How do you implement A.5.7 in Microsoft 365?

A.5.7 Threat Intelligence can be implemented in Microsoft 365 using Microsoft Sentinel > Threat intelligence. Contact Global Micro Solutions for a detailed implementation guide.

What does an auditor check for A.5.7?

Auditors verify that A.5.7 Threat Intelligence is properly implemented by reviewing evidence from your M365 tenant, checking configuration against ISO 27001 requirements, and validating compliance documentation.

ISO 27001 A.5.7: Threat Intelligence — M365 Implementation Guide | Global Micro Solutions

What is this control?

ISO 27001 control A.5.7 Threat Intelligence ensures the organisation collects, analyses, and responds to information security threats to produce actionable threat intelligence at strategic, tactical, and operational levels. Strategic intelligence informs risk management, tactical intelligence identifies TTPs and vulnerabilities, and operational intelligence provides Indicators of Compromise for immediate blocking. For Microsoft 365 environments, this is implemented through Microsoft Sentinel with TAXII data connectors and Microsoft Defender Threat Intelligence integration.

How to implement in Microsoft 365

Implement A.5.7 by enabling Microsoft Threat Intelligence feeds and TAXII data connectors in Microsoft Sentinel. Configure Sentinel analytics rules to query Defender Threat Analytics for high-exposure threats. Monitor FortiGuard threat subscriptions including AV, Web Filtering, and IPS across all managed FortiGate firewalls.

Establish a Teams channel for automated security alerts and team acknowledgement. Integrate tactical intelligence from MSTIC and FortiGuard Labs into Sentinel for automated correlation. Maintain a Threat Intelligence Register documenting validated strategic threats and risk updates.

Cross-reference operational intelligence for immediate blocking in Defender for Endpoint and FortiGate.

What an auditor looks for

Auditors will verify that Sentinel threat intelligence connectors are enabled and actively receiving feeds. They will check that analytics rules for threat notification exist and are enabled. Auditors will verify that FortiGuard subscriptions are active and current on all managed firewalls.

They will review the operational Teams channel for evidence of alert posting and team responses. Auditors will examine the Threat Intelligence Register showing strategic threat assessments and risk actions. They will verify that analytics rules are generating detections demonstrating automation effectiveness.

A.5.6
A.8.16

M365 capabilities that implement this control

Microsoft Sentinel with baseline M365 data connectors, RBAC, threat analytics, and operational monitoring

Microsoft Purview Insider Risk Management

Custom Sentinel analytics rules for organisation-specific threats

What is this control?

How to implement in Microsoft 365

What an auditor looks for

Related controls

M365 capabilities that implement this control