The M365 compliance feature will primarily focus on establishing a baseline of security standards for an M365 environment leveraging known Industry Security Standards (CIS Benchmark) for M365. The M365 Security Module will provide Infocyte the ability to score and grade an M365 environment with a Risk Score, identify issues and highlight recommended remediation steps.
The following services will be covered within Infocyte’s M365 Security Model:
- - Exchange Online
- - SharePoint Online
- - Skype & Teams
- - Azure Active Directory
- - inTune
Configuration in 3 easy steps
Prerequisite: An M365 account with Global Admin privileges is required to configure integration. Infocyte recommends that a service account is created to be used for Infocyte in the M365 space.
Navigate to: Discover Tab --) Compliance
The compliance query section of the app can be accessed by clicking the “Compliance” button on the left hand side of the discover tab.
- The Compliance query screen will list all successfully created queries that can be used to scan a given M365 environment.
- The list can be sorted by Name, Domain, Created, and Last Scanned columns
- You can also add new queries from this screen.
- Continue to Step 2
Select: Add compliance Query Button
New compliance queries can be added using the “Add compliance query” button at the top right hand side of the query list.
Clicking this button will open a new window to specify the query name, schedule, and type.
Configure your query
1. Name your Compliance Query -- Compliance Query Names must be unique and have a max length of 50 characters.
2. Select "Microsoft 365" as the TYPE. (note: as of the publish date of this article, Microsoft 365 is the only option)
3. Select a schedule to repeat scans on a regular cadence.
4. Once the "Sign-In" button turns blue, you are ready to proceed by clicking on the "Sign-In" button.
-- Clicking the button will display a separate browser window where M365 credentials are entered.
-- A successful sign in with a global admin account will display a Permission requested screen.
-- Clicking the accept option will complete the sign in process, and close the child window.
Edit compliance query
On the compliance query list, clicking the query name link will display an Edit compliance query window.
Only the name and schedule can be updated from here, a new query name must be unique, and still stay under the 50 character limit.
The Domain used cannot be updated. To change the domain or to add domains a new query must be created.
Delete compliance query
Existing compliance queries can be deleted using the action menu for individual lines on the compliance queries list.
Delete confirmation window will display, and list item will be removed permanently after clicking the okay button.
Next Article: Scanning and Reviewing your Results