comply
Compliance Benchmarks
CIS Microsoft 365 benchmarks, security baselines, and compliance scoring.
Foundation (Plan 1)
- Exchange CIS Fundamentals — CIS Microsoft 365 Foundations benchmark settings for Exchange Online
- SharePoint CIS Fundamentals — CIS Microsoft 365 Foundations benchmark settings for SharePoint Online
- Teams CIS Fundamentals — CIS Microsoft 365 Foundations benchmark settings for Microsoft Teams
- OneDrive CIS Fundamentals — CIS Microsoft 365 Foundations benchmark settings for OneDrive for Business
- Entra ID CIS Hardening (Identity) — CIS M365 v6.0.1 Entra ID hardening: guest access, consent, group creation, app registration, PIM approval, device join
- Entra ID CIS Hardening (Authentication) — CIS M365 v6.0.1 authentication hardening: device code flow, enrollment frequency, authenticator settings, email OTP, session controls
- Intune CIS Hardening — CIS M365 v6.0.1 Intune hardening: SecureByDefault, personal enrollment, Entra join, device quota, LAPS
- Microsoft Physical Access Controls — Microsoft-managed physical access controls for datacentres including monitoring, intrusion detection, and access logging
- Microsoft Environmental Protection — Microsoft-managed fire protection, water damage protection, emergency power, and environmental controls
- Microsoft Media Handling — Microsoft-managed media storage, sanitization, and disposal procedures
- Microsoft Datacentre Infrastructure — Microsoft-managed datacentre security including perimeter protection, cabling, and equipment protection
- Microsoft Equipment Maintenance — Microsoft-managed equipment maintenance and operational procedures
Added in Endpoint (Plan 2)
- Windows CIS L1 Benchmark — CIS Level 1 security baseline for Windows 11 Enterprise
- macOS CIS L1 Benchmark — CIS Level 1 security baseline for macOS
- Chrome CIS L1 Benchmark — CIS Level 1 security baseline for Google Chrome
- Edge CIS L1 Benchmark — CIS Level 1 security baseline for Microsoft Edge