Security Assessment

55 checks • Score: 72/100

All tiersStarter+

Professional+

Score

Passed

Failed

Warnings

Results by Workload

Check ID	Name	Severity	Status	Workload
BT.ENTRA.1.1	Block Legacy Authentication	critical	Fail	Entra ID
BT.ENTRA.2.1	Require MFA for All Users	critical	Fail	Entra ID
BT.ENTRA.2.3	Enforce MFA for Admin Roles	critical	Fail	Entra ID
BT.ENTRA.3.1	Limit Global Admin Count	high	Fail	Entra ID
BT.ENTRA.3.2	Use PIM for Privileged Roles	high	Fail	Entra ID
BT.ENTRA.4.1	Configure Password Expiration Policy	medium	Pass	Entra ID
BT.ENTRA.5.1	Enable Self-Service Password Reset	low	Pass	Entra ID
BT.ENTRA.6.1	Configure Sign-In Risk Policy	high	Warning	Entra ID
BT.ENTRA.6.2	Configure User Risk Policy	high	Warning	Entra ID
BT.ENTRA.7.1	Restrict Guest Access	medium	Pass	Entra ID
BT.ENTRA.7.2	Restrict Guest Invite Settings	medium	Pass	Entra ID
BT.ENTRA.8.1	Restrict App Registration	medium	Pass	Entra ID
BT.ENTRA.8.2	Require Admin Approval for App Consent	high	Pass	Entra ID
BT.ENTRA.9.1	Maintain Break-Glass Accounts	high	Pass	Entra ID
BT.ENTRA.9.2	Monitor Break-Glass Accounts	medium	Warning	Entra ID
BT.EXO.1.1	Block Auto-Forwarding to External Domains	critical	Pass	Exchange
BT.EXO.2.1	Enable DKIM for All Domains	high	Pass	Exchange
BT.EXO.2.2	Configure SPF Record	high	Pass	Exchange
BT.EXO.2.3	Configure DMARC	high	Warning	Exchange
BT.EXO.3.1	Enable Audit Logging	medium	Pass	Exchange
BT.EXO.4.1	Enable Safe Attachments	high	Fail	Exchange
BT.EXO.4.2	Enable Safe Links	high	Fail	Exchange
BT.EXO.5.1	Enable External Sender Callouts	low	Pass	Exchange
BT.EXO.6.1	Configure Anti-Phishing Policy	high	Pass	Exchange
BT.EXO.7.1	Block Direct Sign-In for Shared Mailboxes	medium	Fail	Exchange
BT.EXO.8.1	Configure Retention Policy	medium	Pass	Exchange
BT.EXO.9.1	Restrict OWA File Access	low	Warning	Exchange
BT.SPO.1.1	Manage External Sharing	high	Fail	SharePoint
BT.SPO.1.2	Default Sharing Links to Company-Only	medium	Pass	SharePoint
BT.SPO.2.1	Configure Guest Sharing Expiration	medium	Warning	SharePoint
BT.SPO.3.1	Restrict OneDrive Sync to Managed Devices	medium	Pass	SharePoint
BT.SPO.4.1	Configure DLP Policies	high	Fail	SharePoint
BT.SPO.5.1	Enable Versioning	low	Pass	SharePoint
BT.SPO.5.2	Restrict Site Creation	low	Pass	SharePoint
BT.SPO.6.1	Apply Conditional Access	high	Pass	SharePoint
BT.SPO.7.1	Configure Sensitivity Labels	medium	Warning	SharePoint
BT.SPO.8.1	Block Legacy Authentication for SharePoint	high	Pass	SharePoint
BT.TEAMS.1.1	Restrict External Access	medium	Pass	Teams
BT.TEAMS.1.2	Control Guest Access	medium	Pass	Teams
BT.TEAMS.2.1	Enable Meeting Lobby	medium	Fail	Teams
BT.TEAMS.2.2	Restrict Anonymous Meeting Join	medium	Warning	Teams
BT.TEAMS.3.1	Manage Third-Party Apps	medium	Pass	Teams
BT.TEAMS.3.2	Restrict Custom Apps	low	Pass	Teams
BT.TEAMS.4.1	Manage Cloud Recording Storage	low	Pass	Teams
BT.TEAMS.5.1	Extend DLP Policies to Teams	high	Fail	Teams
BT.TEAMS.6.1	Apply Retention Policies to Teams	medium	Pass	Teams
BT.TEAMS.7.1	Evaluate Communication Compliance	low	Pass	Teams
BT.DEF.1.1	Enable Unified Audit Log	critical	Pass	Defender
BT.DEF.2.1	Configure Alert Policies	high	Pass	Defender
BT.DEF.3.1	Enable Threat Investigation	medium	Pass	Defender
BT.DEF.4.1	Review Secure Score Recommendations	low	Pass	Defender
BT.DEF.5.1	Configure Device Compliance Policies	high	Fail	Defender
BT.DEF.6.1	Require Compliant Devices via Conditional Access	high	Fail	Defender
BT.DEF.7.1	Evaluate Information Barriers	low	Pass	Defender
BT.DEF.8.1	Restrict eDiscovery Roles	medium	Pass	Defender