Skip to content

Cis m365 5.0 #149

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 15 commits into from
Jun 25, 2025
Merged

Cis m365 5.0 #149

merged 15 commits into from
Jun 25, 2025

Conversation

rfernandezdo
Copy link
Contributor

Context

Ruleset and findings for CIS_Microsoft_365_Foundations_Benchmark_v5.0.0 added

Description

ruleset and findings for rules CIS_Microsoft_365_Foundations_Benchmark_v5.0.0

License

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@rfernandezdo
Add new compliance rules for Microsoft 365 CIS 5.0 benchmarks
acb9828 
- Created JSON files for DLP policies disabled in Microsoft Purview.
- Added rules for restricting external access in Microsoft Teams.
- Implemented checks for user reporting of security concerns in Teams.
- Established controls for disallowing downloads of infected files in SharePoint Online.
- Enforced requirement for modern authentication in SharePoint applications.
- Introduced a new ruleset JSON file for CIS Microsoft 365 Foundations 5.0 compliance.
@rfernandezdo
Update CIS Microsoft 365 5.0 ruleset metadata and framework information
7c443a0
@rfernandezdo
Enhance Microsoft Fabric compliance rules with detailed rationale, im…
331f6cc 
…pact, remediation steps, and references for sensitivity labels, ResourceKey authentication, external data sharing, R/Python visuals, Service Principals API access, profile creation restrictions, and shareable links.
@rfernandezdo
Add idSuffix to Microsoft Fabric compliance rules for clarity and con…
0c916d3 
…sistency
@rfernandezdo
Add new compliance rules for restricting tenant creation, third-party…
deb3675 
… applications, admin center access, and sign-in options in EntraID
@rfernandezdo
Add new compliance rules for privileged user license management, Link…
033b3fa 
…edIn account connections, and idle session sign-out in EntraID
@rfernandezdo
Add args parameter to excessive global admins compliance rule for cla…
4771ea8 
…rity
@silverhack
Copy link
Owner

silverhack commented Jun 16, 2025
edited
Loading

Hi @rfernandezdo

Firstly I want to thank you for your pull request, it's really appreciated.

Secondly, and after carefully reviewed your code, I realised that this pull request will be very difficult to approve. I will try to explain better.

It seems that new implemented checks are incorrectly using the "Path" property, as shown below:
image
Instead of calling directly to internal PowerShell functions, Monkey365 stores all information from collectors into an internal PowerShell custom object that act as a local database. Another internal PowerShell module is used to run queries against this "local database". This is by design to prevent script command injection attacks. Please, see information about how to create custom rules in Monkey365.

Also, and as far as I can see, several duplicate entries were created as part of this pull request:
image
I'm not sure if those duplicated files are included for any specific reason.

Regarding errors, I believe that all your tests passed correctly because you forget to pass --Ruleset to Monkey365. According to my internal tests, several internal functions and modules will be affected if this pull request is approved.
image

On the other hand and thanks to your pull request I have found a couple of bugs within the ruleset engine that needs to be addressed, so thanks!

Please, do let me know with your thoughts about the above comments. I can remove duplicate files and wrong rules to fix your pull request and move the rest of the valid code to the develop branch. With that, you will be added as a contributor of this project, which I believe is good.

Cheers,
Juan

@rfernandezdo
Copy link
Contributor Author

The duplicate files as well as the rules have been due to little knowledge of the tool.
In the case of the files, I thought that they had to be generated for each version, although I had seen that there were some override sessions.

In the case of the rules, it's similar :D

Go ahead, Juan, with the proposed changes. We'll try to make the code better in the next iteration.

Thanks!

@rfernandezdo rfernandezdo changed the title Cis m365 5.0 WIP: Cis m365 5.0 Jun 17, 2025
@rfernandezdo rfernandezdo changed the title WIP: Cis m365 5.0 Cis m365 5.0 Jun 18, 2025
@rfernandezdo
Copy link
Contributor Author

Hi Juan,

I've tried to apply the changes mentioned above and have started to look at the data model by importing it and running queries, but I haven't been able to progress much further because I don't have an environment from which to feed all the collectors.

I hope you can continue working on this PR so that it's useful ;)

@silverhack silverhack merged commit bb178af into silverhack:develop Jun 25, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@rfernandezdo @silverhack