{"id":3463,"date":"2018-07-17T06:42:28","date_gmt":"2018-07-17T06:42:28","guid":{"rendered":"https:\/\/pariswells.com\/blog\/?p=3463"},"modified":"2026-06-06T10:14:23","modified_gmt":"2026-06-06T10:14:23","slug":"365-standards","status":"publish","type":"post","link":"https:\/\/pariswells.com\/blog\/research\/365-standards","title":{"rendered":"365 Standards\\Best Practices"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\">CIS -&gt; ***<a href=\"https:\/\/www.cisecurity.org\/benchmark\/microsoft_365\">https:\/\/www.cisecurity.org\/benchmark\/microsoft_365<\/a>***<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/www.msb365.blog\/?p=5832\">https:\/\/www.msb365.blog\/?p=5832<\/a><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/github.com\/microsoft\/zerotrustassessment\">GitHub &#8211; microsoft\/zerotrustassessment: Repository for the Zero Trust Assessment project<\/a><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Maester<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/seanmcavinue.net\/2024\/08\/29\/validate-the-security-of-your-microsoft-cloud-environment-with-maester\/\">Validate The Security Of Your Microsoft Cloud Environment With Maester \u2013 Sean McAvinue<\/a><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Conditional Acces<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/active-directory\/conditional-access\/concept-continuous-access-evaluation?ocid=magicti_ta_learndoc\">https:\/\/learn.microsoft.com\/en-us\/azure\/active-directory\/conditional-access\/concept-continuous-access-evaluation?ocid=magicti_ta_learndoc<\/a> Conditional Access Evaluation<br><br>Check Conditional Access for Other Basic Auth ( Does not cover SMTP )<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Conditional Access https:\/\/github.com\/Teuftis\/ConditionalAccessBaseline-Hardened<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/github.com\/BakkerJan\/blogs\/blob\/master\/CA-KnowledgeBase-NorthwaveIndustrialGroup.pdf\">blogs\/CA-KnowledgeBase-NorthwaveIndustrialGroup.pdf at master \u00b7 BakkerJan\/blogs<\/a><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><br>Conditional Access : <a href=\"https:\/\/tminus365.com\/your-conditional-access-policies-suck\/\">https:\/\/tminus365.com\/your-conditional-access-policies-suck\/<\/a> &#8211; <a href=\"https:\/\/github.com\/aollivierre\/ConditionalAccess\">GitHub &#8211; aollivierre\/ConditionalAccess: This repository contains a comprehensive set of Conditional Access (CA) policies and PowerShell management tools for Microsoft Entra ID (formerly Azure AD), designed to enhance your organization&#8217;s security posture while maintaining usability.<\/a><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Tenant Level Checking&nbsp;<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/techcommunity.microsoft.com\/t5\/microsoft-entra-blog\/public-preview-token-protection-for-sign-in-sessions\/ba-p\/3815756\">https:\/\/techcommunity.microsoft.com\/t5\/microsoft-entra-blog\/public-preview-token-protection-for-sign-in-sessions\/ba-p\/3815756<\/a><\/li>\n\n\n\n<li>Set Graph Explorer and Graph apps to User Assignment Required<\/li>\n\n\n\n<li>Enable Application Policies &#8211; <a href=\"https:\/\/janbakker.tech\/block-or-limit-multi-tenant-and-consumer-applications-in-entra-id\/\">Block or limit multi-tenant and consumer applications in Entra ID &#8211; JanBakker.tech<\/a><\/li>\n\n\n\n<li>Report on other Apps with no user assignment<\/li>\n\n\n\n<li>Check 2FA is enabled for all staff<\/li>\n\n\n\n<li>Set-OrganizationConfig -AutoEnableArchiveMailbox $true<\/li>\n\n\n\n<li>Windows Update Status -&gt; <a href=\"https:\/\/www.burgerhout.org\/enable-windows-update-for-business-reports\/\">Enable Windows Update for Business Reports (burgerhout.org)<\/a><\/li>\n\n\n\n<li>Retention Logs &#8211; <a href=\"https:\/\/pariswells.com\/blog\/research\/365-audit-log-retention-everything-for-1-year\/\">https:\/\/pariswells.com\/blog\/research\/365-audit-log-retention-everything-for-1-year\/<\/a> ( Only Exchange \\ AD \\ Onedrive Sharepoint by default )<\/li>\n\n\n\n<li><a href=\"https:\/\/blog.ciaops.com\/2025\/01\/18\/checking-your-environment-for-oversharing\/\">https:\/\/blog.ciaops.com\/2025\/01\/18\/checking-your-environment-for-oversharing\/<\/a><\/li>\n\n\n\n<li>BYOD Policy <a href=\"https:\/\/tminus365.com\/how-to-secure-access-on-personal-devices-across-your-customers\/\">How to secure access on personal devices across your customers &#8211; (tminus365.com)<\/a><\/li>\n\n\n\n<li>Is https:\/\/config.office.com\/ being users? OnedriveSync Health \\ Update Policies <\/li>\n\n\n\n<li>Correct Licensing ( no extra licenses not applied )<\/li>\n\n\n\n<li>Azure AD if used setup for Password Sync , make sure Passwords cannot be changed in 365 if they don\u2019t have Azure AD p1<\/li>\n\n\n\n<li><a href=\"https:\/\/blog.admindroid.com\/privileged-access-management-in-microsoft-365\/\">Privileged Access Management in Microsoft 365 (admindroid.com)<\/a> PAM <\/li>\n\n\n\n<li><a href=\"https:\/\/learn.microsoft.com\/en-us\/entra\/id-governance\/privileged-identity-management\/pim-configure\">What is Privileged Identity Management? &#8211; Microsoft Entra ID Governance | Microsoft Learn<\/a> PIM <\/li>\n\n\n\n<li><a href=\"https:\/\/pariswells.com\/blog\/research\/windows-defender-best-practice\" title=\"Check Defender Endpoint Best Prac\">Check Defender Endpoint Best Prac<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/office365itpros.com\/2021\/03\/11\/external-email-tagging-exo\/ \">https:\/\/office365itpros.com\/2021\/03\/11\/external-email-tagging-exo\/ <\/a><\/li>\n\n\n\n<li>365 has email Filtering Inbound and Outbound<\/li>\n\n\n\n<li>SPF should end with -all<\/li>\n\n\n\n<li>Break Glass Account &#8211; <a href=\"https:\/\/tminus365.com\/best-practices-for-break-glass-accounts\/\">Best Practices for Break Glass Accounts &#8211; (tminus365.com)<\/a><\/li>\n\n\n\n<li>https:\/\/office365itpros.com\/2021\/07\/20\/block-self-service-purchases-of-windows-365-licenses\/<\/li>\n\n\n\n<li>Branding Login Page to Stop Phising Attacks<\/li>\n\n\n\n<li>Outbound and Inbound Spam Policies should be enabled for Defender 365<\/li>\n\n\n\n<li>Safety Tips in Emails &#8211; <a href=\"https:\/\/blog.admindroid.com\/enable-first-contact-safety-tip\/\">Enable First Contact Safety Tip for Exchange Online (admindroid.com)<\/a><\/li>\n\n\n\n<li>DKIM  Rotate keys at least every six months minimum of 2048-bit key<\/li>\n\n\n\n<li>DMARC Records ( Set to None if no reporting ) ( Vali for Dmarc )<\/li>\n\n\n\n<li>365 Backup and Continuity ( Mimecast and Veeam )<\/li>\n\n\n\n<li>Technical Contact is correct and Notifications are set for service outage<\/li>\n\n\n\n<li>Global Litigation hold<\/li>\n\n\n\n<li>Check Mailbox auditing<\/li>\n\n\n\n<li>https:\/\/ourcloudnetwork.com\/limit-local-administrators-on-microsoft-entra-joined-devices\/ <\/li>\n\n\n\n<li>Risky users<\/li>\n\n\n\n<li>Check Configuration analyzer https:\/\/security.microsoft.com\/configurationAnalyzer<\/li>\n\n\n\n<li>E5 have they run the Attack simulation training?<\/li>\n\n\n\n<li><em>Set-OwaMailboxPolicy -Identity OwaMailboxPolicy-Default -AdditionalStorageProvidersAvailable $false<\/em><\/li>\n\n\n\n<li>Azure AD Logs 90 days ( E5 license for 1 Year ) <\/li>\n\n\n\n<li>Retention Policy \u2013&nbsp;Get-RetentionPolicy ( Make sure there\u2019s a Tenant Retention Policy if the license admits one )&nbsp;<\/li>\n\n\n\n<li>Check No Retention Policy Hold ( Otherwise archive won\u2019t work )&nbsp; :Get-Mailbox -ResultSize unlimited | Where-Object {$_.RetentionHoldEnabled -eq $true} | Format-Table Name,RetentionPolicy,RetentionHoldEnabled -Auto 8.2)<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Deleted items retention \u2013&nbsp;Get-Mailbox&nbsp;* |&nbsp;Where-Object&nbsp;{$_.Retaindeleteditemsfor&nbsp;-lt&nbsp;30} |&nbsp;Format-Table&nbsp;name (&nbsp;Increase Deleted Items from 14 days to 30 days)<\/li>\n\n\n\n<li>Run the Secure Score in O365 \u2013 https:\/\/securescore.microsoft.com\/ (&nbsp;https:\/\/support.office.com\/en-us\/article\/how-to-check-office-365-service-health-932ad3ad-533c-418a-b938-6e44e8bc33b0 ? )<br><br>https:\/\/github.com\/directorcia\/Office365\/blob\/master\/Analysis\/Secure%20Score\/o365-secure-score-extract.ps1<\/li>\n\n\n\n<li>Identity Secure Score as well<\/li>\n\n\n\n<li>Check modern auth is enabled on Exchange Online&nbsp;Get-OrganizationConfig | Format-Table Name,OAuth* -Auto<\/li>\n\n\n\n<li>Check and Report on any Email Forwarders -&gt; https:\/\/gcits.com\/knowledge-base\/find-external-forwarding-mailboxes-office-365-customer-tenants-powershell\/<\/li>\n\n\n\n<li>Check for any flow\u2019s setup \u2013 You will need to create a flow in Microsoft Flow under the Domain account to search out flows and check them out \u2013 disabling any that forward email or alert a domain admin<\/li>\n\n\n\n<li>Check Oauth \u2013 Audit your Oath applications on the domain you didn\u2019t have the first step locked down via:&nbsp;<a href=\"https:\/\/aad.portal.azure.com\/#blade\/Microsoft_AAD_IAM\/StartboardApplicationsMenuBlade\/AppAppsPreview\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/aad.portal.azure.com\/#blade\/Microsoft_AAD_IAM\/StartboardApplicationsMenuBlade\/AppAppsPreview<\/a>&nbsp;this is as close as you can get to the M365 Microsoft Cloud App Security portal. and revoke anything that shouldn\u2019t be there<br>Get-MsolCompanyInformation | Select DisplayName, UsersPermissionToUserConsentToAppEnabled<\/li>\n\n\n\n<li>Enabled Zero-Hour Auto Purge for AntiSpam and Anti Malware<\/li>\n\n\n\n<li>Check Spam Policy (&nbsp;<a href=\"https:\/\/docs.microsoft.com\/en-us\/microsoft-365\/security\/office-365-security\/recommended-settings-for-eop-and-office365-atp?view=o365-worldwide\">https:\/\/docs.microsoft.com\/en-us\/microsoft-365\/security\/office-365-security\/recommended-settings-for-eop-and-office365-atp?view=o365-worldwide<\/a>&nbsp;)\n<ul class=\"wp-block-list\">\n<li>Image links to remote sites =&nbsp;<strong>OFF<\/strong><\/li>\n\n\n\n<li>Numeric IP addresses =&nbsp;<strong>ON<\/strong><\/li>\n\n\n\n<li>URL redirect to other port =&nbsp;<strong>ON<\/strong><\/li>\n\n\n\n<li>URL to .biz or .info websites =&nbsp;<strong>ON<\/strong><\/li>\n\n\n\n<li>Empty messages =&nbsp;<strong>ON<\/strong><\/li>\n\n\n\n<li>Javascript or VBScript in HTML =&nbsp;<strong>ON<\/strong><\/li>\n\n\n\n<li>Frame or iFrame tags in HTML =&nbsp;<strong>ON<\/strong><\/li>\n\n\n\n<li>Object tags in HTML =&nbsp;<strong>ON<\/strong><\/li>\n\n\n\n<li>Embed tags in HTML =&nbsp;<strong>ON<\/strong><\/li>\n\n\n\n<li>Form tags in HTML =&nbsp;<strong>ON<\/strong><\/li>\n\n\n\n<li>Web bugs in HTML =&nbsp;<strong>ON<\/strong><\/li>\n\n\n\n<li>Apply sensitive word list =&nbsp;<strong>ON<\/strong><\/li>\n\n\n\n<li>SPF record hard fail =&nbsp;<strong>ON<\/strong><\/li>\n\n\n\n<li>Conditional sender ID hard fail =&nbsp;<strong>ON<\/strong><\/li>\n\n\n\n<li>NDR backscatter =&nbsp;<strong>ON<\/strong><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Check to see if basic SMTP in O365 has been disabled &#8211; <a href=\"https:\/\/www.joeyverlinden.com\/disable-smtp-authentication-in-exchange-online\/\">Disable SMTP Authentication in Exchange Online! &#8211; Joey Verlinden<\/a><\/li>\n\n\n\n<li>Make sure there is a onmicrosoft.com administrator account documented incase anything wrong with adconnect sync<\/li>\n\n\n\n<li>Teams : <a href=\"https:\/\/blog.admindroid.com\/microsoft-teams-security-best-practices\/\">Microsoft Teams Security Best Practices (admindroid.com)<\/a> or https:\/\/tminus365.com\/how-to-secure-microsoft-teams-top-tips\/<\/li>\n\n\n\n<li><a href=\"https:\/\/www.reddit.com\/r\/Office365\/comments\/18yjljh\/cleanup_unused_azuread_enterprise_applications\/\">https:\/\/www.reddit.com\/r\/Office365\/comments\/18yjljh\/cleanup_unused_azuread_enterprise_applications\/<\/a><\/li>\n\n\n\n<li>Disable users being able to installed 3rd party Plugins :&nbsp;<strong>set-MsolCompanysettings -UsersPermissionToUserConsentToAppEnabled $false<\/strong><\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2023\/10\/image-6.png\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"550\" src=\"https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2023\/10\/image-6-1024x550.png\" alt=\"\" class=\"wp-image-7397 img-responsive\" srcset=\"https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2023\/10\/image-6-1024x550.png 1024w, https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2023\/10\/image-6-300x161.png 300w, https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2023\/10\/image-6-768x412.png 768w, https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2023\/10\/image-6.png 1280w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/a><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2023\/10\/image-7.png\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"568\" src=\"https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2023\/10\/image-7-1024x568.png\" alt=\"\" class=\"wp-image-7398 img-responsive\" srcset=\"https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2023\/10\/image-7-1024x568.png 1024w, https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2023\/10\/image-7-300x167.png 300w, https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2023\/10\/image-7-768x426.png 768w, https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2023\/10\/image-7-1536x852.png 1536w, https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2023\/10\/image-7.png 1609w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/a><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">Default user role permissions<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Users can register applications&nbsp;<strong>No<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Restrict non-admin users from creating tenants&nbsp;<strong>Yes<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Users can create security groups&nbsp;<strong>No<\/strong><\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><a href=\"https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2023\/02\/image-7.png\"><img loading=\"lazy\" decoding=\"async\" width=\"905\" height=\"493\" src=\"https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2023\/02\/image-7.png\" alt=\"\" class=\"wp-image-6713 img-responsive\" srcset=\"https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2023\/02\/image-7.png 905w, https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2023\/02\/image-7-300x163.png 300w, https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2023\/02\/image-7-768x418.png 768w\" sizes=\"auto, (max-width: 905px) 100vw, 905px\" \/><\/a><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2023\/10\/image-8.png\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"610\" src=\"https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2023\/10\/image-8-1024x610.png\" alt=\"\" class=\"wp-image-7402 img-responsive\" srcset=\"https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2023\/10\/image-8-1024x610.png 1024w, https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2023\/10\/image-8-300x179.png 300w, https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2023\/10\/image-8-768x458.png 768w, https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2023\/10\/image-8.png 1515w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/a><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2023\/10\/image-9.png\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"520\" src=\"https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2023\/10\/image-9-1024x520.png\" alt=\"\" class=\"wp-image-7404 img-responsive\" srcset=\"https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2023\/10\/image-9-1024x520.png 1024w, https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2023\/10\/image-9-300x152.png 300w, https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2023\/10\/image-9-768x390.png 768w, https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2023\/10\/image-9.png 1325w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/a><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\"><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Protect from MiTM Attacks?<\/strong> PasswordLess? <\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-wp-embed is-provider-jeffrey-appel-microsoft-security-blog wp-block-embed-jeffrey-appel-microsoft-security-blog\"><div class=\"wp-block-embed__wrapper\">\nhttps:\/\/jeffreyappel.nl\/protect-against-aitm-mfa-phishing-attacks-using-microsoft-technology\n<\/div><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">https:\/\/learn.microsoft.com\/en-us\/azure\/active-directory\/authentication\/concept-system-preferred-multifactor-authentication<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Show application name in push and passwordless notifications &#8211; Enabled<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Show geographic location in push and passwordless notifications &#8211; Enabled<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/active-directory\/manage-apps\/configure-user-consent?pivots=portal\">Configure how users consent to applications<\/a><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/learn.microsoft.com\/en-us\/microsoft-365\/security\/office-365-security\/step-by-step-guides\/reducing-attack-surface-in-microsoft-teams?view=o365-worldwide#disabling-third-party--custom-apps\">Disabling Third-party &amp; custom apps<\/a><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><\/p>\n","protected":false},"excerpt":{"rendered":"<p>CIS -&gt; ***https:\/\/www.cisecurity.org\/benchmark\/microsoft_365*** https:\/\/www.msb365.blog\/?p=5832 GitHub &#8211; microsoft\/zerotrustassessment: Repository for the Zero Trust Assessment project Maester Validate The Security Of Your Microsoft Cloud Environment With Maester \u2013 Sean [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[1206,3213,3215,1176,3214],"class_list":["post-3463","post","type-post","status-publish","format-standard","hentry","category-research","tag-1206","tag-365-best-practice","tag-policys","tag-smtp","tag-standards"],"aioseo_notices":[],"aioseo_head":"\n\t\t<!-- All in One SEO 4.9.8 - aioseo.com -->\n\t<meta name=\"description\" content=\"CIS -&gt; ***https:\/\/www.cisecurity.org\/benchmark\/microsoft_365*** https:\/\/www.msb365.blog\/?p=5832 GitHub - microsoft\/zerotrustassessment: Repository for the Zero Trust Assessment project Maester Validate The Security Of Your Microsoft Cloud Environment With Maester \u2013 Sean McAvinue Conditional Acces https:\/\/learn.microsoft.com\/en-us\/azure\/active-directory\/conditional-access\/concept-continuous-access-evaluation?ocid=magicti_ta_learndoc Conditional Access EvaluationCheck Conditional Access for Other Basic Auth ( Does not cover SMTP ) Conditional Access https:\/\/github.com\/Teuftis\/ConditionalAccessBaseline-Hardened blogs\/CA-KnowledgeBase-NorthwaveIndustrialGroup.pdf at master \u00b7 BakkerJan\/blogs Conditional\" \/>\n\t<meta name=\"robots\" content=\"max-image-preview:large\" \/>\n\t<meta name=\"author\" content=\"paris\"\/>\n\t<link rel=\"canonical\" href=\"https:\/\/pariswells.com\/blog\/research\/365-standards\" \/>\n\t<meta name=\"generator\" content=\"All in One SEO (AIOSEO) 4.9.8\" \/>\n\t\t<meta property=\"og:locale\" content=\"en_US\" \/>\n\t\t<meta property=\"og:site_name\" content=\"Welcome to Pariswells.com |\" \/>\n\t\t<meta property=\"og:type\" content=\"article\" \/>\n\t\t<meta property=\"og:title\" content=\"365 Standards\\Best Practices | Welcome to Pariswells.com\" \/>\n\t\t<meta property=\"og:description\" content=\"CIS -&gt; ***https:\/\/www.cisecurity.org\/benchmark\/microsoft_365*** https:\/\/www.msb365.blog\/?p=5832 GitHub - microsoft\/zerotrustassessment: Repository for the Zero Trust Assessment project Maester Validate The Security Of Your Microsoft Cloud Environment With Maester \u2013 Sean McAvinue Conditional Acces https:\/\/learn.microsoft.com\/en-us\/azure\/active-directory\/conditional-access\/concept-continuous-access-evaluation?ocid=magicti_ta_learndoc Conditional Access EvaluationCheck Conditional Access for Other Basic Auth ( Does not cover SMTP ) Conditional Access https:\/\/github.com\/Teuftis\/ConditionalAccessBaseline-Hardened blogs\/CA-KnowledgeBase-NorthwaveIndustrialGroup.pdf at master \u00b7 BakkerJan\/blogs Conditional\" \/>\n\t\t<meta property=\"og:url\" content=\"https:\/\/pariswells.com\/blog\/research\/365-standards\" \/>\n\t\t<meta property=\"article:published_time\" content=\"2018-07-17T06:42:28+00:00\" \/>\n\t\t<meta property=\"article:modified_time\" content=\"2026-06-06T10:14:23+00:00\" \/>\n\t\t<meta name=\"twitter:card\" content=\"summary\" \/>\n\t\t<meta name=\"twitter:title\" content=\"365 Standards\\Best Practices | Welcome to Pariswells.com\" \/>\n\t\t<meta name=\"twitter:description\" content=\"CIS -&gt; ***https:\/\/www.cisecurity.org\/benchmark\/microsoft_365*** https:\/\/www.msb365.blog\/?p=5832 GitHub - microsoft\/zerotrustassessment: Repository for the Zero Trust Assessment project Maester Validate The Security Of Your Microsoft Cloud Environment With Maester \u2013 Sean McAvinue Conditional Acces https:\/\/learn.microsoft.com\/en-us\/azure\/active-directory\/conditional-access\/concept-continuous-access-evaluation?ocid=magicti_ta_learndoc Conditional Access EvaluationCheck Conditional Access for Other Basic Auth ( Does not cover SMTP ) Conditional Access https:\/\/github.com\/Teuftis\/ConditionalAccessBaseline-Hardened blogs\/CA-KnowledgeBase-NorthwaveIndustrialGroup.pdf at master \u00b7 BakkerJan\/blogs Conditional\" \/>\n\t\t<script type=\"application\/ld+json\" class=\"aioseo-schema\">\n\t\t\t{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/research\\\/365-standards#article\",\"name\":\"365 Standards\\\\Best Practices | Welcome to Pariswells.com\",\"headline\":\"365 Standards\\\\Best Practices\",\"author\":{\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/author\\\/paris#author\"},\"publisher\":{\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/#organization\"},\"image\":{\"@type\":\"ImageObject\",\"url\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/10\\\/image-6-1024x550.png\",\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/research\\\/365-standards\\\/#articleImage\"},\"datePublished\":\"2018-07-17T06:42:28+00:00\",\"dateModified\":\"2026-06-06T10:14:23+00:00\",\"inLanguage\":\"en-US\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/research\\\/365-standards#webpage\"},\"isPartOf\":{\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/research\\\/365-standards#webpage\"},\"articleSection\":\"Research, 365, 365 best practice, policys, smtp, standards\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/research\\\/365-standards#breadcrumblist\",\"itemListElement\":[{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog#listItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/pariswells.com\\\/blog\",\"nextItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/category\\\/research#listItem\",\"name\":\"Research\"}},{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/category\\\/research#listItem\",\"position\":2,\"name\":\"Research\",\"item\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/category\\\/research\",\"nextItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/research\\\/365-standards#listItem\",\"name\":\"365 Standards\\\\Best Practices\"},\"previousItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog#listItem\",\"name\":\"Home\"}},{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/research\\\/365-standards#listItem\",\"position\":3,\"name\":\"365 Standards\\\\Best Practices\",\"previousItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/category\\\/research#listItem\",\"name\":\"Research\"}}]},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/#organization\",\"name\":\"Welcome to Pariswells.com\",\"url\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/author\\\/paris#author\",\"url\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/author\\\/paris\",\"name\":\"paris\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/research\\\/365-standards#authorImage\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/93b8ee3f592ac401167f870452bd82d43de80152cd3524e2853403658ada9984?s=96&d=mm&r=g\",\"width\":96,\"height\":96,\"caption\":\"paris\"}},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/research\\\/365-standards#webpage\",\"url\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/research\\\/365-standards\",\"name\":\"365 Standards\\\\Best Practices | Welcome to Pariswells.com\",\"description\":\"CIS -> ***https:\\\/\\\/www.cisecurity.org\\\/benchmark\\\/microsoft_365*** https:\\\/\\\/www.msb365.blog\\\/?p=5832 GitHub - microsoft\\\/zerotrustassessment: Repository for the Zero Trust Assessment project Maester Validate The Security Of Your Microsoft Cloud Environment With Maester \\u2013 Sean McAvinue Conditional Acces https:\\\/\\\/learn.microsoft.com\\\/en-us\\\/azure\\\/active-directory\\\/conditional-access\\\/concept-continuous-access-evaluation?ocid=magicti_ta_learndoc Conditional Access EvaluationCheck Conditional Access for Other Basic Auth ( Does not cover SMTP ) Conditional Access https:\\\/\\\/github.com\\\/Teuftis\\\/ConditionalAccessBaseline-Hardened blogs\\\/CA-KnowledgeBase-NorthwaveIndustrialGroup.pdf at master \\u00b7 BakkerJan\\\/blogs Conditional\",\"inLanguage\":\"en-US\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/#website\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/research\\\/365-standards#breadcrumblist\"},\"author\":{\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/author\\\/paris#author\"},\"creator\":{\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/author\\\/paris#author\"},\"datePublished\":\"2018-07-17T06:42:28+00:00\",\"dateModified\":\"2026-06-06T10:14:23+00:00\"},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/\",\"name\":\"Welcome to Pariswells.com\",\"inLanguage\":\"en-US\",\"publisher\":{\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/#organization\"}}]}\n\t\t<\/script>\n\t\t<!-- All in One SEO -->\n\n","aioseo_head_json":{"title":"365 Standards\\Best Practices | Welcome to Pariswells.com","description":"CIS -> ***https:\/\/www.cisecurity.org\/benchmark\/microsoft_365*** https:\/\/www.msb365.blog\/?p=5832 GitHub - microsoft\/zerotrustassessment: Repository for the Zero Trust Assessment project Maester Validate The Security Of Your Microsoft Cloud Environment With Maester \u2013 Sean McAvinue Conditional Acces https:\/\/learn.microsoft.com\/en-us\/azure\/active-directory\/conditional-access\/concept-continuous-access-evaluation?ocid=magicti_ta_learndoc Conditional Access EvaluationCheck Conditional Access for Other Basic Auth ( Does not cover SMTP ) Conditional Access https:\/\/github.com\/Teuftis\/ConditionalAccessBaseline-Hardened blogs\/CA-KnowledgeBase-NorthwaveIndustrialGroup.pdf at master \u00b7 BakkerJan\/blogs Conditional","canonical_url":"https:\/\/pariswells.com\/blog\/research\/365-standards","robots":"max-image-preview:large","keywords":"","webmasterTools":{"miscellaneous":""},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/pariswells.com\/blog\/research\/365-standards#article","name":"365 Standards\\Best Practices | Welcome to Pariswells.com","headline":"365 Standards\\Best Practices","author":{"@id":"https:\/\/pariswells.com\/blog\/author\/paris#author"},"publisher":{"@id":"https:\/\/pariswells.com\/blog\/#organization"},"image":{"@type":"ImageObject","url":"https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2023\/10\/image-6-1024x550.png","@id":"https:\/\/pariswells.com\/blog\/research\/365-standards\/#articleImage"},"datePublished":"2018-07-17T06:42:28+00:00","dateModified":"2026-06-06T10:14:23+00:00","inLanguage":"en-US","mainEntityOfPage":{"@id":"https:\/\/pariswells.com\/blog\/research\/365-standards#webpage"},"isPartOf":{"@id":"https:\/\/pariswells.com\/blog\/research\/365-standards#webpage"},"articleSection":"Research, 365, 365 best practice, policys, smtp, standards"},{"@type":"BreadcrumbList","@id":"https:\/\/pariswells.com\/blog\/research\/365-standards#breadcrumblist","itemListElement":[{"@type":"ListItem","@id":"https:\/\/pariswells.com\/blog#listItem","position":1,"name":"Home","item":"https:\/\/pariswells.com\/blog","nextItem":{"@type":"ListItem","@id":"https:\/\/pariswells.com\/blog\/category\/research#listItem","name":"Research"}},{"@type":"ListItem","@id":"https:\/\/pariswells.com\/blog\/category\/research#listItem","position":2,"name":"Research","item":"https:\/\/pariswells.com\/blog\/category\/research","nextItem":{"@type":"ListItem","@id":"https:\/\/pariswells.com\/blog\/research\/365-standards#listItem","name":"365 Standards\\Best Practices"},"previousItem":{"@type":"ListItem","@id":"https:\/\/pariswells.com\/blog#listItem","name":"Home"}},{"@type":"ListItem","@id":"https:\/\/pariswells.com\/blog\/research\/365-standards#listItem","position":3,"name":"365 Standards\\Best Practices","previousItem":{"@type":"ListItem","@id":"https:\/\/pariswells.com\/blog\/category\/research#listItem","name":"Research"}}]},{"@type":"Organization","@id":"https:\/\/pariswells.com\/blog\/#organization","name":"Welcome to Pariswells.com","url":"https:\/\/pariswells.com\/blog\/"},{"@type":"Person","@id":"https:\/\/pariswells.com\/blog\/author\/paris#author","url":"https:\/\/pariswells.com\/blog\/author\/paris","name":"paris","image":{"@type":"ImageObject","@id":"https:\/\/pariswells.com\/blog\/research\/365-standards#authorImage","url":"https:\/\/secure.gravatar.com\/avatar\/93b8ee3f592ac401167f870452bd82d43de80152cd3524e2853403658ada9984?s=96&d=mm&r=g","width":96,"height":96,"caption":"paris"}},{"@type":"WebPage","@id":"https:\/\/pariswells.com\/blog\/research\/365-standards#webpage","url":"https:\/\/pariswells.com\/blog\/research\/365-standards","name":"365 Standards\\Best Practices | Welcome to Pariswells.com","description":"CIS -> ***https:\/\/www.cisecurity.org\/benchmark\/microsoft_365*** https:\/\/www.msb365.blog\/?p=5832 GitHub - microsoft\/zerotrustassessment: Repository for the Zero Trust Assessment project Maester Validate The Security Of Your Microsoft Cloud Environment With Maester \u2013 Sean McAvinue Conditional Acces https:\/\/learn.microsoft.com\/en-us\/azure\/active-directory\/conditional-access\/concept-continuous-access-evaluation?ocid=magicti_ta_learndoc Conditional Access EvaluationCheck Conditional Access for Other Basic Auth ( Does not cover SMTP ) Conditional Access https:\/\/github.com\/Teuftis\/ConditionalAccessBaseline-Hardened blogs\/CA-KnowledgeBase-NorthwaveIndustrialGroup.pdf at master \u00b7 BakkerJan\/blogs Conditional","inLanguage":"en-US","isPartOf":{"@id":"https:\/\/pariswells.com\/blog\/#website"},"breadcrumb":{"@id":"https:\/\/pariswells.com\/blog\/research\/365-standards#breadcrumblist"},"author":{"@id":"https:\/\/pariswells.com\/blog\/author\/paris#author"},"creator":{"@id":"https:\/\/pariswells.com\/blog\/author\/paris#author"},"datePublished":"2018-07-17T06:42:28+00:00","dateModified":"2026-06-06T10:14:23+00:00"},{"@type":"WebSite","@id":"https:\/\/pariswells.com\/blog\/#website","url":"https:\/\/pariswells.com\/blog\/","name":"Welcome to Pariswells.com","inLanguage":"en-US","publisher":{"@id":"https:\/\/pariswells.com\/blog\/#organization"}}]},"og:locale":"en_US","og:site_name":"Welcome to Pariswells.com |","og:type":"article","og:title":"365 Standards\\Best Practices | Welcome to Pariswells.com","og:description":"CIS -&gt; ***https:\/\/www.cisecurity.org\/benchmark\/microsoft_365*** https:\/\/www.msb365.blog\/?p=5832 GitHub - microsoft\/zerotrustassessment: Repository for the Zero Trust Assessment project Maester Validate The Security Of Your Microsoft Cloud Environment With Maester \u2013 Sean McAvinue Conditional Acces https:\/\/learn.microsoft.com\/en-us\/azure\/active-directory\/conditional-access\/concept-continuous-access-evaluation?ocid=magicti_ta_learndoc Conditional Access EvaluationCheck Conditional Access for Other Basic Auth ( Does not cover SMTP ) Conditional Access https:\/\/github.com\/Teuftis\/ConditionalAccessBaseline-Hardened blogs\/CA-KnowledgeBase-NorthwaveIndustrialGroup.pdf at master \u00b7 BakkerJan\/blogs Conditional","og:url":"https:\/\/pariswells.com\/blog\/research\/365-standards","article:published_time":"2018-07-17T06:42:28+00:00","article:modified_time":"2026-06-06T10:14:23+00:00","twitter:card":"summary","twitter:title":"365 Standards\\Best Practices | Welcome to Pariswells.com","twitter:description":"CIS -&gt; ***https:\/\/www.cisecurity.org\/benchmark\/microsoft_365*** https:\/\/www.msb365.blog\/?p=5832 GitHub - microsoft\/zerotrustassessment: Repository for the Zero Trust Assessment project Maester Validate The Security Of Your Microsoft Cloud Environment With Maester \u2013 Sean McAvinue Conditional Acces https:\/\/learn.microsoft.com\/en-us\/azure\/active-directory\/conditional-access\/concept-continuous-access-evaluation?ocid=magicti_ta_learndoc Conditional Access EvaluationCheck Conditional Access for Other Basic Auth ( Does not cover SMTP ) Conditional Access https:\/\/github.com\/Teuftis\/ConditionalAccessBaseline-Hardened blogs\/CA-KnowledgeBase-NorthwaveIndustrialGroup.pdf at master \u00b7 BakkerJan\/blogs Conditional"},"aioseo_meta_data":{"post_id":"3463","title":null,"description":null,"keywords":null,"keyphrases":{"focus":{"keyphrase":"","score":0,"analysis":{"keyphraseInTitle":{"score":0,"maxScore":9,"error":1}}},"additional":[]},"canonical_url":null,"og_title":null,"og_description":null,"og_object_type":"default","og_image_type":"default","og_image_url":null,"og_image_width":null,"og_image_height":null,"og_image_custom_url":null,"og_image_custom_fields":null,"og_video":"","og_custom_url":null,"og_article_section":null,"og_article_tags":null,"twitter_use_og":false,"twitter_card":"default","twitter_image_type":"default","twitter_image_url":null,"twitter_image_custom_url":null,"twitter_image_custom_fields":null,"twitter_title":null,"twitter_description":null,"schema":{"blockGraphs":[],"customGraphs":[],"default":{"data":{"Article":[],"Course":[],"Dataset":[],"FAQPage":[],"Movie":[],"Person":[],"Product":[],"ProductReview":[],"Car":[],"Recipe":[],"Service":[],"SoftwareApplication":[],"WebPage":[]},"graphName":"Article","isEnabled":true},"graphs":[]},"schema_type":"default","schema_type_options":"{\"article\":{\"articleType\":\"BlogPosting\"},\"course\":{\"name\":\"\",\"description\":\"\",\"provider\":\"\"},\"faq\":{\"pages\":[]},\"product\":{\"reviews\":[]},\"recipe\":{\"ingredients\":[],\"instructions\":[],\"keywords\":[]},\"software\":{\"reviews\":[],\"operatingSystems\":[]},\"webPage\":{\"webPageType\":\"WebPage\"}}","pillar_content":false,"robots_default":true,"robots_noindex":false,"robots_noarchive":false,"robots_nosnippet":false,"robots_nofollow":false,"robots_noimageindex":false,"robots_noodp":false,"robots_notranslate":false,"robots_max_snippet":"-1","robots_max_videopreview":"-1","robots_max_imagepreview":"large","priority":null,"frequency":"default","location":null,"local_seo":null,"breadcrumb_settings":null,"limit_modified_date":false,"ai":{"faqs":[],"keyPoints":[],"schemas":[],"titles":[],"descriptions":[],"socialPosts":{"email":[],"linkedin":[],"twitter":[],"facebook":[],"instagram":[]}},"created":"2020-12-21 05:34:09","updated":"2026-06-06 10:14:23","primary_term":null,"seo_analyzer_scan_date":null},"aioseo_breadcrumb":"<div class=\"aioseo-breadcrumbs\"><span class=\"aioseo-breadcrumb\">\n\t\t\t<a href=\"https:\/\/pariswells.com\/blog\" title=\"Home\">Home<\/a>\n\t\t<\/span><span class=\"aioseo-breadcrumb-separator\">&raquo;<\/span><span class=\"aioseo-breadcrumb\">\n\t\t\t<a href=\"https:\/\/pariswells.com\/blog\/category\/research\" title=\"Research\">Research<\/a>\n\t\t<\/span><span class=\"aioseo-breadcrumb-separator\">&raquo;<\/span><span class=\"aioseo-breadcrumb\">\n\t\t\t365 Standards\\Best Practices\n\t\t<\/span><\/div>","aioseo_breadcrumb_json":[{"label":"Home","link":"https:\/\/pariswells.com\/blog"},{"label":"Research","link":"https:\/\/pariswells.com\/blog\/category\/research"},{"label":"365 Standards\\Best Practices","link":"https:\/\/pariswells.com\/blog\/research\/365-standards"}],"_links":{"self":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts\/3463","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/comments?post=3463"}],"version-history":[{"count":69,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts\/3463\/revisions"}],"predecessor-version":[{"id":9708,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts\/3463\/revisions\/9708"}],"wp:attachment":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/media?parent=3463"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/categories?post=3463"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/tags?post=3463"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}