You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Investigate the impact of service principals on M365 service security and determine potential threats that could be addressed through new SCuBA M365 baseline policies. Compare security posture in the face of identified threats for tenants implementing proposed service principal policies to those without those policies.
Motivation and context
Developing new policies around service principal security will lead to better security posture and outcomes for agencies implementing those policies.
Implementation notes
Implementing service principal policy enhancements will include:
Identification of cyber threats that leverage service principal related vulnerabilities
Developing M365 configurations that address identified threats and vulnerabilities
Hands-on prototyping to determine the effects of service and policy changes on tenant security posture against those threats
Determining baseline changes to align policy with service principal improvements
Recommending baseline policy changes and updates based on investigation results
Acceptance criteria
Set of cyber threats considered in scope of this investigation has been defined
Tabletop or real-world attacks against tenant simulating these threats completed
Set of tenant configuration changes developed to mitigate vulnerabilities tested
New or updated baseline policies drafted for wider review
Decision to include/exclude draft policies in baselines has been made
💡 Summary
Investigate the impact of service principals on M365 service security and determine potential threats that could be addressed through new SCuBA M365 baseline policies. Compare security posture in the face of identified threats for tenants implementing proposed service principal policies to those without those policies.
Motivation and context
Developing new policies around service principal security will lead to better security posture and outcomes for agencies implementing those policies.
Implementation notes
Implementing service principal policy enhancements will include:
Acceptance criteria
Related Issues
The text was updated successfully, but these errors were encountered: