Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

SmartProfiler Security Indicators

Microsoft Active Directory Indicators

MITRE and ANSSI Supported Active Directory Assessment by SmartProfiler

51 Health Checks

190 Security Checks

49 Configuration Checks

SmartProfiler for Active Directory can look for both Security Indicators; Indicator Of Exposure (IOE) and Indicator Of Compromise (IOC).

Evidence that someone may have accessed a network or endpoint within an organization is known as an indicator of compromise, or IOC. This forensic data not only points to a possible danger, but also indicates that an attack—such as one involving malware, credential theft, or data exfiltration—has already taken place. Event logs, extended detection and response (XDR) systems, and security information and event management (SIEM) systems are the places where security experts look for IOCs. The team use IOCs to neutralize threats and minimize damage during an attack. IOCs aid an organization’s security team in strengthening security and lowering the likelihood of a recurrence of a similar incident by providing a deeper understanding of what transpired after recovery. 

“Indicators of Exposure” describes various attack vectors that could be easily exploited by hackers to get access to a company. These attack vectors could include misconfigured or Active Directory components.

SmartProfiler for Active Directory supports Security Indicators recommended by ANSSI, MITRE and Microsoft.

SECURITY INDICATORS - RISKY ITEMS CHECKS

Orphaned Admins on AdminSDHolder IOC
Dangerous Permissions on AdminSDHolder IOC
AdminSDHolder was Modified in last 30 days IOC
Constrained delegation to domain controller service IOC
Resource-based constrained delegation on domain controllers IOC
Anonymous Access to Active Directory IOE
Anonymous or EVERYONE in Pre-Windows 2000 Group IOE IOC
Potentially Sensitive Information Found in User Description Field IOE IOC
Found Hidden Domain Controllers IOE
Successful Exploit Machine Accounts Found IOE
Possible User-based Service Accounts found IOC
Objects Modified in Last 10 Days IOE IOC
Objects Created in Last 10 Days IOE IOC
Domain Trusts Found IOE IOC
Anyone can Join Computers to Domain IOE
Replication Errors DCs IOE
Normal Users Full Control Permissions on OUs IOE
EVERYONE Full Control Permissions on OUs IOE
Allowed RODC Password Replication Group is not empty IOE
Found Privileged Groups in msDS-RevealOnDemandGroup of RODC IOE
Managed service accounts with passwords unchanged for more than 90 days IOE
Denied RODC Password Replication Group missing Privileged Accounts IOE
msDS-NeverRevealGroupattribute RODC missing Privileged Accounts IOE
Schema Admin Group members IOE
Unsecure Updates Zones IOE IOC
Missing Domain Zones Scavenging IOC
AD Partitions Backup Status  

PRIVILEGED ACCOUNTS CHECKS

Misconfigured Administrative Accounts Found IOE IOC
Missing Privileged Groups in Protected Users Group IOE IOC
Privileged Accounts Pass Never Expires IOE IOC
Too Many Privileged Accounts IOC
Inactive Admins IOE
Privileged Groups Contain more than 20 members IOE
Kerberos Pre-authentication Disabled IOE IOC
Disabled Admins part of Privileged Groups IOE
Passwords Not Changed within 90 days IOE
DNSAdmins Group has members IOE IOC
Privileged Groups Contained Computer Accounts IOE IOC
Privileged Admins missing AdminCount=1 Flag IOC
ForeignSecurityPrincipals In Privileged Groups IOE IOC
Operators Groups are not empty IOE IOC
Weak Password Policies Affected Admins IOE IOC
Password Do Not Expire IOE
AdminsCount Flag set users not acting as Admins IOC

DOMAIN CONTROLLER CHECKS

Domain Controllers Modified with PrimaryGroupID IOC
SMB 1 Protocol Enabled DCs IOE
AllowNT4Crypto DCs IOE
LAN Manager password hashes Enabled DCs IOE
SMB Signing Disabled DCs IOE
LDAP Signing Disabled DCs IOE
TLS 1.1 Enabled DCs IOE
NTLM Authentication Enabled DCs IOE
Inconsistent DCs IOE
RC4 Encryption Enabled DCs IOE
Unauthenticated DCs since last 45 Days IOE
Secrets not renewed DCs IOE
Managed Service Accounts Not Linked IOE
Missing Updates DCs IOE
Missed Reboot Cycles DCs IOE
No Contacts with Domain Controllers in Last Three Months IOE

Microsoft 365 Indicators

115 CIS Checks

119 SmartProfiler Checks

CIS V3.1.0 Tests

Here is the list of tests included with SmartProfiler for M365. SmartProfiler offers additional tests which are not included in CIS V3.1.0 list.

Category CISProfile Test
M365 Admin Center-Users E3 Level 1 Ensure Administrative accounts are separate and cloud-only
M365 Admin Center-Users E3 Level 1 Ensure two emergency access accounts have been defined
M365 Admin Center-Users E3 Level 1 Ensure that between two and four global admins are designated
M365 Admin Center-Users E3 Level 1 Ensure Guest Users are reviewed at least biweekly
M365 Admin Center-Teams and Groups E3 Level 2 Ensure that only organizationally managed-approved public groups exist
M365 Admin Center-Teams and Groups E3 Level 1 Ensure sign-in to shared mailboxes is blocked
M365 Admin Center-Settings E3 Level 1 Ensure the Password expiration policy is set to Set passwords to never expire (recommended)
M365 Admin Center-Settings E3 Level 1 Ensure Idle session timeout is set to 3 hours (or less) for unmanaged devices
M365 Admin Center-Settings E3 Level 2 Ensure calendar details sharing with external users is disabled
M365 Admin Center-Settings E3 Level 1 Ensure User owned apps and services is restricted
M365 Admin Center-Settings E3 Level 1 Ensure internal phishing protection for Forms is enabled
M365 Admin Center-Settings E5 Level 2 Ensure the customer lockbox feature is enabled
M365 Admin Center-Settings E3 Level 2 Ensure third-party storage services are restricted in Microsoft 365 on the web
M365 Admin Center-Settings E3 Level 2 Ensure that Sways cannot be shared with people outside of your organization
Microsoft 365 Defender-Email and Collaboration E5 Level 2 Ensure Safe Links for Office Applications is Enabled
Microsoft 365 Defender-Email and Collaboration E3 Level 1 Ensure the Common Attachment Types Filter is enabled
Microsoft 365 Defender-Email and Collaboration E3 Level 1 Ensure notifications for internal users sending malware is Enabled
Microsoft 365 Defender-Email and Collaboration E5 Level 2 Ensure Safe Attachments policy is enabled
Microsoft 365 Defender-Email and Collaboration E5 Level 2 Ensure Safe Attachments for SharePoint-OneDrive-Microsoft Teams is Enabled
Microsoft 365 Defender-Email and Collaboration E3 Level 1 Ensure Exchange Online Spam Policies are set correctly
Microsoft 365 Defender-Email and Collaboration E5 Level 1 Ensure that an anti-phishing policy has been created
Microsoft 365 Defender-Email and Collaboration E3 Level 1 Ensure that SPF records are published for all Exchange Domains
Microsoft 365 Defender-Email and Collaboration E3 Level 1 Ensure that DKIM is enabled for all Exchange Online Domains
Microsoft 365 Defender-Email and Collaboration E3 Level 1 Ensure DMARC Records for all Exchange Online domains are published
Microsoft 365 Defender-Email and Collaboration E5 Level 1 Ensure the spoofed domains report is review weekly
Microsoft 365 Defender-Email and Collaboration E3 Level 1 Ensure the Restricted entities report is reviewed weekly
Microsoft 365 Defender-Email and Collaboration E3 Level 1 Ensure all security threats in the Threat protection status report are reviewed at least weekly
Microsoft 365 Defender-Audit E3 Level 1 Ensure the Account Provisioning Activity report is reviewed at least weekly
Microsoft 365 Defender-Audit E3 Level 1 Ensure non-global administrator role group assignments are reviewed at least weekly
Microsoft 365 Defender-Settings E5 Level 1 Ensure Priority account protection is enabled and configured
Microsoft 365 Defender-Settings E5 Level 1 Ensure Priority accounts have Strict protection presets applied
Microsoft 365 Defender-Settings E5 Level 2 Ensure Microsoft Defender for Cloud Apps is Enabled
Microsoft Purview-Audit E3 Level 1 Ensure Microsoft 365 audit log search is Enabled
Microsoft Purview-Audit E3 Level 1 Ensure user role group changes are reviewed at least weekly
Microsoft Purview-Data Loss Protection E3 Level 1 Ensure DLP policies are enabled
Microsoft Purview-Data Loss Protection E5 Level 1 Ensure DLP policies are enabled for Microsoft Teams
Microsoft Purview-Information Protection E3 Level 1 Ensure SharePoint Online Information Protection policies are set up and used
Microsoft Entra admin center-Identity-Overview E3 Level 1 Ensure Security Defaults is disabled on Azure Active Directory
Microsoft Entra admin center-Identity-Users E3 Level 1 Ensure Per-user MFA is disabled
Microsoft Entra admin center-Identity-Users E3 Level 2 Ensure third party integrated applications are not allowed
Microsoft Entra admin center-Identity-Users E3 Level 1 Ensure Restrict non-admin users from creating tenants is set to Yes
Microsoft Entra admin center-Identity-Users E3 Level 1 Ensure Restrict access to the Azure AD administration portal is set to Yes
Microsoft Entra admin center-Identity-Users E3 Level 2 Ensure the option to remain signed in is hidden
Microsoft Entra admin center-Identity-Users E3 Level 2 Ensure LinkedIn account connections is disabled
Microsoft Entra admin center-Identity-Groups E3 Level 1 Ensure a dynamic group for guest users is created
Microsoft Entra admin center-Identity-Applications E3 Level 1 Ensure the Application Usage report is reviewed at least weekly
Microsoft Entra admin center-Identity-Applications E3 Level 2 Ensure user consent to apps accessing company data on their behalf is not allowed
Microsoft Entra admin center-Identity-Applications E3 Level 1 Ensure the admin consent workflow is enabled
Microsoft Entra admin center-Identity-External Identities E3 Level 2 Ensure that collaboration invitations are sent to allowed domains only
Microsoft Entra admin center-Identity-Hybrid Management E3 Level 1 Ensure that password hash sync is enabled for hybrid deployments
Microsoft Entra admin center-Protection-Conditional Access E3 Level 1 Ensure multifactor authentication is enabled for all users in administrative roles
Microsoft Entra admin center-Protection-Conditional Access E3 Level 1 Ensure multifactor authentication is enabled for all users
Microsoft Entra admin center-Protection-Conditional Access E3 Level 1 Enable Conditional Access policies to block legacy authentication
Microsoft Entra admin center-Protection-Conditional Access E3 Level 1 Ensure Sign-in frequency is enabled and browser sessions are not persistent for Administrative users
Microsoft Entra admin center-Protection-Conditional Access E3 Level 2 Ensure Phishing-resistant MFA strength is required for Administrators
Microsoft Entra admin center-Protection-Conditional Access E5 Level 2 Enable Azure AD Identity Protection user risk policies
Microsoft Entra admin center-Protection-Conditional Access E5 Level 2 Enable Azure AD Identity Protection sign-in risk policies
Microsoft Entra admin center-Protection-Conditional Access E3 Level 1 Ensure Microsoft Azure Management is limited to administrative roles
Microsoft Entra admin center-Protection-Authentication Methods E3 Level 1 Ensure Microsoft Authenticator is configured to protect against MFA fatigue
Microsoft Entra admin center-Protection-Authentication Methods E3 Level 1 Ensure custom banned passwords lists are used
Microsoft Entra admin center-Protection-Authentication Methods E3 Level 1 Ensure that password protection is enabled for Active Directory
Microsoft Entra admin center-Protection-Password Reset E3 Level 1 Ensure Self service password reset enabled is set to All
Microsoft Entra admin center-Protection-Password Reset E3 Level 1 Ensure the self-service password reset activity report is reviewed at least weekly
Microsoft Entra admin center-Protection-Risk Activities E3 Level 1 Ensure the Azure AD Risky sign-ins report is reviewed at least weekly
Microsoft Entra admin center-Identity Governance E5 Level 2 Ensure Privileged Identity Management is used to manage roles
Microsoft Entra admin center-Identity Governance E5 Level 2 Ensure Access reviews for Guest Users are configured
Microsoft Entra admin center-Identity Governance E5 Level 1 Ensure Access reviews for high privileged Azure AD roles are configured
Microsoft Exchange admin center-Audit E3 Level 1 Ensure AuditDisabled organizationally is set to False
Microsoft Exchange admin center-Audit E3 Level 1 Ensure mailbox auditing for E3 users is Enabled
Microsoft Exchange admin center-Audit E5 Level 1 Ensure mailbox auditing for E5 users is Enabled
Microsoft Exchange admin center-Audit E3 Level 1 Ensure AuditBypassEnabled is not enabled on mailboxes
Microsoft Exchange admin center-Mailflow E3 Level 1 Ensure all forms of mail forwarding are blocked and-or disabled
Microsoft Exchange admin center-Mailflow E3 Level 1 Ensure mail transport rules do not whitelist specific domains
Microsoft Exchange admin center-Mailflow E3 Level 1 Ensure Tagging is enabled for External Emails
Microsoft Exchange admin center-Mailflow E3 Level 1 Ensure Tagging does not allow specific domains
Microsoft Exchange admin center-Roles E3 Level 2 Ensure users installing Outlook add-ins is not allowed
Microsoft Exchange admin center-Reports E3 Level 1 Ensure mail forwarding rules are reviewed at least weekly
Microsoft Exchange admin center-Settings E3 Level 1 Ensure modern authentication for Exchange Online is enabled
Microsoft Exchange admin center-Settings E3 Level 2 Ensure MailTips are enabled for end users
Microsoft Exchange admin center-Settings E3 Level 2 Ensure external storage providers available in Outlook on the Web are restricted
Microsoft SharePoint Admin Center-Policies E3 Level 1 Ensure modern authentication for SharePoint applications is required
Microsoft SharePoint Admin Center-Policies E3 Level 1 Ensure SharePoint and OneDrive integration with Azure AD B2B is enabled
Microsoft SharePoint Admin Center-Policies E3 Level 1 Ensure external content sharing is restricted
Microsoft SharePoint Admin Center-Policies E3 Level 2 Ensure OneDrive content sharing is restricted
Microsoft SharePoint Admin Center-Policies E3 Level 2 Ensure that SharePoint guest users cannot share items they dont own
Microsoft SharePoint Admin Center-Policies E3 Level 1 Ensure link sharing is restricted in SharePoint and OneDrive
Microsoft SharePoint Admin Center-Policies E3 Level 2 Ensure external sharing is restricted by security group
Microsoft SharePoint Admin Center-Policies E3 Level 1 Ensure expiration time for external sharing links is set
Microsoft SharePoint Admin Center-Policies E3 Level 1 Ensure reauthentication with verification code is restricted
Microsoft SharePoint Admin Center-Settings E5 Level 2 Ensure Microsoft 365 SharePoint infected files are disallowed for download
Microsoft SharePoint Admin Center-Settings E3 Level 2 Block OneDrive for Business sync from unmanaged devices
Microsoft SharePoint Admin Center-Settings E3 Level 1 Ensure custom script execution is restricted on personal sites
Microsoft SharePoint Admin Center-Settings E3 Level 1 Ensure custom script execution is restricted on site collections
Microsoft Teams Admin Center-Teams E3 Level 2 Ensure external file sharing in Teams is enabled for only approved cloud storage services
Microsoft Teams Admin Center-Teams E3 Level 1 Ensure users cant send emails to a channel email address
Microsoft Teams Admin Center-Users E3 Level 2 Ensure external access is restricted in the Teams admin center
Microsoft Teams Admin Center-Teams Apps E3 Level 1 Ensure app permission policies are configured
Microsoft Teams Admin Center-Meetings E3 Level 2 Ensure anonymous users cant join a meeting
Microsoft Teams Admin Center-Meetings E3 Level 1 Ensure anonymous users and dial-in callers cant start a meeting
Microsoft Teams Admin Center-Meetings E3 Level 1 Ensure only people in my org can bypass the lobby
Microsoft Teams Admin Center-Meetings E3 Level 1 Ensure users dialing in cant bypass the lobby
Microsoft Teams Admin Center-Meetings E3 Level 1 Ensure meeting chat does not allow anonymous users
Microsoft Teams Admin Center-Meetings E3 Level 1 Ensure only organizers and co-organizers can present
Microsoft Teams Admin Center-Meetings E3 Level 1 Ensure external participants cant give or request control
Microsoft Teams Admin Center-Messaging E3 Level 1 Ensure users can report security concerns in Teams
Microsoft Fabric-Tenant Settings E3 Level 1 Ensure guest user access is restricted
Microsoft Fabric-Tenant Settings E3 Level 1 Ensure external user invitations are restricted
Microsoft Fabric-Tenant Settings E3 Level 1 Ensure guest access to content is restricted
Microsoft Fabric-Tenant Settings E3 Level 1 Ensure Publish to web is restricted
Microsoft Fabric-Tenant Settings E3 Level 2 Ensure Interact with and share R and Python visuals is Disabled
Microsoft Fabric-Tenant Settings E3 Level 1 Ensure Allow users to apply sensitivity labels for content is Enabled
Microsoft Fabric-Tenant Settings E3 Level 1 Ensure shareable links are restricted
Microsoft Fabric-Tenant Settings E3 Level 1 Ensure enabling of external data sharing is restricted
Microsoft Fabric-Tenant Settings E3 Level 1 Ensure Block ResourceKey Authentication is Enabled
Translate »
StatCounter - Free Web Tracker and Counter
Index