Skip to main content

CISA Controls for Microsoft Entra

Overview​

The tests in this section verifies that a Microsoft 365 tenant’s Entra configuration conforms to the policies described in the Secure Cloud Business Applications (SCuBA) Security Configuration Baseline documents.

Connecting to Azure, Exchange and other services​

In order to run all the CISA tests, you need to install and connect to the Azure and Exchange Online modules.

See the Installation guide for more information.

Tests​

Cmdlet NameCISA Control ID (Link)
Test-MtCisaBlockLegacyAuthMS.AAD.1.1
Test-MtCisaBlockHighRiskUserMS.AAD.2.1
Test-MtCisaNotifyHighRiskMS.AAD.2.2
Test-MtCisaBlockHighRiskSignInMS.AAD.2.3
Test-MtCisaPhishResistantMS.AAD.3.1
Test-MtCisaMfaMS.AAD.3.2
Test-MtCisaAuthenticatorContextMS.AAD.3.3
Test-MtCisaMethodsMigrationMS.AAD.3.4
Test-MtCisaWeakFactorMS.AAD.3.5
Test-MtCisaPrivilegedPhishResistantMS.AAD.3.6
Test-MtCisaManagedDeviceMS.AAD.3.7
Test-MtCisaManagedDeviceRegistrationMS.AAD.3.8
Test-MtCisaDiagnosticSettingsMS.AAD.4.1
Test-MtCisaAppRegistrationMS.AAD.5.1
Test-MtCisaAppUserConsentMS.AAD.5.2
Test-MtCisaAppAdminConsentMS.AAD.5.3
Test-MtCisaAppGroupOwnerConsentMS.AAD.5.4
Test-MtCisaPasswordExpirationMS.AAD.6.1
Test-MtCisaGlobalAdminCountMS.AAD.7.1
Test-MtCisaGlobalAdminRatioMS.AAD.7.2
Test-MtCisaCloudGlobalAdminMS.AAD.7.3
Test-MtCisaPermanentRoleAssignmentMS.AAD.7.4
Test-MtCisaUnmanagedRoleAssignmentMS.AAD.7.5
Test-MtCisaRequireActivationApprovalMS.AAD.7.6
Test-MtCisaAssignmentNotificationMS.AAD.7.7
Test-MtCisaActivationNotificationMS.AAD.7.8
Test-MtCisaActivationNotificationMS.AAD.7.9
Test-MtCisaGuestUserAccessMS.AAD.8.1
Test-MtCisaGuestInvitationMS.AAD.8.2
Test-MtCisaCrossTenantInboundDefaultMS.AAD.8.3