CyberSecurityBoard
Sponsor Register Login

CISA Releases Microsoft 365 Secure Configuration Baselines and SCuBAGear Tool

CISA has published the finalized Microsoft 365 Secure Configuration Baselines, designed to bolster the security and resilience of organizations' Microsoft 365 cloud services.
This guidance release is accompanied by the updated SCuBAGear tool that assesses organizations' M365 cloud services per CISA's recommended baselines.
Today's release incorporates stakeholder input from last year's public comment period and pilot effort with federal agencies.
Changes to the draft Microsoft 365 Secure Configuration Baselines were integrated with the SCuBAGear tool, which is also now more automated to reduce organization effort.
CISA thanks all whose input took this guidance from a series of best practices to actionable policies and made the SCuBAGear tool easier to use.
Organizations are urged to review these baselines and utilize the SCuBAGear tool.
This product is provided subject to this Notification and this Privacy & Use policy.


This Cyber News was published on www.cisa.gov. Publication date: Thu, 21 Dec 2023 19:13:05 +0000


Cyber News related to CISA Releases Microsoft 365 Secure Configuration Baselines and SCuBAGear Tool

CISA Finalizes Microsoft 365 Secure Configuration Baselines - When CISA initiated its Secure Cloud Business Applications project, our goal was to elevate the federal government's baseline for email and cloud environments by optimizing the security capabilities available within widely used products and services ...
1 year ago Cisa.gov Cuba
CISA Seeks Public Comment on Newly Developed Secure Configuration Baselines for Google Workspace - As federal civilian agencies continue to modernize IT enterprises, increased reliance on cloud services, platform services, and external providers has introduced new types of risks. Recent threat activity from groups such as Storm-0558 have ...
1 year ago Cisa.gov Cuba
CISA Releases Microsoft 365 Secure Configuration Baselines and SCuBAGear Tool - CISA has published the finalized Microsoft 365 Secure Configuration Baselines, designed to bolster the security and resilience of organizations' Microsoft 365 cloud services. This guidance release is accompanied by the updated SCuBAGear tool that ...
1 year ago Cisa.gov Cuba
CISA Asks on Google Workspace Secure Configuration Baselines - In a groundbreaking stride towards fortifying cloud security, the Cybersecurity and Infrastructure Security Agency unveils the Secure Cloud Business Applications Google Workspace Secure Configuration Baselines. This architectural marvel establishes a ...
1 year ago Gbhackers.com Cuba
CISA Unveils Tools to Strengthen Google Cloud Services - As organizations continue their migration to the cloud, threat groups are not far behind. According to a report earlier this year from cybersecurity firm CrowdStrike, the number of attacks against cloud environments in 2022 jumped 95% year-over-year, ...
1 year ago Securityboulevard.com Cuba
CISA Seeks Public Opinion on Google Workspace Secure Configuration Baselines - The US cybersecurity agency CISA on Tuesday released draft guidance and capabilities for federal agencies to securely use Google Workspace services. The proposed materials, for which CISA is seeking public comment, include Secure Cloud Business ...
1 year ago Securityweek.com Cuba
CISA Releases SCuBA Google Workspace Secure Configuration Baselines for Public Comment - Today, CISA released the draft Secure Cloud Business Applications Google Workspace Secure Configuration Baselines and the associated assessment tool ScubaGoggles for public comment. The ScubaGoggles tool assesses GWS tenants' compliance against the ...
1 year ago Cisa.gov Cuba
CVE-2022-48826 - In the Linux kernel, the following vulnerability has been resolved: ...
6 months ago
Veeam adds BaaS capabilities for Veeam Backup for Microsoft 365 - Veeam Software has expanded its relationship with Microsoft. Veeam is making it easier for customers to protect Microsoft 365 with Cirrus by Veeam which brings the ease and flexibility of Backup-as-a-Service for Microsoft 365. Utilizing the power and ...
1 year ago Helpnetsecurity.com
Microsoft Incident Response lessons on preventing cloud identity compromise - Microsoft Incident Response is often engaged in cases where organizations have lost control of their Microsoft Entra ID tenant, due to a combination of misconfiguration, administrative oversight, exclusions to security policies, or insufficient ...
1 year ago Microsoft.com
CISA adds Check Point Quantum Security Gateways and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog - CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog. CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities catalog. CISA adds Google Chrome zero-days to its Known Exploited Vulnerabilities catalog. CISA adds ...
1 year ago Securityaffairs.com
25 Best Managed Security Service Providers (MSSP) - 2025 - Pros & Cons: ProsConsStrong threat intelligence & expert SOCs.High pricing for SMBs.24/7 monitoring & rapid incident response.Complex UI and steep learning curve.Flexible, scalable, hybrid deployments.Limited visibility into endpoint ...
2 weeks ago Cybersecuritynews.com
New Microsoft Incident Response guides help security teams analyze suspicious activity - Today Microsoft Incident Response are proud to introduce two one-page guides to help security teams investigate suspicious activity in Microsoft 365 and Microsoft Entra. These guides contain the artifacts that Microsoft Incident Response hunts for ...
1 year ago Microsoft.com
CISA pledges to resolve issues with threat sharing system after watchdog report - On Friday, the Department of Homeland Security’s Office of the Inspector General published a report on Automated Indicator Sharing (AIS) — which was used to spread cyber threat intelligence and was mandated as part of a 2015 law. The nation’s ...
9 months ago Therecord.media
Microsoft 365 To Block Downloaded Excel XLL Add-Ins To Boost Security - Microsoft has recently announced that in order to help improve security, Microsoft 365 is now blocking the download of XLL add-ins for Excel on both Window PCs and Apple Macs. This new feature will be put into effect early 2021, affecting both Office ...
2 years ago Bleepingcomputer.com
​​Microsoft named as a Leader in three IDC MarketScapes for Modern Endpoint Security 2024 - With these security concerns top of mind, there is no surprise that in the last five years, the Modern Endpoint Security market has nearly tripled in size to defend against emerging, sophisticated, and persistent threats. Microsoft Defender for ...
1 year ago Techcommunity.microsoft.com
Microsoft: Office 2016 and Office 2019 reach end of support in October - You can also switch to Office 2024, a standalone Office version released in October 2024 for small businesses and consumers without a Microsoft 365 subscription. This version includes locked-in-time versions of Word, Excel, PowerPoint, ...
2 months ago Bleepingcomputer.com
Microsoft Investigating Forms Service Issue Not Accessible for Users - Microsoft is currently investigating a significant service disruption affecting Microsoft Forms, leaving numerous users unable to access the popular online survey and quiz platform. The company stated, “We’re investigating an issue where ...
1 week ago Cybersecuritynews.com
Microsoft: Licensing issue blocks Microsoft 365 Family for some users - Microsoft is investigating a potential licensing issue blocking access to Microsoft 365 services for some customers with Family subscriptions. After a massive wave of user reports on social media and the company's community website, Microsoft ...
3 months ago Bleepingcomputer.com
Detecting Vulnerability Scanning Traffic From Underground Tools Using Machine Learning - Our structured query language (SQL) injection detection model detected triggers containing unusual patterns that did not correlate to any known open-source or commercial automated vulnerability scanning tool. We have tested all malicious payloads ...
9 months ago Unit42.paloaltonetworks.com
Microsoft fixes Outlook Desktop crashes when sending emails - Microsoft has fixed a known issue causing Outlook Desktop clients to crash when sending emails from Outlook.com accounts. These problems were first reported on Microsoft's community website and other social networks by customers saying they were ...
1 year ago Bleepingcomputer.com
Enabling Threat-Informed Cybersecurity: Evolving CISA's Approach to Cyber Threat Information Sharing - One of CISA's most important and enduring roles is providing timely and actionable cybersecurity information to our partners across the country. Nearly a decade ago, CISA stood up our Automated Indicator Sharing, or AIS, program to widely exchange ...
1 year ago Cisa.gov
15 PostgreSQL Monitoring Tools - 2025 - What is Good?What Could Be Better?Monitoring application performance, user experience, and errors.Some users find the pricing high, especially for larger environments.Continuous server, database, and infrastructure monitoring.The extensive feature ...
2 months ago Cybersecuritynews.com
Microsoft deprecates Defender Application Guard for Office - Microsoft is deprecating Defender Application Guard for Office and the Windows Security Isolation APIs, and it recommends Defender for Endpoint attack surface reduction rules, Protected View, and Windows Defender Application Control as an ...
1 year ago Bleepingcomputer.com
CISA Warns of Compromised Microsoft Accounts - CISA issued a fresh CISA emergency directive in early April instructing U.S. federal agencies to mitigate risks stemming from the breach of numerous Microsoft corporate email accounts by the Russian APT29 hacking group. The directive is known as ...
1 year ago Securityboulevard.com APT29

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)