Skip to content

Update SCBs match updates through the CB approval process (Marlin) #1681

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions PowerShell/ScubaGear/baselines/removedpolicies.md
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ Group owners SHALL NOT be allowed to consent to applications.
#### MS.DEFENDER.6.2v1
Microsoft Purview Audit (Premium) logging SHALL be enabled for ALL users.
- _Removal date:_ March 2025
- _Removal rationale:_ MS.DEFENDER.6.2v1 was originally included in order to enable auditing of additional user actions not captured under Purview Audit (Standard). In October 2023, Microsoft announced changes to its Purview Audit service that included making audit events in Purview Audit (Premium) available to Purview Audit (Standard) subscribers. Now that the rollout of changes has been completed, Purview (Standard) includes the necessary auditing which is addressed by MS.DEFENDER.6.1v1.
- _Removal rationale:_ MS.DEFENDER.6.2v1 was originally included in order to enable auditing of additional user actions not captured under Purview Audit (Standard). In October 2023, Microsoft announced changes to its Purview Audit service that included making audit events in Purview Audit (Premium) available to Purview Audit (Standard) subscribers. Now that the rollout of changes is completed, Purview (Standard) includes the necessary auditing that is addressed by MS.DEFENDER.6.1v1.

## Exchange Online

Expand Down Expand Up @@ -74,7 +74,7 @@ N/A
#### MS.SHAREPOINT.1.4v1
Guest access SHALL be limited to the email the invitation was sent to.
- _Removal date:_ February 2025
- _Removal rationale:_ The option to limit guest access to the email the invitation was sent to found in policy MS.SHAREPOINT.1.4v1 has been deprecated by Microsoft. All references including the policy and its implementation steps have been removed as the setting is no longer present.
- _Removal rationale:_ The option to limit guest access to the email the invitation was sent to found in policy MS.SHAREPOINT.1.4v1 has been deprecated by Microsoft. All references, including the policy and its implementation steps, have been removed since the setting is no longer present.

#### MS.SHAREPOINT.4.1v1
Users SHALL be prevented from running custom scripts on personal sites (aka OneDrive).
Expand Down
8 changes: 4 additions & 4 deletions PowerShell/ScubaGear/baselines/sharepoint.md
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ External sharing for SharePoint SHALL be limited to Existing guests or Only peop
External sharing for OneDrive SHALL be limited to Existing guests or Only people in your organization.

<!--Policy: MS.SHAREPOINT.1.2v1; Criticality: SHALL -->
- _Rationale:_ Sharing files outside the organization via OneDrive increases the risk of unauthorized access. By limiting external sharing, administrators decrease the risk of unauthorized unauthorized access to information.
- _Rationale:_ Sharing files outside the organization via OneDrive increases the risk of unauthorized access. By limiting external sharing, administrators decrease the risk of unauthorized access to information.
- _Last modified:_ June 2023
- _MITRE ATT&CK TTP Mapping:_
- [T1048: Exfiltration Over Alternative Protocol](https://attack.mitre.org/techniques/T1048/)
Expand All @@ -56,7 +56,7 @@ External sharing for OneDrive SHALL be limited to Existing guests or Only people
External sharing SHALL be restricted to approved external domains and/or users in approved security groups per interagency collaboration needs.

<!--Policy: MS.SHAREPOINT.1.3v1; Criticality: SHALL -->
- _Rationale:_ By limiting sharing to domains or approved security groups used for interagency collaboration purposes, administrators help prevent sharing with unknown organizations and individuals.
- _Rationale:_ By limiting sharing to domains or approved security groups used for interagency collaboration purposes, administrators can help prevent sharing with unknown organizations and individuals.
- _Last modified:_ March 2025
- _Note:_ This policy is only applicable if the external sharing slider in the SharePoint admin center is not set to **Only people in your organization**.
- _MITRE ATT&CK TTP Mapping:_
Expand Down Expand Up @@ -193,7 +193,7 @@ Sharing files with external users via the usage of **Anyone links** or **Verific
Expiration days for Anyone links SHALL be set to 30 days or less.

<!--Policy: MS.SHAREPOINT.3.1v1; Criticality: SHALL -->
- _Rationale:_ Links may be used to provide access to information for a short period of time. Without expiration, however, access is indefinite. By setting expiration timers for links, administrators prevent unintended sustained access to information.
- _Rationale:_ Links may be used to provide access to information for a short period of time. Without expiration, however, access is indefinite. By setting expiration timers for links, administrators can prevent unintended sustained access to the link.
- _Last modified:_ March 2025
- _Note:_ This policy is only applicable if the external sharing slider in the SharePoint admin center is set to **Anyone**.
- _MITRE ATT&CK TTP Mapping:_
Expand All @@ -218,7 +218,7 @@ The allowable file and folder permissions for links SHALL be set to View only.
Reauthentication days for people who use a verification code SHALL be set to 30 days or less.

<!--Policy: MS.SHAREPOINT.3.3v1; Criticality: SHALL -->
- _Rationale:_ A verification code may be given out to provide access to information for a short period of time. By setting expiration timers for verification code access, administrators prevent unintended sustained access to information.
- _Rationale:_ A verification code may be issued to provide access to information for a short period. By setting expiration timers for verification code access, administrators can prevent unintended sustained access to links.
- _Last modified:_ March 2025
- _Note:_ This policy is only applicable if the external sharing slider in the SharePoint admin center is set to **Anyone** or **New and existing guests**.
- _MITRE ATT&CK TTP Mapping:_
Expand Down
2 changes: 1 addition & 1 deletion PowerShell/ScubaGear/baselines/teams.md
Original file line number Diff line number Diff line change
Expand Up @@ -118,7 +118,7 @@ Meeting recording SHOULD be disabled.
Record an event SHOULD NOT be set to Always record.

<!--Policy: MS.TEAMS.1.7v2; Criticality: SHOULD -->
- _Rationale:_ Allowing to always record Live Events can pose data leakage and other security risks. Limiting recording permissions to only the organizer minimizes the security risk to the organizer's discretion for these Live Events. Administrators can also disable recording for all live events.
- _Rationale:_ Allowing to always record Live Events can pose data and video recording leakage and other security risks. Limiting recording permissions to only the organizer minimizes the security risk to the organizer's discretion for these Live Events. Administrators can also disable recording for all live events.
- _Last modified:_ March 2025
- _Note:_ This policy applies to the Global (Org-wide default) meeting policy. Custom policies MAY be created to allow more flexibility for specific users.
- _MITRE ATT&CK TTP Mapping:_
Expand Down
Loading