CHK-1010]
- Microsoft AzureAD Access Verification [CHK-1100]
- Organization Customization Check [CHK-1009]
- Exchange Online Access [CHK-1000]
- Audit Log Check [CHK-1001]
- Microsoft 365 Audit Logging [CHK-1002]
- Check and Fix ATTIC Named Location [CHK-1107]
- Unmanaged Attic Named Location [CHK-1108]
- Count licensed users [CHK-1101]
- Get a list of Tier0 users [CHK-1105]
- Directory Synchronization Status Check in Entra ID [CHK-1926]
Teams
- Report a Security Concern in Teams [CHK-1628]
- Scan Messages for Unsafe Files [CHK-1626]
- Scan Messages for Unsafe Links [CHK-1625]
- Block External Consumer Chats in Microsoft Teams [CHK-1622]
- Disabling Email Access to Microsoft Teams Channels [CHK-1621]
- External Storage in Microsoft Teams [CHK-1620]
- Resharing by Guests in Microsoft Environment [CHK-1522]
- Authenticity Seal Validator App [CHK-1600]
- Block Anonymous Users from Starting Meetings [CHK-1623]
- Block Anonymous Users from Joining Meetings Unverified [CHK-1624]
Sharepoint
Exchange Online
- Notify Administrator of Outbound Spam [CHK-1065]
- Preventing Installation of Outlook Add-ins [CHK-1064]
- Restricting External Storage in Outlook [CHK-1060]
- Autodiscover Configuration Check [CHK-1057]
- Email Plus-Addressing Check [CHK-1054]
- Office365 Auto-Forwarding Policy and Exceptions [CHK-1049]
- MailTips Configuration [CHK-1048]
- LinkedIn Contact Synchronization [CHK-1046]
- Preventing Email Auto-forwarding in Office365 [CHK-1036]
- Monitoring MX-Record Changes [CHK-1034]
- What question is your article answering?External Calendar Sharing [CHK-1031]
- Content Filtering Policy Check [CHK-1028]
- Outbound Spam Filter Check [CHK-1026]
- Microsoft Exchange Malware Check and Notification [CHK-1025]
- Malware Notifications for Internal Emails [CHK-1024]
- Identifying Emails from External Senders in Outlook [CHK-1023]
- Legacy Authentication (Exchange) [CHK-1325]
- Modern Authentication for Microsoft Exchange Online [CHK-1021]
- Blocking Potentially Dangerous Email Attachments [CHK-1020]
- Mailbox Auditing disabled [CHK-1067]
- Clone Intervention Screen [CHK-1102/CHK-1103]
EntraID - MFA
- Admin Accounts Without MFA [CHK-1137]
- Push Notifications via Microsoft Authenticator Check [CHK-1140]
- Microsoft Authenticator: Display App Name During Sign-In Attempts [CHK-1142]
- Multi-Factor Authentication (MFA) Status Check [CHK-1923]
- MFA Fraud Alerts [CHK-1144]
- Multi-Factor Authentication (MFA) Status Check [CHK-1132]
- Phishing-resistant MFA for Admins [CHK-1171]
- FIDO2 Authentication [CHK-1170]
- Block SMS Sign-In as First Authentication Factor [CHK-1164]
- Enforcing Push Notifications in Microsoft Authenticator [CHK-1161]
- Microsoft Authenticator: Display Location During Login Attempts [CHK-1153]
- MFA Number Verification Check [CHK-1141]
- Enforcing Multi-Factor Authentication for All Users [CHK-1327]
EntraID - Guests
EntraID - Conditional Access
- Conditional Access Policies [CHK-1114]
- Enabling Report-Only Conditional Access Policies [CHK-1173]
- Enforcing Multi-Factor Authentication for All Users via Conditional Access Policies [CHK-1921]
- Block Device Code Flow Authentication [CHK-1172]
- Security Defaults vs Conditional Access [CHK-1167]
- User Risk Policy Check [CHK-1336]
- Sign-in Risk Policy [CHK-1334]
- Enforce Multi-Factor Authentication for Administrators [CHK-1328]
EntraID - General
- Dynamic Group Vulnerability Analysis and Fix [CHK-1177]
- Enabling Local Administrator Password Solution (LAPS) in Entra ID [CHK-1169]
- Administrative Role Overlap [CHK-1322]
- Preventing Tenant Creation in Entra ID [CHK-1155]
- Self-Service Password Reset [CHK-1333]
- Automatic Password Expiry [CHK-1331]
- Security Group Creation Check [CHK-1056]
- Emergency Access Account Password Change Alert [CHK-1052]
- Customer Lockbox Check [CHK-1320]
- App Consent Policy Check [CHK-1128]
- Microsoft Security Defaults Check [CHK-1127]
- Limit App Registrations to Admins [CHK-1120]
- Login Authenticity Seal [CHK-1110]
- Directory Sync Softmatch [CHK-1150]
- Bitlocker Keys Readable [CHK-1149]
- Enabling Password Protection in EntraID [CHK-1147]
- Enable Admin Consent Flow in EntraID [CHK-1146]
- Emergency Access Account Check [CHK-1135]