CISA Controls for Microsoft Entra
Overviewβ
The tests in this section verifies that a Microsoft 365 tenantβs Entra configuration conforms to the policies described in the Secure Cloud Business Applications (SCuBA) Security Configuration Baseline documents.
Connecting to Azure, Exchange and other servicesβ
In order to run all the CISA tests, you need to install and connect to the Azure and Exchange Online modules.
See the Installation guide for more information.
Testsβ
| Cmdlet Name | CISA Control ID (Link) |
|---|---|
| Test-MtCisaBlockLegacyAuth | MS.AAD.1.1 |
| Test-MtCisaBlockHighRiskUser | MS.AAD.2.1 |
| Test-MtCisaNotifyHighRisk | MS.AAD.2.2 |
| Test-MtCisaBlockHighRiskSignIn | MS.AAD.2.3 |
| Test-MtCisaPhishResistant | MS.AAD.3.1 |
| Test-MtCisaMfa | MS.AAD.3.2 |
| Test-MtCisaAuthenticatorContext | MS.AAD.3.3 |
| Test-MtCisaMethodsMigration | MS.AAD.3.4 |
| Test-MtCisaWeakFactor | MS.AAD.3.5 |
| Test-MtCisaPrivilegedPhishResistant | MS.AAD.3.6 |
| Test-MtCisaManagedDevice | MS.AAD.3.7 |
| Test-MtCisaManagedDeviceRegistration | MS.AAD.3.8 |
| Test-MtCisaDiagnosticSettings | MS.AAD.4.1 |
| Test-MtCisaAppRegistration | MS.AAD.5.1 |
| Test-MtCisaAppUserConsent | MS.AAD.5.2 |
| Test-MtCisaAppAdminConsent | MS.AAD.5.3 |
| Test-MtCisaAppGroupOwnerConsent | MS.AAD.5.4 |
| Test-MtCisaPasswordExpiration | MS.AAD.6.1 |
| Test-MtCisaGlobalAdminCount | MS.AAD.7.1 |
| Test-MtCisaGlobalAdminRatio | MS.AAD.7.2 |
| Test-MtCisaCloudGlobalAdmin | MS.AAD.7.3 |
| Test-MtCisaPermanentRoleAssignment | MS.AAD.7.4 |
| Test-MtCisaUnmanagedRoleAssignment | MS.AAD.7.5 |
| Test-MtCisaRequireActivationApproval | MS.AAD.7.6 |
| Test-MtCisaAssignmentNotification | MS.AAD.7.7 |
| Test-MtCisaActivationNotification | MS.AAD.7.8 |
| Test-MtCisaActivationNotification | MS.AAD.7.9 |
| Test-MtCisaGuestUserAccess | MS.AAD.8.1 |
| Test-MtCisaGuestInvitation | MS.AAD.8.2 |
| Test-MtCisaCrossTenantInboundDefault | MS.AAD.8.3 |