<img src="https://ws.zoominfo.com/pixel/JV60JGR5LG4sEWlH3Xte" width="1" height="1" style="display: none;">

SecureSky is honored to have contributed to and been recognized as a co-editor for the latest update, version 1.1, of the Center for Internet Security (CIS) Microsoft 365 Foundations Benchmark. This collaboration allowed us to leverage our extensive experience in Office 365 (O365) incident response and security control recommendations, further enriching the O365 security community.

The CIS Microsoft 365 Foundations Benchmark v1.1 offers detailed guidance for securing Microsoft 365 configurations, covering Exchange Online, SharePoint Online, OneDrive for Business, Skype/Teams, Azure Active Directory, and InTune. This version introduces significant updates, including:

Enhanced Account/Authentication Security

A new focus on Azure Active Directory emphasizes the disabling of insecure authentication protocols and the adoption of strong authentication practices. This aligns with CIS, SecureSky, and Microsoft's commitment to Azure Active Directory security, mirroring Microsoft's Security Defaults initiative.

Expanded Security Checks

The benchmark now includes additional security checks, such as Exchange MailTips, aiding users in recognizing emails sent outside their tenant.

License Level Applicability

Clarifications on security controls relevant to users' current Office 365 licensing levels, and insights into additional controls available with upgraded licenses.


CIS Microsoft 365 Benchmark v1.1

  •  

Participation in this esteemed group of security professionals, alongside Microsoft representatives, empowers SecureSky to share and gain invaluable security insights. This collaborative effort aims to guide our customers and the broader CIS community in risk assessment and the fortification of their O365 environments.

Following the benchmark update, CIS surveyed its community on the usage of other leading SaaS platforms. As CIS broadens its benchmarks to include platforms like Salesforce, Dropbox, G Suite, and Slack, SecureSky commits to delivering up-to-date security guidance and insights through our blog.

We are already engaged in developing the next O365 Benchmark, anticipated later this year. Access the complete Benchmark Guide for free here, and utilize it as a comprehensive checklist for securing your Microsoft Office 365 environment. For further assistance or to consult with an O365 security expert from SecureSky, please contact us.

SecureSky's expertise in securing and monitoring Office 365 environments is unmatched. Discover our client success stories and recommendations for enhancing Office 365 security on our website and through our Office 365 BEC Blog Series.

 

Frequently Asked Questions 

What is the CIS Microsoft 365 Benchmark v1.1?
The CIS Microsoft 365 Benchmark v1.1 provides security configuration guidelines for Microsoft 365 environments. It helps organizations strengthen protection across Exchange Online, Teams, SharePoint, Azure AD, and other Microsoft cloud services.
Why is the CIS Microsoft 365 Benchmark important for organizations?
The benchmark helps reduce security risks by recommending secure Microsoft 365 settings and authentication controls. It supports organizations in improving compliance, protecting sensitive data, and minimizing exposure to cyber threats.
What security improvements were introduced in CIS Benchmark v1.1?
Version 1.1 introduced stronger Azure Active Directory authentication guidance, expanded security checks, and recommendations aligned with Microsoft security best practices to improve tenant protection and account security.
How does SecureSky contribute to the CIS Microsoft 365 Benchmark?
SecureSky participated as a co-editor for the benchmark update, contributing expertise from Microsoft 365 incident response and cloud security management to improve the benchmark’s real-world security recommendations.
Which Microsoft 365 services are covered in the CIS Benchmark?
The CIS Microsoft 365 Benchmark covers Exchange Online, SharePoint Online, OneDrive for Business, Microsoft Teams, Azure Active Directory, and Intune security configurations for better cloud protection.