maester icon indicating copy to clipboard operation
maester copied to clipboard

Published 20 hours ago verified publisher icon maester365

No status indication of the M365 platform tests?

Open albert-widjaja opened this issue 5 months ago • 6 comments

As the continuation from this thread: https://github.com/maester365/maester/issues/457

I wonder what I can do to ensure that these checks are executed successfully every day.

Some of the test has the indication when not executed. but not these tests: image

As you can see the above, there is no status or even error thrown after the execution.

These tests (without the duplicate:

  1. EIDSCA.AF02: Authentication Method - FIDO2 security key - Allow self-service set up.
  2. EIDSCA.AF03: Authentication Method - FIDO2 security key - Enforce attestation.
  3. EIDSCA.AF04: Authentication Method - FIDO2 security key - Enforce key restrictions.
  4. EIDSCA.AF05: Authentication Method - FIDO2 security key - Restricted.
  5. EIDSCA.AF06: Authentication Method - FIDO2 security key - Restrict specific keys.
  6. EIDSCA.AT02: Authentication Method - Temporary Access Pass - One-time.
  7. EIDSCA.CP01: Default Settings - Consent Policy Settings - Group owner consent for apps accessing data.
  8. MS.AAD.4.1: Security logs SHALL be sent to the agency's security operations center for monitoring.
  9. MS.EXO.1.1: Automatic forwarding to external domains SHALL be disabled.
  10. MS.EXO.12.1: IP allow lists SHOULD NOT be created.
  11. MS.EXO.12.2: Safe lists SHOULD NOT be enabled.
  12. MS.EXO.13.1: Mailbox auditing SHALL be enabled.
  13. MS.EXO.2.1: A list of approved IP addresses for sending mail SHALL be maintained.
  14. MS.EXO.2.2: An SPF policy SHALL be published for each domain, designating only these addresses as approved senders.
  15. MS.EXO.3.1: DKIM SHOULD be enabled for all domains.
  16. MS.EXO.4.1: A DMARC policy SHALL be published for every second-level domain.
  17. MS.EXO.4.2: The DMARC message rejection option SHALL be p=reject.
  18. MS.EXO.4.3: The DMARC point of contact for aggregate reports SHALL include [email protected].
  19. MS.EXO.5.1: SMTP AUTH SHALL be disabled.
  20. MS.EXO.6.1: Contact folders SHALL NOT be shared with all domains.
  21. MS.EXO.6.2: Calendar details SHALL NOT be shared with all domains.
  22. MS.EXO.7.1: External sender warnings SHALL be implemented.
  23. MS.EXO.8.1: A DLP solution SHALL be used.
  24. MT.1002: App management restrictions on applications and service principals is configured and enabled.
  25. MT.1021: Security Defaults are enabled.

albert-widjaja avatar Sep 16 '24 07:09 albert-widjaja