For a while, partners have been telling us how useful the ‘Get Microsoft 365 Security Baselines v2’ report is for quickly assessing a customer’s infrastructure against compliance frameworks like CIS, ISO 27001, NCSC Cyber Assessment Framework or simply against the Microsoft Secure Score Benchmark.
Previously partners have spent hours, sometimes days checking settings in a customer tenant against these frameworks. Now using the ‘Get Microsoft 365 Security Baselines v2’ report they can produce an assessment in minutes. What happens once you know what needs to be addressed?
The SkyKick team has now created the ‘Apply Microsoft 365 Security Baselines v2’ command, which enables you to apply a baseline/framework (and all of its settings) to a customer or customers in a few clicks.
As part of the update we:
- Added 34 new recommendations/controls
- Updated names for 15 recommendations/controls
- Removed 16 recommendations/controls that were replaced by others
- Removed all Intune-related recommendations. (These can be applied separately using individual solutions located in the Security Management -> Security Baselines -> Endpoint Management folder)
- Added more compliance-related configuration options to the Run Form.
- Added the ability to generate a Configuration Status Report that shows all the changes made by the solution for each customer in detail.
- Added settings specific to Conditional Access and Defender 365 Threat policy recommendations for Desired State Configuration (DSC).
- Added the ability to exclude different types of identities from Conditional Access and Defender 365 Threat policies and change the default policy names.
- Improved the Preview Mode Report layout and readability using enhanced HTML formatting.
- Improved the solution performance and stability.
When running the command, you will now notice we have three different run options (figure 1). Basic configuration is the option to use if you want to get going quickly with a simplified set of parameters. The next two options are for single or multiple customers, giving you more granularity on what you do if we find some of the Conditional Access and Defender 365 Threat policies already in place.
You can also filter the recommendations by product, selecting only the changes relating to a specific product like Exchange if you want to concentrate your efforts in one area. Perhaps more importantly, you can filter on End-User Impact, only making changes to settings with None or Low user impact leaving the bigger changes until later.
The ‘Jewel in the Crown’ however is the ‘Primary Compliance Standard’ option which allows you select the compliance standard you are considering putting in place. Once you select this option, you can either ‘Apply All Recommendations’ or select the now filtered list of recommendations in the ‘Recommendations by Product’ section at the bottom. No longer do you need to manually figure out what settings align to which compliance framework, Security Manager does that for you.
Next up, we have made the Preview Mode Only report more detailed (figure2). When you select ‘Preview Mode Only’, Security Manager doesn’t change any settings but instead informs you what would have changed. Now you can see how many of the recommendations will be applied (how much of a change is it going to be?), information about the impact of the changes (similar to the Get Microsoft 365 Security Baselines V2 Detail Report), and detail around the settings applied for the recommendation.
Finally, when you apply the settings with ‘Generate Additional Reports > Configuration Status Report’ selected, Security Manager makes the updates and then again lists the recommendations and tells you what changed (figure 3). This can be useful for showcasing the work you’ve done for your customer or for auditing if you need to see what changed and potentially reverse those changes.
As you can see, the Apply Microsoft 365 Security Baselines V2 script aligns perfectly with the Get Microsoft 365 Security Baselines V2 report allowing you to quickly assess a customer against a framework that fits their needs and equally as quickly apply changes to align them to the framework. Taking days or work and condensing it down into minutes.
As always, keep an eye out for more information and updates on either the blog, the ‘Lets Get It Done’ emails or by checking for new scripts in Workbench > Updates.
Figure 1
Figure 2
Figure 3
