Advice Request Would there be interest in a NIST security template for Microsoft 365?

Please provide comments and solutions that are helpful to the author of this topic.

Stenographers

Level 2
Thread author
Nov 11, 2022
48
Working through NIST compliance on my personal 365 tenant for practice. Once I get it up to snuff, I'm thinking I'll use Microsoft 365 Desired State Configuration powershell to make some templates people can apply to their own Microsoft tenants to accelerate their compliance journey. Would there be any interest on this forum for that once I have it done?
 

Andrezj

Level 6
Nov 21, 2022
248
To run, DSC requires PowerShell remoting to be enabled. Not the safest configuration. A "stop-gap" counter-measure might be to block the WSMan service port(s).

There are already DSC templates for security on GitHub, plus online discussions:


 
Upvote 0

Malleable

Level 1
Mar 2, 2021
45
Working through NIST compliance on my personal 365 tenant for practice. Once I get it up to snuff, I'm thinking I'll use Microsoft 365 Desired State Configuration powershell to make some templates people can apply to their own Microsoft tenants to accelerate their compliance journey. Would there be any interest on this forum for that once I have it done?
Is this in a controlled unclassified information setting? Just curious.
 
Upvote 0

Stenographers

Level 2
Thread author
Nov 11, 2022
48
To run, DSC requires PowerShell remoting to be enabled. Not the safest configuration. A "stop-gap" counter-measure might be to block the WSMan service port(s).

There are already DSC templates for security on GitHub, plus online discussions:


So this is actually different than Powershell DSC. This is DSC for Microsoft 365, configuring things like conditional access and Exchange online transport rules for example. It isn't something that would be ran against a Windows server and doesn't require any PS remoting of any machines.
 
Upvote 0

Andrezj

Level 6
Nov 21, 2022
248
So this is actually different than Powershell DSC. This is DSC for Microsoft 365, configuring things like conditional access and Exchange online transport rules for example. It isn't something that would be ran against a Windows server and doesn't require any PS remoting of any machines.
Microsoft365 DSC runs "on top" of DSC for Windows; there are not separate versions of the underlying DSC. All DSC modules run on DSC for Windows. For DSC to run, PowerShell remoting must be enabled.


"
  • Microsoft365DSC provides automation for the deployment, configuration, and monitoring of Microsoft 365 tenants via PowerShell DSC.
"

 
Upvote 0

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top