[THEME] Access
The Access theme ensures that access to your Microsoft 365 environment is properly configured. It controls how people and programs can gain access to the cloud, minimizing the risk of unauthorized entry.
What does Attic do?
Attic checks a range of access-related settings to verify that the principle of least privilege is applied and that outdated or insecure access methods are disabled.
The checks in this theme cover:
- Security group creation is restricted to administrators
- Limited (least-privilege) admin roles are used instead of global admin
- The tenant has between 2 and 4 global administrators
- Legacy authentication protocols are disabled
- Modern authentication is enabled
- Customer Lockbox is enabled for data access requests
- Soft-match is blocked to prevent account takeover
- Tenant creation by regular users is disabled
- SharePoint legacy protocols and external sharing are properly configured
- No invisible or hidden roles are assigned
Why is this important?
Overly permissive access settings are one of the most common causes of security breaches. By restricting who can do what and ensuring only modern, secure authentication methods are allowed, you significantly reduce the attack surface of your Microsoft 365 environment.
Checks in this theme
| ID | Check |
|---|---|
| CHK-1056 | Security Group Creation |
| CHK-1322 | Limited admin roles |
| CHK-1329 | 2 to 4 global admins |
| CHK-1523 | Legacy authentication (SharePoint) |
| CHK-1320 | Customer Lockbox |
| CHK-1150 | Directory Sync Softmatch |
| CHK-1155 | Tenant creation |
| CHK-1522 | Resharing by Guests |
| CHK-1160 | Hidden admin roles |
| CHK-1021 | Modern authentication (Exchange) |
| CHK-1325 | Legacy authentication (Exchange) |