Skip to content

minor docs update to CIS #1730

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merill merged 2 commits into from
May 5, 2026
Merged

minor docs update to CIS #1730

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
d880452
minor docs update to CIS
Mynster9361 May 4, 2026
3eeb23c
updated non version aswell. and also updated Category so it is uniform.
Mynster9361 May 4, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
58 changes: 29 additions & 29 deletions website/docs/tests/cis/readme.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,41 +18,41 @@ These tests verify Microsoft 365 tenant configuration against CIS Microsoft 365

| Test ID | Title | Severity | Category |
| --- | --- | --- | --- |
| [CIS.M365.1.1.1](../CIS.M365.1.1.1) | (L1) Ensure Administrative accounts are cloud-only | High | CIS E3 Level 1 |
| [CIS.M365.1.1.3](../CIS.M365.1.1.3) | (L1) Ensure that between two and four global admins are designated | High | CIS E3 Level 1 |
| [CIS.M365.1.2.1](../CIS.M365.1.2.1) | (L2) Ensure that only organizationally managed/approved public groups exist | Medium | CIS E3 Level 2 |
| [CIS.M365.1.2.2](../CIS.M365.1.2.2) | (L1) Ensure sign-in to shared mailboxes is blocked | High | CIS E3 Level 1 |
| [CIS.M365.1.3.1](../CIS.M365.1.3.1) | (L1) Ensure the 'Password expiration policy' is set to 'Set passwords to never expire (recommended)' | High | CIS E3 Level 1 |
| [CIS.M365.1.3.3](../CIS.M365.1.3.3) | (L2) Ensure 'External sharing' of calendars is not available | Medium | CIS E3 Level 2 |
| [CIS.M365.1.3.4](../CIS.M365.1.3.4) | Ensure | Unknown | CIS E3 Level 1 |
| [CIS.M365.1.1.1](../CIS.M365.1.1.1) | Ensure Administrative accounts are cloud-only | High | CIS E3 Level 1 |
| [CIS.M365.1.1.3](../CIS.M365.1.1.3) | Ensure that between two and four global admins are designated | High | CIS E3 Level 1 |
| [CIS.M365.1.2.1](../CIS.M365.1.2.1) | Ensure that only organizationally managed/approved public groups exist | Medium | CIS E3 Level 2 |
| [CIS.M365.1.2.2](../CIS.M365.1.2.2) | Ensure sign-in to shared mailboxes is blocked | High | CIS E3 Level 1 |
| [CIS.M365.1.3.1](../CIS.M365.1.3.1) | Ensure the 'Password expiration policy' is set to 'Set passwords to never expire (recommended)' | High | CIS E3 Level 1 |
| [CIS.M365.1.3.3](../CIS.M365.1.3.3) | Ensure 'External sharing' of calendars is not available | Medium | CIS E3 Level 2 |
| [CIS.M365.1.3.4](../CIS.M365.1.3.4) | Ensure 'User owned apps and services' is restricted | Unknown | CIS E3 Level 1 |
| [CIS.M365.1.3.5](../CIS.M365.1.3.5) | Ensure internal phishing protection for Forms is enabled | Unknown | CIS E3 Level 1 |
| [CIS.M365.1.3.6](../CIS.M365.1.3.6) | (L2) Ensure the customer lockbox feature is enabled | High | CIS E5 Level 2 |
| [CIS.M365.1.3.7](../CIS.M365.1.3.7) | Ensure | Unknown | CIS E3 Level 2 |
| [CIS.M365.2.1.1](../CIS.M365.2.1.1) | (L2) Ensure Safe Links for Office Applications is Enabled (Only Checks Default Policy) | Medium | CIS E5 Level 2 |
| [CIS.M365.2.1.2](../CIS.M365.2.1.2) | (L1) Ensure the Common Attachment Types Filter is enabled (Only Checks Default Policy) | Medium | CIS E3 Level 1 |
| [CIS.M365.2.1.3](../CIS.M365.2.1.3) | (L1) Ensure notifications for internal users sending malware is Enabled (Only Checks Default Policy) | Medium | CIS E3 Level 1 |
| [CIS.M365.2.1.4](../CIS.M365.2.1.4) | (L2) Ensure Safe Attachments policy is enabled (Only Checks Default Policy) | High | CIS E5 Level 2 |
| [CIS.M365.2.1.5](../CIS.M365.2.1.5) | (L2) Ensure Safe Attachments for SharePoint, OneDrive, and Microsoft Teams is Enabled | High | CIS E5 Level 2 |
| [CIS.M365.2.1.6](../CIS.M365.2.1.6) | (L1) Ensure Exchange Online Spam Policies are set to notify administrators (Only Checks Default Policy) | Medium | CIS E3 Level 1 |
| [CIS.M365.2.1.7](../CIS.M365.2.1.7) | (L1) Ensure that an anti-phishing policy has been created (Only Checks Default Policy) | Medium | CIS E5 Level 1 |
| [CIS.M365.2.1.9](../CIS.M365.2.1.9) | (L1) Ensure that DKIM is enabled for all Exchange Online Domains | High | CIS E3 Level 1 |
| [CIS.M365.2.1.11](../CIS.M365.2.1.11) | (L2) Ensure comprehensive attachment filtering is applied | High | CIS E3 Level 2 |
| [CIS.M365.2.1.12](../CIS.M365.2.1.12) | (L1) Ensure the connection filter IP allow list is not used (Only Checks Default Policy) | Medium | CIS E3 Level 1 |
| [CIS.M365.2.1.13](../CIS.M365.2.1.13) | (L1) Ensure the connection filter safe list is off (Only Checks Default Policy) | Medium | CIS E3 Level 1 |
| [CIS.M365.2.4.4](../CIS.M365.2.4.4) | (L1) Ensure Zero-hour auto purge for Microsoft Teams is on (Only Checks ZAP is enabled) | Medium | CIS E5 Level 1 |
| [CIS.M365.3.1.1](../CIS.M365.3.1.1) | (L1) Ensure Microsoft 365 audit log search is Enabled | High | CIS E3 Level 1 |
| [CIS.M365.1.3.6](../CIS.M365.1.3.6) | Ensure the customer lockbox feature is enabled | High | CIS E5 Level 2 |
| [CIS.M365.1.3.7](../CIS.M365.1.3.7) | Ensure 'third-party storage services' are restricted in 'Microsoft 365 on the web' | Unknown | CIS E3 Level 2 |
| [CIS.M365.2.1.1](../CIS.M365.2.1.1) | Ensure Safe Links for Office Applications is Enabled (Only Checks Default Policy) | Medium | CIS E5 Level 2 |
| [CIS.M365.2.1.2](../CIS.M365.2.1.2) | Ensure the Common Attachment Types Filter is enabled (Only Checks Default Policy) | Medium | CIS E3 Level 1 |
| [CIS.M365.2.1.3](../CIS.M365.2.1.3) | Ensure notifications for internal users sending malware is Enabled (Only Checks Default Policy) | Medium | CIS E3 Level 1 |
| [CIS.M365.2.1.4](../CIS.M365.2.1.4) | Ensure Safe Attachments policy is enabled (Only Checks Default Policy) | High | CIS E5 Level 2 |
| [CIS.M365.2.1.5](../CIS.M365.2.1.5) | Ensure Safe Attachments for SharePoint, OneDrive, and Microsoft Teams is Enabled | High | CIS E5 Level 2 |
| [CIS.M365.2.1.6](../CIS.M365.2.1.6) | Ensure Exchange Online Spam Policies are set to notify administrators (Only Checks Default Policy) | Medium | CIS E3 Level 1 |
| [CIS.M365.2.1.7](../CIS.M365.2.1.7) | Ensure that an anti-phishing policy has been created (Only Checks Default Policy) | Medium | CIS E5 Level 1 |
| [CIS.M365.2.1.9](../CIS.M365.2.1.9) | Ensure that DKIM is enabled for all Exchange Online Domains | High | CIS E3 Level 1 |
| [CIS.M365.2.1.11](../CIS.M365.2.1.11) | Ensure comprehensive attachment filtering is applied | High | CIS E3 Level 2 |
| [CIS.M365.2.1.12](../CIS.M365.2.1.12) | Ensure the connection filter IP allow list is not used (Only Checks Default Policy) | Medium | CIS E3 Level 1 |
| [CIS.M365.2.1.13](../CIS.M365.2.1.13) | Ensure the connection filter safe list is off (Only Checks Default Policy) | Medium | CIS E3 Level 1 |
| [CIS.M365.2.4.4](../CIS.M365.2.4.4) | Ensure Zero-hour auto purge for Microsoft Teams is on (Only Checks ZAP is enabled) | Medium | CIS E5 Level 1 |
| [CIS.M365.3.1.1](../CIS.M365.3.1.1) | Ensure Microsoft 365 audit log search is Enabled | High | CIS E3 Level 1 |
| [CIS.M365.4.1](../CIS.M365.4.1) | Ensure devices without a compliance policy are marked | Unknown | CIS E3 Level 2 |
| [CIS.M365.5.1.2.2](../CIS.M365.5.1.2.2) | Ensure third party integrated applications are not allowed | Unknown | CIS E3 Level 2 |
| [CIS.M365.5.1.2.3](../CIS.M365.5.1.2.3) | Ensure | Unknown | CIS E3 Level 1 |
| [CIS.M365.5.1.2.3](../CIS.M365.5.1.2.3) | Ensure 'Restrict non-admin users from creating tenants' is set to 'Yes' | Unknown | CIS E3 Level 1 |
| [CIS.M365.5.1.3.1](../CIS.M365.5.1.3.1) | Ensure a dynamic group for guest users is created | Unknown | CIS E3 Level 1 |
| [CIS.M365.5.1.5.1](../CIS.M365.5.1.5.1) | Ensure user consent to apps accessing company data on their behalf is not allowed | Unknown | CIS E3 Level 2 |
| [CIS.M365.5.1.5.2](../CIS.M365.5.1.5.2) | Ensure the admin consent workflow is enabled | Unknown | CIS E3 Level 1 |
| [CIS.M365.5.1.6.2](../CIS.M365.5.1.6.2) | Ensure that guest user access is restricted | Unknown | CIS E3 Level 1 |
| [CIS.M365.5.2.3.5](../CIS.M365.5.2.3.5) | Ensure weak authentication methods are disabled | Unknown | CIS E3 Level 1 |
| [CIS.M365.6.5.3](../CIS.M365.6.5.3) | Ensure additional storage providers are restricted in Outlook on the web | Unknown | CIS E3 Level 2 |
| [CIS.M365.8.1.1](../CIS.M365.8.1.1) | (L2) Ensure external file sharing in Teams is enabled for only approved cloud storage services | Medium | CIS M365 v6.0.1 |
| [CIS.M365.8.2.2](../CIS.M365.8.2.2) | (L1) Ensure communication with unmanaged Teams users is disabled | Medium | CIS M365 v6.0.1 |
| [CIS.M365.8.2.3](../CIS.M365.8.2.3) | Ensure external Teams users cannot initiate conversations | Unknown | CIS M365 v6.0.1 |
| [CIS.M365.8.4.1](../CIS.M365.8.4.1) | (L1) Ensure all or a majority of third-party and custom apps are blocked | High | CIS M365 v6.0.1 |
| [CIS.M365.8.5.3](../CIS.M365.8.5.3) | (L1) Ensure only people in my org can bypass the lobby | Medium | CIS E3 Level 1 |
| [CIS.M365.8.6.1](../CIS.M365.8.6.1) | (L1) Ensure users can report security concerns in Teams to internal destination | Medium | CIS E3 Level 1 |
| [CIS.M365.8.1.1](../CIS.M365.8.1.1) | Ensure external file sharing in Teams is enabled for only approved cloud storage services | Medium | CIS E5 Level 2 |
| [CIS.M365.8.2.2](../CIS.M365.8.2.2) | Ensure communication with unmanaged Teams users is disabled | Medium | CIS E5 Level 1 |
| [CIS.M365.8.2.3](../CIS.M365.8.2.3) | Ensure external Teams users cannot initiate conversations | Unknown | CIS E5 Level 1 |
| [CIS.M365.8.4.1](../CIS.M365.8.4.1) | Ensure all or a majority of third-party and custom apps are blocked | High | CIS E5 Level 1 |
| [CIS.M365.8.5.3](../CIS.M365.8.5.3) | Ensure only people in my org can bypass the lobby | Medium | CIS E3 Level 1 |
| [CIS.M365.8.6.1](../CIS.M365.8.6.1) | Ensure users can report security concerns in Teams to internal destination | Medium | CIS E3 Level 1 |
58 changes: 29 additions & 29 deletions website/versioned_docs/version-2.1.0/tests/cis/readme.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,41 +18,41 @@ These tests verify Microsoft 365 tenant configuration against CIS Microsoft 365

| Test ID | Title | Severity | Category |
| --- | --- | --- | --- |
| [CIS.M365.1.1.1](../CIS.M365.1.1.1) | (L1) Ensure Administrative accounts are cloud-only | High | CIS E3 Level 1 |
| [CIS.M365.1.1.3](../CIS.M365.1.1.3) | (L1) Ensure that between two and four global admins are designated | High | CIS E3 Level 1 |
| [CIS.M365.1.2.1](../CIS.M365.1.2.1) | (L2) Ensure that only organizationally managed/approved public groups exist | Medium | CIS E3 Level 2 |
| [CIS.M365.1.2.2](../CIS.M365.1.2.2) | (L1) Ensure sign-in to shared mailboxes is blocked | High | CIS E3 Level 1 |
| [CIS.M365.1.3.1](../CIS.M365.1.3.1) | (L1) Ensure the 'Password expiration policy' is set to 'Set passwords to never expire (recommended)' | High | CIS E3 Level 1 |
| [CIS.M365.1.3.3](../CIS.M365.1.3.3) | (L2) Ensure 'External sharing' of calendars is not available | Medium | CIS E3 Level 2 |
| [CIS.M365.1.3.4](../CIS.M365.1.3.4) | Ensure | Unknown | CIS E3 Level 1 |
| [CIS.M365.1.1.1](../CIS.M365.1.1.1) | Ensure Administrative accounts are cloud-only | High | CIS E3 Level 1 |
| [CIS.M365.1.1.3](../CIS.M365.1.1.3) | Ensure that between two and four global admins are designated | High | CIS E3 Level 1 |
| [CIS.M365.1.2.1](../CIS.M365.1.2.1) | Ensure that only organizationally managed/approved public groups exist | Medium | CIS E3 Level 2 |
| [CIS.M365.1.2.2](../CIS.M365.1.2.2) | Ensure sign-in to shared mailboxes is blocked | High | CIS E3 Level 1 |
| [CIS.M365.1.3.1](../CIS.M365.1.3.1) | Ensure the 'Password expiration policy' is set to 'Set passwords to never expire (recommended)' | High | CIS E3 Level 1 |
| [CIS.M365.1.3.3](../CIS.M365.1.3.3) | Ensure 'External sharing' of calendars is not available | Medium | CIS E3 Level 2 |
| [CIS.M365.1.3.4](../CIS.M365.1.3.4) | Ensure 'User owned apps and services' is restricted | Unknown | CIS E3 Level 1 |
| [CIS.M365.1.3.5](../CIS.M365.1.3.5) | Ensure internal phishing protection for Forms is enabled | Unknown | CIS E3 Level 1 |
| [CIS.M365.1.3.6](../CIS.M365.1.3.6) | (L2) Ensure the customer lockbox feature is enabled | High | CIS E5 Level 2 |
| [CIS.M365.1.3.7](../CIS.M365.1.3.7) | Ensure | Unknown | CIS E3 Level 2 |
| [CIS.M365.2.1.1](../CIS.M365.2.1.1) | (L2) Ensure Safe Links for Office Applications is Enabled (Only Checks Default Policy) | Medium | CIS E5 Level 2 |
| [CIS.M365.2.1.2](../CIS.M365.2.1.2) | (L1) Ensure the Common Attachment Types Filter is enabled (Only Checks Default Policy) | Medium | CIS E3 Level 1 |
| [CIS.M365.2.1.3](../CIS.M365.2.1.3) | (L1) Ensure notifications for internal users sending malware is Enabled (Only Checks Default Policy) | Medium | CIS E3 Level 1 |
| [CIS.M365.2.1.4](../CIS.M365.2.1.4) | (L2) Ensure Safe Attachments policy is enabled (Only Checks Default Policy) | High | CIS E5 Level 2 |
| [CIS.M365.2.1.5](../CIS.M365.2.1.5) | (L2) Ensure Safe Attachments for SharePoint, OneDrive, and Microsoft Teams is Enabled | High | CIS E5 Level 2 |
| [CIS.M365.2.1.6](../CIS.M365.2.1.6) | (L1) Ensure Exchange Online Spam Policies are set to notify administrators (Only Checks Default Policy) | Medium | CIS E3 Level 1 |
| [CIS.M365.2.1.7](../CIS.M365.2.1.7) | (L1) Ensure that an anti-phishing policy has been created (Only Checks Default Policy) | Medium | CIS E5 Level 1 |
| [CIS.M365.2.1.9](../CIS.M365.2.1.9) | (L1) Ensure that DKIM is enabled for all Exchange Online Domains | High | CIS E3 Level 1 |
| [CIS.M365.2.1.11](../CIS.M365.2.1.11) | (L2) Ensure comprehensive attachment filtering is applied | High | CIS E3 Level 2 |
| [CIS.M365.2.1.12](../CIS.M365.2.1.12) | (L1) Ensure the connection filter IP allow list is not used (Only Checks Default Policy) | Medium | CIS E3 Level 1 |
| [CIS.M365.2.1.13](../CIS.M365.2.1.13) | (L1) Ensure the connection filter safe list is off (Only Checks Default Policy) | Medium | CIS E3 Level 1 |
| [CIS.M365.2.4.4](../CIS.M365.2.4.4) | (L1) Ensure Zero-hour auto purge for Microsoft Teams is on (Only Checks ZAP is enabled) | Medium | CIS E5 Level 1 |
| [CIS.M365.3.1.1](../CIS.M365.3.1.1) | (L1) Ensure Microsoft 365 audit log search is Enabled | High | CIS E3 Level 1 |
| [CIS.M365.1.3.6](../CIS.M365.1.3.6) | Ensure the customer lockbox feature is enabled | High | CIS E5 Level 2 |
| [CIS.M365.1.3.7](../CIS.M365.1.3.7) | Ensure 'third-party storage services' are restricted in 'Microsoft 365 on the web' | Unknown | CIS E3 Level 2 |
| [CIS.M365.2.1.1](../CIS.M365.2.1.1) | Ensure Safe Links for Office Applications is Enabled (Only Checks Default Policy) | Medium | CIS E5 Level 2 |
| [CIS.M365.2.1.2](../CIS.M365.2.1.2) | Ensure the Common Attachment Types Filter is enabled (Only Checks Default Policy) | Medium | CIS E3 Level 1 |
| [CIS.M365.2.1.3](../CIS.M365.2.1.3) | Ensure notifications for internal users sending malware is Enabled (Only Checks Default Policy) | Medium | CIS E3 Level 1 |
| [CIS.M365.2.1.4](../CIS.M365.2.1.4) | Ensure Safe Attachments policy is enabled (Only Checks Default Policy) | High | CIS E5 Level 2 |
| [CIS.M365.2.1.5](../CIS.M365.2.1.5) | Ensure Safe Attachments for SharePoint, OneDrive, and Microsoft Teams is Enabled | High | CIS E5 Level 2 |
| [CIS.M365.2.1.6](../CIS.M365.2.1.6) | Ensure Exchange Online Spam Policies are set to notify administrators (Only Checks Default Policy) | Medium | CIS E3 Level 1 |
| [CIS.M365.2.1.7](../CIS.M365.2.1.7) | Ensure that an anti-phishing policy has been created (Only Checks Default Policy) | Medium | CIS E5 Level 1 |
| [CIS.M365.2.1.9](../CIS.M365.2.1.9) | Ensure that DKIM is enabled for all Exchange Online Domains | High | CIS E3 Level 1 |
| [CIS.M365.2.1.11](../CIS.M365.2.1.11) | Ensure comprehensive attachment filtering is applied | High | CIS E3 Level 2 |
| [CIS.M365.2.1.12](../CIS.M365.2.1.12) | Ensure the connection filter IP allow list is not used (Only Checks Default Policy) | Medium | CIS E3 Level 1 |
| [CIS.M365.2.1.13](../CIS.M365.2.1.13) | Ensure the connection filter safe list is off (Only Checks Default Policy) | Medium | CIS E3 Level 1 |
| [CIS.M365.2.4.4](../CIS.M365.2.4.4) | Ensure Zero-hour auto purge for Microsoft Teams is on (Only Checks ZAP is enabled) | Medium | CIS E5 Level 1 |
| [CIS.M365.3.1.1](../CIS.M365.3.1.1) | Ensure Microsoft 365 audit log search is Enabled | High | CIS E3 Level 1 |
| [CIS.M365.4.1](../CIS.M365.4.1) | Ensure devices without a compliance policy are marked | Unknown | CIS E3 Level 2 |
| [CIS.M365.5.1.2.2](../CIS.M365.5.1.2.2) | Ensure third party integrated applications are not allowed | Unknown | CIS E3 Level 2 |
| [CIS.M365.5.1.2.3](../CIS.M365.5.1.2.3) | Ensure | Unknown | CIS E3 Level 1 |
| [CIS.M365.5.1.2.3](../CIS.M365.5.1.2.3) | Ensure 'Restrict non-admin users from creating tenants' is set to 'Yes' | Unknown | CIS E3 Level 1 |
| [CIS.M365.5.1.3.1](../CIS.M365.5.1.3.1) | Ensure a dynamic group for guest users is created | Unknown | CIS E3 Level 1 |
| [CIS.M365.5.1.5.1](../CIS.M365.5.1.5.1) | Ensure user consent to apps accessing company data on their behalf is not allowed | Unknown | CIS E3 Level 2 |
| [CIS.M365.5.1.5.2](../CIS.M365.5.1.5.2) | Ensure the admin consent workflow is enabled | Unknown | CIS E3 Level 1 |
| [CIS.M365.5.1.6.2](../CIS.M365.5.1.6.2) | Ensure that guest user access is restricted | Unknown | CIS E3 Level 1 |
| [CIS.M365.5.2.3.5](../CIS.M365.5.2.3.5) | Ensure weak authentication methods are disabled | Unknown | CIS E3 Level 1 |
| [CIS.M365.6.5.3](../CIS.M365.6.5.3) | Ensure additional storage providers are restricted in Outlook on the web | Unknown | CIS E3 Level 2 |
| [CIS.M365.8.1.1](../CIS.M365.8.1.1) | (L2) Ensure external file sharing in Teams is enabled for only approved cloud storage services | Medium | CIS M365 v6.0.1 |
| [CIS.M365.8.2.2](../CIS.M365.8.2.2) | (L1) Ensure communication with unmanaged Teams users is disabled | Medium | CIS M365 v6.0.1 |
| [CIS.M365.8.2.3](../CIS.M365.8.2.3) | Ensure external Teams users cannot initiate conversations | Unknown | CIS M365 v6.0.1 |
| [CIS.M365.8.4.1](../CIS.M365.8.4.1) | (L1) Ensure all or a majority of third-party and custom apps are blocked | High | CIS M365 v6.0.1 |
| [CIS.M365.8.5.3](../CIS.M365.8.5.3) | (L1) Ensure only people in my org can bypass the lobby | Medium | CIS E3 Level 1 |
| [CIS.M365.8.6.1](../CIS.M365.8.6.1) | (L1) Ensure users can report security concerns in Teams to internal destination | Medium | CIS E3 Level 1 |
| [CIS.M365.8.1.1](../CIS.M365.8.1.1) | Ensure external file sharing in Teams is enabled for only approved cloud storage services | Medium | CIS E5 Level 2 |
| [CIS.M365.8.2.2](../CIS.M365.8.2.2) | Ensure communication with unmanaged Teams users is disabled | Medium | CIS E5 Level 1 |
| [CIS.M365.8.2.3](../CIS.M365.8.2.3) | Ensure external Teams users cannot initiate conversations | Unknown | CIS E5 Level 1 |
| [CIS.M365.8.4.1](../CIS.M365.8.4.1) | Ensure all or a majority of third-party and custom apps are blocked | High | CIS E5 Level 1 |
| [CIS.M365.8.5.3](../CIS.M365.8.5.3) | Ensure only people in my org can bypass the lobby | Medium | CIS E3 Level 1 |
| [CIS.M365.8.6.1](../CIS.M365.8.6.1) | Ensure users can report security concerns in Teams to internal destination | Medium | CIS E3 Level 1 |
Loading