diff --git a/PowerShell/ScubaGear/Sample-Reports/BaselineReports.html b/PowerShell/ScubaGear/Sample-Reports/BaselineReports.html index 274b99586..5e560e218 100644 Binary files a/PowerShell/ScubaGear/Sample-Reports/BaselineReports.html and b/PowerShell/ScubaGear/Sample-Reports/BaselineReports.html differ diff --git a/PowerShell/ScubaGear/Sample-Reports/IndividualReports/AADReport.html b/PowerShell/ScubaGear/Sample-Reports/IndividualReports/AADReport.html index 662bdcd7b..0ca97af9f 100644 Binary files a/PowerShell/ScubaGear/Sample-Reports/IndividualReports/AADReport.html and b/PowerShell/ScubaGear/Sample-Reports/IndividualReports/AADReport.html differ diff --git a/PowerShell/ScubaGear/Sample-Reports/IndividualReports/AADReport.json b/PowerShell/ScubaGear/Sample-Reports/IndividualReports/AADReport.json index ac0e05f28..0782c1b7b 100644 Binary files a/PowerShell/ScubaGear/Sample-Reports/IndividualReports/AADReport.json and b/PowerShell/ScubaGear/Sample-Reports/IndividualReports/AADReport.json differ diff --git a/PowerShell/ScubaGear/Sample-Reports/IndividualReports/DefenderReport.html b/PowerShell/ScubaGear/Sample-Reports/IndividualReports/DefenderReport.html index 9f2b416e2..277c6e526 100644 Binary files a/PowerShell/ScubaGear/Sample-Reports/IndividualReports/DefenderReport.html and b/PowerShell/ScubaGear/Sample-Reports/IndividualReports/DefenderReport.html differ diff --git a/PowerShell/ScubaGear/Sample-Reports/IndividualReports/DefenderReport.json b/PowerShell/ScubaGear/Sample-Reports/IndividualReports/DefenderReport.json index ca32afd9e..be93258ac 100644 Binary files a/PowerShell/ScubaGear/Sample-Reports/IndividualReports/DefenderReport.json and b/PowerShell/ScubaGear/Sample-Reports/IndividualReports/DefenderReport.json differ diff --git a/PowerShell/ScubaGear/Sample-Reports/IndividualReports/EXOReport.html b/PowerShell/ScubaGear/Sample-Reports/IndividualReports/EXOReport.html index 0f3587551..0ab294668 100644 Binary files a/PowerShell/ScubaGear/Sample-Reports/IndividualReports/EXOReport.html and b/PowerShell/ScubaGear/Sample-Reports/IndividualReports/EXOReport.html differ diff --git a/PowerShell/ScubaGear/Sample-Reports/IndividualReports/EXOReport.json b/PowerShell/ScubaGear/Sample-Reports/IndividualReports/EXOReport.json index fd655c31d..5a9138cca 100644 Binary files a/PowerShell/ScubaGear/Sample-Reports/IndividualReports/EXOReport.json and b/PowerShell/ScubaGear/Sample-Reports/IndividualReports/EXOReport.json differ diff --git a/PowerShell/ScubaGear/Sample-Reports/IndividualReports/PowerPlatformReport.html b/PowerShell/ScubaGear/Sample-Reports/IndividualReports/PowerPlatformReport.html index 5cfc76704..4d5021b7a 100644 Binary files a/PowerShell/ScubaGear/Sample-Reports/IndividualReports/PowerPlatformReport.html and b/PowerShell/ScubaGear/Sample-Reports/IndividualReports/PowerPlatformReport.html differ diff --git a/PowerShell/ScubaGear/Sample-Reports/IndividualReports/PowerPlatformReport.json b/PowerShell/ScubaGear/Sample-Reports/IndividualReports/PowerPlatformReport.json index af484e4fc..cd22c8a0f 100644 Binary files a/PowerShell/ScubaGear/Sample-Reports/IndividualReports/PowerPlatformReport.json and b/PowerShell/ScubaGear/Sample-Reports/IndividualReports/PowerPlatformReport.json differ diff --git a/PowerShell/ScubaGear/Sample-Reports/IndividualReports/SharePointReport.html b/PowerShell/ScubaGear/Sample-Reports/IndividualReports/SharePointReport.html index b484539b2..0d259f0d5 100644 Binary files a/PowerShell/ScubaGear/Sample-Reports/IndividualReports/SharePointReport.html and b/PowerShell/ScubaGear/Sample-Reports/IndividualReports/SharePointReport.html differ diff --git a/PowerShell/ScubaGear/Sample-Reports/IndividualReports/SharePointReport.json b/PowerShell/ScubaGear/Sample-Reports/IndividualReports/SharePointReport.json index e4f0995e9..adcd80d72 100644 Binary files a/PowerShell/ScubaGear/Sample-Reports/IndividualReports/SharePointReport.json and b/PowerShell/ScubaGear/Sample-Reports/IndividualReports/SharePointReport.json differ diff --git a/PowerShell/ScubaGear/Sample-Reports/IndividualReports/TeamsReport.html b/PowerShell/ScubaGear/Sample-Reports/IndividualReports/TeamsReport.html index 3bbd1170b..7d500bdd5 100644 Binary files a/PowerShell/ScubaGear/Sample-Reports/IndividualReports/TeamsReport.html and b/PowerShell/ScubaGear/Sample-Reports/IndividualReports/TeamsReport.html differ diff --git a/PowerShell/ScubaGear/Sample-Reports/IndividualReports/TeamsReport.json b/PowerShell/ScubaGear/Sample-Reports/IndividualReports/TeamsReport.json index d4d4b9a57..7b3c04816 100644 Binary files a/PowerShell/ScubaGear/Sample-Reports/IndividualReports/TeamsReport.json and b/PowerShell/ScubaGear/Sample-Reports/IndividualReports/TeamsReport.json differ diff --git a/PowerShell/ScubaGear/Sample-Reports/ProviderSettingsExport.json b/PowerShell/ScubaGear/Sample-Reports/ProviderSettingsExport.json index 46bb93a0b..69795d94c 100644 --- a/PowerShell/ScubaGear/Sample-Reports/ProviderSettingsExport.json +++ b/PowerShell/ScubaGear/Sample-Reports/ProviderSettingsExport.json @@ -1,8 +1,8 @@  { "baseline_version": "1", - "module_version": "1.2.0", - "date": "04/03/2024 12:32:34 Central Daylight Time", - "timestamp_zulu": "2024-04-03T17:32:34.712Z", + "module_version": "1.3.0", + "date": "06/05/2024 14:50:13 Central Daylight Time", + "timestamp_zulu": "2024-06-05T19:50:13.391Z", "tenant_details": [ { "AADAdditionalData": { @@ -431,7 +431,7 @@ "DeletedDateTime": null, "DirectorySizeQuota": { "Total": 300000, - "Used": 1110 + "Used": 1120 }, "DisplayName": "tqhjy", "Extensions": null, @@ -689,6 +689,7 @@ "TechnicalNotificationMails": [ "admin@example.com" ], + "TenantType": "AAD", "VerifiedDomains": [ { "Capabilities": "Email, OfficeCommunicationsOnline", @@ -699,8 +700,8 @@ } ], "AdditionalProperties": { - "tenantType": "AAD", "onPremisesSyncStatus": [ + "System.Collections.Generic.Dictionary`2[System.String,System.Object]" ] } }, @@ -709,26 +710,7 @@ "DomainName": "tqhjy.onmicrosoft.com" } ], - "scuba_config": { - "DisconnectOnExit": false, - "OutPath": ".", - "OutProviderFileName": "ProviderSettingsExport", - "M365Environment": "gcc", - "ProductNames": [ - "aad", - "defender", - "exo", - "powerplatform", - "sharepoint", - "teams" - ], - "OutFolderName": "M365BaselineConformance", - "OutJsonFileName": "ScubaResults", - "OutRegoFileName": "TestResults", - "Organization": "tqhjy.onmicrosoft.com", - "OutReportName": "BaselineReports", - "LogIn": true -}, + "scuba_config": {}, "conditional_access_policies": [ { @@ -751,6 +733,9 @@ ] }, + "AuthenticationFlows": { + "TransferMethods": null + }, "ClientAppTypes": [ "all" ], @@ -776,6 +761,7 @@ "IncludeDeviceStates": null, "IncludeDevices": null }, + "InsiderRiskLevels": null, "Locations": { "ExcludeLocations": null, "IncludeLocations": null @@ -845,7 +831,7 @@ "TermsOfUse": null }, "Id": "e430772e-f1c9-4618-9b68-4f125e80a288", - "ModifiedDateTime": "Date(1683901574815)", + "ModifiedDateTime": "Date(1717372277946)", "SessionControls": { "ApplicationEnforcedRestrictions": { "IsEnabled": null @@ -870,7 +856,7 @@ "FrequencyInterval": "timeBased", "IsEnabled": true, "Type": "days", - "Value": 2 + "Value": 4 } }, "State": "enabled", @@ -898,6 +884,9 @@ ] }, + "AuthenticationFlows": { + "TransferMethods": null + }, "ClientAppTypes": [ "all" ], @@ -923,6 +912,7 @@ "IncludeDeviceStates": null, "IncludeDevices": null }, + "InsiderRiskLevels": null, "Locations": { "ExcludeLocations": null, "IncludeLocations": null @@ -1045,6 +1035,9 @@ ] }, + "AuthenticationFlows": { + "TransferMethods": null + }, "ClientAppTypes": [ "all" ], @@ -1070,6 +1063,7 @@ "IncludeDeviceStates": null, "IncludeDevices": null }, + "InsiderRiskLevels": null, "Locations": { "ExcludeLocations": null, "IncludeLocations": null @@ -1199,6 +1193,9 @@ ] }, + "AuthenticationFlows": { + "TransferMethods": null + }, "ClientAppTypes": [ "all" ], @@ -1224,6 +1221,7 @@ "IncludeDeviceStates": null, "IncludeDevices": null }, + "InsiderRiskLevels": null, "Locations": { "ExcludeLocations": null, "IncludeLocations": null @@ -1358,6 +1356,9 @@ "urn:user:registersecurityinfo" ] }, + "AuthenticationFlows": { + "TransferMethods": null + }, "ClientAppTypes": [ "all" ], @@ -1383,6 +1384,7 @@ "IncludeDeviceStates": null, "IncludeDevices": null }, + "InsiderRiskLevels": null, "Locations": { "ExcludeLocations": [ "AllTrusted" @@ -1515,6 +1517,9 @@ "urn:user:registersecurityinfo" ] }, + "AuthenticationFlows": { + "TransferMethods": null + }, "ClientAppTypes": [ "all" ], @@ -1540,6 +1545,7 @@ "IncludeDeviceStates": null, "IncludeDevices": null }, + "InsiderRiskLevels": null, "Locations": { "ExcludeLocations": [ "AllTrusted" @@ -1672,6 +1678,9 @@ "urn:user:registersecurityinfo" ] }, + "AuthenticationFlows": { + "TransferMethods": null + }, "ClientAppTypes": [ "all" ], @@ -1697,6 +1706,7 @@ "IncludeDeviceStates": null, "IncludeDevices": null }, + "InsiderRiskLevels": null, "Locations": { "ExcludeLocations": [ "AllTrusted" @@ -1830,6 +1840,9 @@ "urn:user:registerdevice" ] }, + "AuthenticationFlows": { + "TransferMethods": null + }, "ClientAppTypes": [ "all" ], @@ -1855,6 +1868,7 @@ "IncludeDeviceStates": null, "IncludeDevices": null }, + "InsiderRiskLevels": null, "Locations": { "ExcludeLocations": null, "IncludeLocations": null @@ -1983,6 +1997,9 @@ ] }, + "AuthenticationFlows": { + "TransferMethods": null + }, "ClientAppTypes": [ "all" ], @@ -2008,6 +2025,7 @@ "IncludeDeviceStates": null, "IncludeDevices": null }, + "InsiderRiskLevels": null, "Locations": { "ExcludeLocations": null, "IncludeLocations": null @@ -2142,6 +2160,9 @@ ] }, + "AuthenticationFlows": { + "TransferMethods": null + }, "ClientAppTypes": [ "exchangeActiveSync", "other" @@ -2168,6 +2189,7 @@ "IncludeDeviceStates": null, "IncludeDevices": null }, + "InsiderRiskLevels": null, "Locations": { "ExcludeLocations": null, "IncludeLocations": null @@ -2296,6 +2318,9 @@ ] }, + "AuthenticationFlows": { + "TransferMethods": null + }, "ClientAppTypes": [ "all" ], @@ -2321,6 +2346,7 @@ "IncludeDeviceStates": null, "IncludeDevices": null }, + "InsiderRiskLevels": null, "Locations": { "ExcludeLocations": null, "IncludeLocations": null @@ -2449,6 +2475,9 @@ ] }, + "AuthenticationFlows": { + "TransferMethods": null + }, "ClientAppTypes": [ "all" ], @@ -2474,6 +2503,7 @@ "IncludeDeviceStates": null, "IncludeDevices": null }, + "InsiderRiskLevels": null, "Locations": { "ExcludeLocations": null, "IncludeLocations": null @@ -2602,6 +2632,9 @@ ] }, + "AuthenticationFlows": { + "TransferMethods": null + }, "ClientAppTypes": [ "all" ], @@ -2627,6 +2660,7 @@ "IncludeDeviceStates": null, "IncludeDevices": null }, + "InsiderRiskLevels": null, "Locations": { "ExcludeLocations": null, "IncludeLocations": null @@ -2734,6 +2768,163 @@ "AdditionalProperties": { } + }, + { + "Conditions": { + "Applications": { + "ApplicationFilter": { + "Mode": null, + "Rule": null + }, + "ExcludeApplications": [ + + ], + "IncludeApplications": [ + "None" + ], + "IncludeAuthenticationContextClassReferences": [ + + ], + "IncludeUserActions": [ + + ] + }, + "AuthenticationFlows": { + "TransferMethods": null + }, + "ClientAppTypes": [ + "all" + ], + "ClientApplications": { + "ExcludeServicePrincipals": null, + "IncludeServicePrincipals": null, + "ServicePrincipalFilter": { + "Mode": null, + "Rule": null + } + }, + "DeviceStates": { + "ExcludeStates": null, + "IncludeStates": null + }, + "Devices": { + "DeviceFilter": { + "Mode": null, + "Rule": null + }, + "ExcludeDeviceStates": null, + "ExcludeDevices": null, + "IncludeDeviceStates": null, + "IncludeDevices": null + }, + "InsiderRiskLevels": null, + "Locations": { + "ExcludeLocations": null, + "IncludeLocations": null + }, + "Platforms": { + "ExcludePlatforms": null, + "IncludePlatforms": null + }, + "ServicePrincipalRiskLevels": null, + "SignInRiskLevels": [ + + ], + "UserRiskLevels": [ + + ], + "Users": { + "ExcludeGroups": [ + + ], + "ExcludeGuestsOrExternalUsers": { + "ExternalTenants": { + "MembershipKind": null + }, + "GuestOrExternalUserTypes": null + }, + "ExcludeRoles": [ + + ], + "ExcludeUsers": [ + + ], + "IncludeGroups": [ + + ], + "IncludeGuestsOrExternalUsers": { + "ExternalTenants": { + "MembershipKind": null + }, + "GuestOrExternalUserTypes": null + }, + "IncludeRoles": [ + + ], + "IncludeUsers": [ + "None" + ] + } + }, + "CreatedDateTime": "Date(1706130757851)", + "Description": null, + "DisplayName": "Terms of Use Policy", + "GrantControls": { + "AuthenticationStrength": { + "AllowedCombinations": null, + "CombinationConfigurations": null, + "CreatedDateTime": null, + "Description": null, + "DisplayName": null, + "Id": null, + "ModifiedDateTime": null, + "PolicyType": null, + "RequirementsSatisfied": null + }, + "BuiltInControls": [ + + ], + "CustomAuthenticationFactors": [ + + ], + "Operator": "OR", + "TermsOfUse": [ + "99bf8fe7-2c57-4155-bcb5-d6b54de5cea7" + ] + }, + "Id": "fe0bdee1-2fc2-4fe4-8e2b-eefc608c2c04", + "ModifiedDateTime": null, + "SessionControls": { + "ApplicationEnforcedRestrictions": { + "IsEnabled": null + }, + "CloudAppSecurity": { + "CloudAppSecurityType": null, + "IsEnabled": null + }, + "ContinuousAccessEvaluation": { + "Mode": null + }, + "DisableResilienceDefaults": null, + "PersistentBrowser": { + "IsEnabled": null, + "Mode": null + }, + "SecureSignInSession": { + "IsEnabled": null + }, + "SignInFrequency": { + "AuthenticationType": null, + "FrequencyInterval": null, + "IsEnabled": null, + "Type": null, + "Value": null + } + }, + "State": "enabledForReportingButNotEnforced", + "AdditionalProperties": { + + } } ], "cap_table_data": [ @@ -2754,7 +2945,7 @@ ], "Block/Grant Access": "None", "Session Controls": [ - "Sign-in frequency (every 2 days)" + "Sign-in frequency (every 4 days)" ] }, { @@ -2817,26 +3008,6 @@ "None" ] }, - { - "Name": "Report - Block CAP Exclusion Test Accounts", - "State": "Report-only", - "Users": [ - "Users included: 1 specific group", - "Users excluded: None" - ], - "Apps/Actions": [ - "Policy applies to: apps", - "Apps included: None", - "Apps excluded: None" - ], - "Conditions": [ - "Client apps included: all" - ], - "Block/Grant Access": "Block access", - "Session Controls": [ - "None" - ] - }, { "Name": "Live - MFA registration with temporary access pass (limited users)", "State": "Report-only", @@ -3020,6 +3191,26 @@ "Session Controls": [ "None" ] + }, + { + "Name": "Terms of Use Policy", + "State": "Report-only", + "Users": [ + "Users included: None", + "Users excluded: None" + ], + "Apps/Actions": [ + "Policy applies to: apps", + "Apps included: None", + "Apps excluded: None" + ], + "Conditions": [ + "Client apps included: all" + ], + "Block/Grant Access": "Allow access but require terms of use", + "Session Controls": [ + "None" + ] } ], "authorization_policies": [ @@ -3087,7 +3278,6 @@ "OnPremisesImmutableId": null } }, - "privileged_roles": [ { "DisplayName": "Global Administrator", @@ -4016,12 +4206,12 @@ "escalationTimeInMinutes": 0, "isEscalationEnabled": false, "primaryApprovers": [ - { - "@odata.type": "#microsoft.graph.groupMembers", - "isBackup": false, - "id": "54e56ffb-a568-4c65-b04a-7a6feabab17c", - "description": "privileged escalation approvers" - } + { + "@odata.type": "#microsoft.graph.groupMembers", + "isBackup": false, + "id": "54e56ffb-a568-4c65-b04a-7a6feabab17c", + "description": "privileged escalation approvers" + } ], "escalationApprovers": [ @@ -4080,7 +4270,7 @@ "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ - "testme@gmail.com" + "admin@example.com" ] } }, @@ -4199,16 +4389,16 @@ "Id": null }, "DirectoryScopeId": "/", - "EndDateTime": "Date(1713400747800)", - "Id": "5wuT_mJe20eRr5jDpJo4sZ2S8Xp788lJsCHc-oH_idg-1", + "EndDateTime": null, + "Id": "5wuT_mJe20eRr5jDpJo4sVjciirFt4ZApcwkS430DOg-1", "MemberType": "Direct", "Principal": { "DeletedDateTime": null, "Id": null }, - "PrincipalId": "7af1929d-f37b-49c9-b021-dcfa81ff89d8", - "RoleAssignmentOriginId": "5wuT_mJe20eRr5jDpJo4sZ2S8Xp788lJsCHc-oH_idg-1", - "RoleAssignmentScheduleId": "359996d0-41ea-450e-a537-56e77b15c1ba", + "PrincipalId": "2a8adc58-b7c5-4086-a5cc-244b8df40ce8", + "RoleAssignmentOriginId": "5wuT_mJe20eRr5jDpJo4sVjciirFt4ZApcwkS430DOg-1", + "RoleAssignmentScheduleId": "5wuT_mJe20eRr5jDpJo4sVjciirFt4ZApcwkS430DOg-1", "RoleDefinition": { "AllowedPrincipalTypes": null, "Description": null, @@ -4224,7 +4414,7 @@ "Version": null }, "RoleDefinitionId": "fe930be7-5e62-47db-91af-98c3a49a38b1", - "StartDateTime": "Date(1710808775850)", + "StartDateTime": null, "AdditionalProperties": { } @@ -4281,15 +4471,15 @@ }, "DirectoryScopeId": "/", "EndDateTime": null, - "Id": "5wuT_mJe20eRr5jDpJo4sVjciirFt4ZApcwkS430DOg-1", + "Id": "5wuT_mJe20eRr5jDpJo4sXwV0C627m1FobGeEeQDs5s-1", "MemberType": "Direct", "Principal": { "DeletedDateTime": null, "Id": null }, - "PrincipalId": "2a8adc58-b7c5-4086-a5cc-244b8df40ce8", - "RoleAssignmentOriginId": "5wuT_mJe20eRr5jDpJo4sVjciirFt4ZApcwkS430DOg-1", - "RoleAssignmentScheduleId": "5wuT_mJe20eRr5jDpJo4sVjciirFt4ZApcwkS430DOg-1", + "PrincipalId": "2ed0157c-eeb6-456d-a1b1-9e11e403b39b", + "RoleAssignmentOriginId": "5wuT_mJe20eRr5jDpJo4sXwV0C627m1FobGeEeQDs5s-1", + "RoleAssignmentScheduleId": "5wuT_mJe20eRr5jDpJo4sXwV0C627m1FobGeEeQDs5s-1", "RoleDefinition": { "AllowedPrincipalTypes": null, "Description": null, @@ -4362,15 +4552,15 @@ }, "DirectoryScopeId": "/", "EndDateTime": null, - "Id": "5wuT_mJe20eRr5jDpJo4sXwV0C627m1FobGeEeQDs5s-1", + "Id": "5wuT_mJe20eRr5jDpJo4sRzmca5l9LZNjSZfPlK92AA-1", "MemberType": "Direct", "Principal": { "DeletedDateTime": null, "Id": null }, - "PrincipalId": "2ed0157c-eeb6-456d-a1b1-9e11e403b39b", - "RoleAssignmentOriginId": "5wuT_mJe20eRr5jDpJo4sXwV0C627m1FobGeEeQDs5s-1", - "RoleAssignmentScheduleId": "5wuT_mJe20eRr5jDpJo4sXwV0C627m1FobGeEeQDs5s-1", + "PrincipalId": "ae71e61c-f465-4db6-8d26-5f3e52bdd800", + "RoleAssignmentOriginId": "5wuT_mJe20eRr5jDpJo4sRzmca5l9LZNjSZfPlK92AA-1", + "RoleAssignmentScheduleId": "5wuT_mJe20eRr5jDpJo4sRzmca5l9LZNjSZfPlK92AA-1", "RoleDefinition": { "AllowedPrincipalTypes": null, "Description": null, @@ -4443,96 +4633,15 @@ }, "DirectoryScopeId": "/", "EndDateTime": null, - "Id": "5wuT_mJe20eRr5jDpJo4sRzmca5l9LZNjSZfPlK92AA-1", + "Id": "5wuT_mJe20eRr5jDpJo4sasxesy10mpEuvmE-XxwZAM-1", "MemberType": "Direct", "Principal": { "DeletedDateTime": null, "Id": null }, - "PrincipalId": "ae71e61c-f465-4db6-8d26-5f3e52bdd800", - "RoleAssignmentOriginId": "5wuT_mJe20eRr5jDpJo4sRzmca5l9LZNjSZfPlK92AA-1", - "RoleAssignmentScheduleId": "5wuT_mJe20eRr5jDpJo4sRzmca5l9LZNjSZfPlK92AA-1", - "RoleDefinition": { - "AllowedPrincipalTypes": null, - "Description": null, - "DisplayName": null, - "Id": null, - "InheritsPermissionsFrom": null, - "IsBuiltIn": null, - "IsEnabled": null, - "IsPrivileged": null, - "ResourceScopes": null, - "RolePermissions": null, - "TemplateId": null, - "Version": null - }, - "RoleDefinitionId": "fe930be7-5e62-47db-91af-98c3a49a38b1", - "StartDateTime": null, - "AdditionalProperties": { - - } - }, - { - "ActivatedUsing": { - "AppScope": { - "DisplayName": null, - "Id": null, - "Type": null - }, - "AppScopeId": null, - "DirectoryScope": { - "DeletedDateTime": null, - "Id": null - }, - "DirectoryScopeId": null, - "EndDateTime": null, - "Id": null, - "MemberType": null, - "Principal": { - "DeletedDateTime": null, - "Id": null - }, - "PrincipalId": null, - "RoleDefinition": { - "AllowedPrincipalTypes": null, - "Description": null, - "DisplayName": null, - "Id": null, - "InheritsPermissionsFrom": null, - "IsBuiltIn": null, - "IsEnabled": null, - "IsPrivileged": null, - "ResourceScopes": null, - "RolePermissions": null, - "TemplateId": null, - "Version": null - }, - "RoleDefinitionId": null, - "RoleEligibilityScheduleId": null, - "StartDateTime": null - }, - "AppScope": { - "DisplayName": null, - "Id": null, - "Type": null - }, - "AppScopeId": null, - "AssignmentType": "Assigned", - "DirectoryScope": { - "DeletedDateTime": null, - "Id": null - }, - "DirectoryScopeId": "/", - "EndDateTime": null, - "Id": "5wuT_mJe20eRr5jDpJo4sasxesy10mpEuvmE-XxwZAM-1", - "MemberType": "Direct", - "Principal": { - "DeletedDateTime": null, - "Id": null - }, - "PrincipalId": "cc7a31ab-d2b5-446a-baf9-84f97c706403", - "RoleAssignmentOriginId": "5wuT_mJe20eRr5jDpJo4sasxesy10mpEuvmE-XxwZAM-1", - "RoleAssignmentScheduleId": "5wuT_mJe20eRr5jDpJo4sasxesy10mpEuvmE-XxwZAM-1", + "PrincipalId": "cc7a31ab-d2b5-446a-baf9-84f97c706403", + "RoleAssignmentOriginId": "5wuT_mJe20eRr5jDpJo4sasxesy10mpEuvmE-XxwZAM-1", + "RoleAssignmentScheduleId": "5wuT_mJe20eRr5jDpJo4sasxesy10mpEuvmE-XxwZAM-1", "RoleDefinition": { "AllowedPrincipalTypes": null, "Description": null, @@ -4604,7 +4713,7 @@ "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ - "testme@gmail.com" + "admin@example.com" ] } }, @@ -4765,7 +4874,7 @@ "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ - "testme@gmail.com" + "admin@example.com" ] } }, @@ -4973,7 +5082,7 @@ "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ - "testme@gmail.com" + "admin@example.com" ] } }, @@ -5905,15 +6014,15 @@ }, "DirectoryScopeId": "/", "EndDateTime": null, - "Id": "UB-K8uf2cUWBi2oS8q9rbIMvMiVDshdEgtyHzg12f7Q-1", + "Id": "UB-K8uf2cUWBi2oS8q9rbJETiLuPI4hAjEAgc_yTTNc-1", "MemberType": "Direct", "Principal": { "DeletedDateTime": null, "Id": null }, - "PrincipalId": "25322f83-b243-4417-82dc-87ce0d767fb4", - "RoleAssignmentOriginId": "UB-K8uf2cUWBi2oS8q9rbIMvMiVDshdEgtyHzg12f7Q-1", - "RoleAssignmentScheduleId": "3b365172-71c2-4b13-a6c5-b6e3524aeba4", + "PrincipalId": "bb881391-238f-4088-8c40-2073fc934cd7", + "RoleAssignmentOriginId": "UB-K8uf2cUWBi2oS8q9rbJETiLuPI4hAjEAgc_yTTNc-1", + "RoleAssignmentScheduleId": "675049b9-096c-4fa9-843c-c466fe9b34da", "RoleDefinition": { "AllowedPrincipalTypes": null, "Description": null, @@ -5929,7 +6038,7 @@ "Version": null }, "RoleDefinitionId": "f28a1f50-f6e7-4571-818b-6a12f2af6b6c", - "StartDateTime": "Date(1698180323417)", + "StartDateTime": "Date(1704924054887)", "AdditionalProperties": { } @@ -5986,15 +6095,15 @@ }, "DirectoryScopeId": "/", "EndDateTime": null, - "Id": "UB-K8uf2cUWBi2oS8q9rbJETiLuPI4hAjEAgc_yTTNc-1", + "Id": "UB-K8uf2cUWBi2oS8q9rbIMvMiVDshdEgtyHzg12f7Q-1", "MemberType": "Direct", "Principal": { "DeletedDateTime": null, "Id": null }, - "PrincipalId": "bb881391-238f-4088-8c40-2073fc934cd7", - "RoleAssignmentOriginId": "UB-K8uf2cUWBi2oS8q9rbJETiLuPI4hAjEAgc_yTTNc-1", - "RoleAssignmentScheduleId": "675049b9-096c-4fa9-843c-c466fe9b34da", + "PrincipalId": "25322f83-b243-4417-82dc-87ce0d767fb4", + "RoleAssignmentOriginId": "UB-K8uf2cUWBi2oS8q9rbIMvMiVDshdEgtyHzg12f7Q-1", + "RoleAssignmentScheduleId": "3b365172-71c2-4b13-a6c5-b6e3524aeba4", "RoleDefinition": { "AllowedPrincipalTypes": null, "Description": null, @@ -6010,7 +6119,7 @@ "Version": null }, "RoleDefinitionId": "f28a1f50-f6e7-4571-818b-6a12f2af6b6c", - "StartDateTime": "Date(1704924054887)", + "StartDateTime": "Date(1698180323417)", "AdditionalProperties": { } @@ -6496,7 +6605,177 @@ ] } - }, + } + ] + }, + { + "DisplayName": "Application Administrator", + "RoleTemplateId": "9b895d92-2cd3-44c7-9d02-a6ac2d5ea5c3", + "Assignments": [ + { + "ActivatedUsing": { + "AppScope": { + "DisplayName": null, + "Id": null, + "Type": null + }, + "AppScopeId": null, + "DirectoryScope": { + "DeletedDateTime": null, + "Id": null + }, + "DirectoryScopeId": null, + "EndDateTime": null, + "Id": null, + "MemberType": null, + "Principal": { + "DeletedDateTime": null, + "Id": null + }, + "PrincipalId": null, + "RoleDefinition": { + "AllowedPrincipalTypes": null, + "Description": null, + "DisplayName": null, + "Id": null, + "InheritsPermissionsFrom": null, + "IsBuiltIn": null, + "IsEnabled": null, + "IsPrivileged": null, + "ResourceScopes": null, + "RolePermissions": null, + "TemplateId": null, + "Version": null + }, + "RoleDefinitionId": null, + "RoleEligibilityScheduleId": null, + "StartDateTime": null + }, + "AppScope": { + "DisplayName": null, + "Id": null, + "Type": null + }, + "AppScopeId": null, + "AssignmentType": "Assigned", + "DirectoryScope": { + "DeletedDateTime": null, + "Id": null + }, + "DirectoryScopeId": "/", + "EndDateTime": null, + "Id": "kl2Jm9Msx0SdAqasLV6lw7CVAgFZ8N5GoYOOHhyOzjA-1", + "MemberType": "Direct", + "Principal": { + "DeletedDateTime": null, + "Id": null + }, + "PrincipalId": "010295b0-f059-46de-a183-8e1e1c8ece30", + "RoleAssignmentOriginId": "kl2Jm9Msx0SdAqasLV6lw7CVAgFZ8N5GoYOOHhyOzjA-1", + "RoleAssignmentScheduleId": "69f5b475-3595-4447-83ff-85b6d7132a0c", + "RoleDefinition": { + "AllowedPrincipalTypes": null, + "Description": null, + "DisplayName": null, + "Id": null, + "InheritsPermissionsFrom": null, + "IsBuiltIn": null, + "IsEnabled": null, + "IsPrivileged": null, + "ResourceScopes": null, + "RolePermissions": null, + "TemplateId": null, + "Version": null + }, + "RoleDefinitionId": "9b895d92-2cd3-44c7-9d02-a6ac2d5ea5c3", + "StartDateTime": "Date(1648587304797)", + "AdditionalProperties": { + + } + }, + { + "ActivatedUsing": { + "AppScope": { + "DisplayName": null, + "Id": null, + "Type": null + }, + "AppScopeId": null, + "DirectoryScope": { + "DeletedDateTime": null, + "Id": null + }, + "DirectoryScopeId": null, + "EndDateTime": null, + "Id": null, + "MemberType": null, + "Principal": { + "DeletedDateTime": null, + "Id": null + }, + "PrincipalId": null, + "RoleDefinition": { + "AllowedPrincipalTypes": null, + "Description": null, + "DisplayName": null, + "Id": null, + "InheritsPermissionsFrom": null, + "IsBuiltIn": null, + "IsEnabled": null, + "IsPrivileged": null, + "ResourceScopes": null, + "RolePermissions": null, + "TemplateId": null, + "Version": null + }, + "RoleDefinitionId": null, + "RoleEligibilityScheduleId": null, + "StartDateTime": null + }, + "AppScope": { + "DisplayName": null, + "Id": null, + "Type": null + }, + "AppScopeId": null, + "AssignmentType": "Assigned", + "DirectoryScope": { + "DeletedDateTime": null, + "Id": null + }, + "DirectoryScopeId": "/", + "EndDateTime": null, + "Id": "kl2Jm9Msx0SdAqasLV6lw0bISuVaH_5KqmknO0LDsME-1", + "MemberType": "Direct", + "Principal": { + "DeletedDateTime": null, + "Id": null + }, + "PrincipalId": "e54ac846-1f5a-4afe-aa69-273b42c3b0c1", + "RoleAssignmentOriginId": "kl2Jm9Msx0SdAqasLV6lw0bISuVaH_5KqmknO0LDsME-1", + "RoleAssignmentScheduleId": "kl2Jm9Msx0SdAqasLV6lw0bISuVaH_5KqmknO0LDsME-1", + "RoleDefinition": { + "AllowedPrincipalTypes": null, + "Description": null, + "DisplayName": null, + "Id": null, + "InheritsPermissionsFrom": null, + "IsBuiltIn": null, + "IsEnabled": null, + "IsPrivileged": null, + "ResourceScopes": null, + "RolePermissions": null, + "TemplateId": null, + "Version": null + }, + "RoleDefinitionId": "9b895d92-2cd3-44c7-9d02-a6ac2d5ea5c3", + "StartDateTime": null, + "AdditionalProperties": { + + } + } + ], + "Rules": [ { "Id": "Expiration_Admin_Eligibility", "Target": { @@ -6513,16 +6792,16 @@ ], "TargetObjects": null }, - "RuleSource": "PIM Test Group", - "RuleSourceType": "PIM Group", + "RuleSource": "Application Administrator", + "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyExpirationRule", - "isExpirationRequired": true, + "isExpirationRequired": false, "maximumDuration": "P365D" } }, { - "Id": "Enablement_Admin_Eligibility", + "Id": "Notification_Admin_Admin_Eligibility", "Target": { "Caller": "Admin", "EnforcedSettings": [ @@ -6537,17 +6816,21 @@ ], "TargetObjects": null }, - "RuleSource": "PIM Test Group", - "RuleSourceType": "PIM Group", + "RuleSource": "Application Administrator", + "RuleSourceType": "Directory Role", "AdditionalProperties": { - "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyEnablementRule", - "enabledRules": [ - - ] + "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", + "notificationType": "Email", + "recipientType": "Admin", + "notificationLevel": "All", + "isDefaultRecipientsEnabled": true, + "notificationRecipients": [ + "admin@example.com" + ] } }, { - "Id": "Notification_Admin_Admin_Eligibility", + "Id": "Notification_Requestor_Admin_Eligibility", "Target": { "Caller": "Admin", "EnforcedSettings": [ @@ -6562,12 +6845,12 @@ ], "TargetObjects": null }, - "RuleSource": "PIM Test Group", - "RuleSourceType": "PIM Group", + "RuleSource": "Application Administrator", + "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", - "recipientType": "Admin", + "recipientType": "Requestor", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ @@ -6576,7 +6859,7 @@ } }, { - "Id": "Notification_Requestor_Admin_Eligibility", + "Id": "Notification_Approver_Admin_Eligibility", "Target": { "Caller": "Admin", "EnforcedSettings": [ @@ -6591,12 +6874,12 @@ ], "TargetObjects": null }, - "RuleSource": "PIM Test Group", - "RuleSourceType": "PIM Group", + "RuleSource": "Application Administrator", + "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", - "recipientType": "Requestor", + "recipientType": "Approver", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ @@ -6605,7 +6888,7 @@ } }, { - "Id": "Notification_Approver_Admin_Eligibility", + "Id": "Enablement_Admin_Eligibility", "Target": { "Caller": "Admin", "EnforcedSettings": [ @@ -6620,17 +6903,13 @@ ], "TargetObjects": null }, - "RuleSource": "PIM Test Group", - "RuleSourceType": "PIM Group", + "RuleSource": "Application Administrator", + "RuleSourceType": "Directory Role", "AdditionalProperties": { - "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", - "notificationType": "Email", - "recipientType": "Approver", - "notificationLevel": "All", - "isDefaultRecipientsEnabled": true, - "notificationRecipients": [ + "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyEnablementRule", + "enabledRules": [ - ] + ] } }, { @@ -6649,12 +6928,12 @@ ], "TargetObjects": null }, - "RuleSource": "PIM Test Group", - "RuleSourceType": "PIM Group", + "RuleSource": "Application Administrator", + "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyExpirationRule", "isExpirationRequired": true, - "maximumDuration": "P180D" + "maximumDuration": "P30D" } }, { @@ -6673,8 +6952,8 @@ ], "TargetObjects": null }, - "RuleSource": "PIM Test Group", - "RuleSourceType": "PIM Group", + "RuleSource": "Application Administrator", + "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyEnablementRule", "enabledRules": [ @@ -6698,8 +6977,8 @@ ], "TargetObjects": null }, - "RuleSource": "PIM Test Group", - "RuleSourceType": "PIM Group", + "RuleSource": "Application Administrator", + "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", @@ -6707,7 +6986,7 @@ "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ - + "admin@example.com" ] } }, @@ -6727,8 +7006,8 @@ ], "TargetObjects": null }, - "RuleSource": "PIM Test Group", - "RuleSourceType": "PIM Group", + "RuleSource": "Application Administrator", + "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", @@ -6756,8 +7035,8 @@ ], "TargetObjects": null }, - "RuleSource": "PIM Test Group", - "RuleSourceType": "PIM Group", + "RuleSource": "Application Administrator", + "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", @@ -6785,12 +7064,12 @@ ], "TargetObjects": null }, - "RuleSource": "PIM Test Group", - "RuleSourceType": "PIM Group", + "RuleSource": "Application Administrator", + "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyExpirationRule", - "isExpirationRequired": true, - "maximumDuration": "PT8H" + "isExpirationRequired": false, + "maximumDuration": "PT2H" } }, { @@ -6809,11 +7088,12 @@ ], "TargetObjects": null }, - "RuleSource": "PIM Test Group", - "RuleSourceType": "PIM Group", + "RuleSource": "Application Administrator", + "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyEnablementRule", "enabledRules": [ + "MultiFactorAuthentication", "Justification" ] } @@ -6834,8 +7114,8 @@ ], "TargetObjects": null }, - "RuleSource": "PIM Test Group", - "RuleSourceType": "PIM Group", + "RuleSource": "Application Administrator", + "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyApprovalRule", "setting": { @@ -6876,11 +7156,12 @@ ], "TargetObjects": null }, - "RuleSource": "PIM Test Group", - "RuleSourceType": "PIM Group", + "RuleSource": "Application Administrator", + "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyAuthenticationContextRule", - "isEnabled": false + "isEnabled": false, + "claimValue": "" } }, { @@ -6899,8 +7180,8 @@ ], "TargetObjects": null }, - "RuleSource": "PIM Test Group", - "RuleSourceType": "PIM Group", + "RuleSource": "Application Administrator", + "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", @@ -6908,7 +7189,7 @@ "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ - + "admin@example.com" ] } }, @@ -6928,8 +7209,8 @@ ], "TargetObjects": null }, - "RuleSource": "PIM Test Group", - "RuleSourceType": "PIM Group", + "RuleSource": "Application Administrator", + "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", @@ -6957,8 +7238,8 @@ ], "TargetObjects": null }, - "RuleSource": "PIM Test Group", - "RuleSourceType": "PIM Group", + "RuleSource": "Application Administrator", + "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", @@ -6973,8 +7254,8 @@ ] }, { - "DisplayName": "Application Administrator", - "RoleTemplateId": "9b895d92-2cd3-44c7-9d02-a6ac2d5ea5c3", + "DisplayName": "Privileged Role Administrator", + "RoleTemplateId": "e8611ab8-c189-46e8-94e1-60213ab1f814", "Assignments": [ { "ActivatedUsing": { @@ -7028,15 +7309,15 @@ }, "DirectoryScopeId": "/", "EndDateTime": null, - "Id": "kl2Jm9Msx0SdAqasLV6lw7CVAgFZ8N5GoYOOHhyOzjA-1", + "Id": "uBph6InB6EaU4WAhOrH4FOpg3ULpV-pHikOiE9NqnLA-1", "MemberType": "Direct", "Principal": { "DeletedDateTime": null, "Id": null }, - "PrincipalId": "010295b0-f059-46de-a183-8e1e1c8ece30", - "RoleAssignmentOriginId": "kl2Jm9Msx0SdAqasLV6lw7CVAgFZ8N5GoYOOHhyOzjA-1", - "RoleAssignmentScheduleId": "69f5b475-3595-4447-83ff-85b6d7132a0c", + "PrincipalId": "42dd60ea-57e9-47ea-8a43-a213d36a9cb0", + "RoleAssignmentOriginId": "uBph6InB6EaU4WAhOrH4FOpg3ULpV-pHikOiE9NqnLA-1", + "RoleAssignmentScheduleId": "b6624013-0364-471b-a861-00aad19e7415", "RoleDefinition": { "AllowedPrincipalTypes": null, "Description": null, @@ -7051,8 +7332,8 @@ "TemplateId": null, "Version": null }, - "RoleDefinitionId": "9b895d92-2cd3-44c7-9d02-a6ac2d5ea5c3", - "StartDateTime": "Date(1648587304797)", + "RoleDefinitionId": "e8611ab8-c189-46e8-94e1-60213ab1f814", + "StartDateTime": "Date(1647482863980)", "AdditionalProperties": { } @@ -7109,15 +7390,15 @@ }, "DirectoryScopeId": "/", "EndDateTime": null, - "Id": "kl2Jm9Msx0SdAqasLV6lw0bISuVaH_5KqmknO0LDsME-1", + "Id": "uBph6InB6EaU4WAhOrH4FHD63wsgYRdMntj8byMyoUk-1", "MemberType": "Direct", "Principal": { "DeletedDateTime": null, "Id": null }, - "PrincipalId": "e54ac846-1f5a-4afe-aa69-273b42c3b0c1", - "RoleAssignmentOriginId": "kl2Jm9Msx0SdAqasLV6lw0bISuVaH_5KqmknO0LDsME-1", - "RoleAssignmentScheduleId": "kl2Jm9Msx0SdAqasLV6lw0bISuVaH_5KqmknO0LDsME-1", + "PrincipalId": "0bdffa70-6120-4c17-9ed8-fc6f2332a149", + "RoleAssignmentOriginId": "uBph6InB6EaU4WAhOrH4FHD63wsgYRdMntj8byMyoUk-1", + "RoleAssignmentScheduleId": "uBph6InB6EaU4WAhOrH4FHD63wsgYRdMntj8byMyoUk-1", "RoleDefinition": { "AllowedPrincipalTypes": null, "Description": null, @@ -7132,7 +7413,7 @@ "TemplateId": null, "Version": null }, - "RoleDefinitionId": "9b895d92-2cd3-44c7-9d02-a6ac2d5ea5c3", + "RoleDefinitionId": "e8611ab8-c189-46e8-94e1-60213ab1f814", "StartDateTime": null, "AdditionalProperties": { @@ -7156,7 +7437,7 @@ ], "TargetObjects": null }, - "RuleSource": "Application Administrator", + "RuleSource": "Privileged Role Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyExpirationRule", @@ -7180,7 +7461,7 @@ ], "TargetObjects": null }, - "RuleSource": "Application Administrator", + "RuleSource": "Privileged Role Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", @@ -7189,7 +7470,7 @@ "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ - "testme@gmail.com" + ] } }, @@ -7209,7 +7490,7 @@ ], "TargetObjects": null }, - "RuleSource": "Application Administrator", + "RuleSource": "Privileged Role Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", @@ -7238,7 +7519,7 @@ ], "TargetObjects": null }, - "RuleSource": "Application Administrator", + "RuleSource": "Privileged Role Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", @@ -7267,7 +7548,7 @@ ], "TargetObjects": null }, - "RuleSource": "Application Administrator", + "RuleSource": "Privileged Role Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyEnablementRule", @@ -7292,7 +7573,7 @@ ], "TargetObjects": null }, - "RuleSource": "Application Administrator", + "RuleSource": "Privileged Role Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyExpirationRule", @@ -7316,7 +7597,7 @@ ], "TargetObjects": null }, - "RuleSource": "Application Administrator", + "RuleSource": "Privileged Role Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyEnablementRule", @@ -7341,7 +7622,7 @@ ], "TargetObjects": null }, - "RuleSource": "Application Administrator", + "RuleSource": "Privileged Role Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", @@ -7350,7 +7631,7 @@ "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ - "testme@gmail.com" + ] } }, @@ -7370,7 +7651,7 @@ ], "TargetObjects": null }, - "RuleSource": "Application Administrator", + "RuleSource": "Privileged Role Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", @@ -7399,7 +7680,7 @@ ], "TargetObjects": null }, - "RuleSource": "Application Administrator", + "RuleSource": "Privileged Role Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", @@ -7428,12 +7709,12 @@ ], "TargetObjects": null }, - "RuleSource": "Application Administrator", + "RuleSource": "Privileged Role Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyExpirationRule", "isExpirationRequired": false, - "maximumDuration": "PT2H" + "maximumDuration": "P1D" } }, { @@ -7452,7 +7733,7 @@ ], "TargetObjects": null }, - "RuleSource": "Application Administrator", + "RuleSource": "Privileged Role Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyEnablementRule", @@ -7478,7 +7759,7 @@ ], "TargetObjects": null }, - "RuleSource": "Application Administrator", + "RuleSource": "Privileged Role Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyApprovalRule", @@ -7494,7 +7775,12 @@ "escalationTimeInMinutes": 0, "isEscalationEnabled": false, "primaryApprovers": [ - + { + "@odata.type": "#microsoft.graph.groupMembers", + "isBackup": false, + "id": "54e56ffb-a568-4c65-b04a-7a6feabab17c", + "description": "privileged escalation approvers" + } ], "escalationApprovers": [ @@ -7520,7 +7806,7 @@ ], "TargetObjects": null }, - "RuleSource": "Application Administrator", + "RuleSource": "Privileged Role Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyAuthenticationContextRule", @@ -7544,7 +7830,7 @@ ], "TargetObjects": null }, - "RuleSource": "Application Administrator", + "RuleSource": "Privileged Role Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", @@ -7553,7 +7839,7 @@ "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ - "testme@gmail.com" + ] } }, @@ -7573,7 +7859,7 @@ ], "TargetObjects": null }, - "RuleSource": "Application Administrator", + "RuleSource": "Privileged Role Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", @@ -7602,7 +7888,7 @@ ], "TargetObjects": null }, - "RuleSource": "Application Administrator", + "RuleSource": "Privileged Role Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", @@ -7618,171 +7904,10 @@ ] }, { - "DisplayName": "Privileged Role Administrator", - "RoleTemplateId": "e8611ab8-c189-46e8-94e1-60213ab1f814", + "DisplayName": "Cloud Application Administrator", + "RoleTemplateId": "158c047a-c907-4556-b7ef-446551a6b5f7", "Assignments": [ - { - "ActivatedUsing": { - "AppScope": { - "DisplayName": null, - "Id": null, - "Type": null - }, - "AppScopeId": null, - "DirectoryScope": { - "DeletedDateTime": null, - "Id": null - }, - "DirectoryScopeId": null, - "EndDateTime": null, - "Id": null, - "MemberType": null, - "Principal": { - "DeletedDateTime": null, - "Id": null - }, - "PrincipalId": null, - "RoleDefinition": { - "AllowedPrincipalTypes": null, - "Description": null, - "DisplayName": null, - "Id": null, - "InheritsPermissionsFrom": null, - "IsBuiltIn": null, - "IsEnabled": null, - "IsPrivileged": null, - "ResourceScopes": null, - "RolePermissions": null, - "TemplateId": null, - "Version": null - }, - "RoleDefinitionId": null, - "RoleEligibilityScheduleId": null, - "StartDateTime": null - }, - "AppScope": { - "DisplayName": null, - "Id": null, - "Type": null - }, - "AppScopeId": null, - "AssignmentType": "Assigned", - "DirectoryScope": { - "DeletedDateTime": null, - "Id": null - }, - "DirectoryScopeId": "/", - "EndDateTime": null, - "Id": "uBph6InB6EaU4WAhOrH4FOpg3ULpV-pHikOiE9NqnLA-1", - "MemberType": "Direct", - "Principal": { - "DeletedDateTime": null, - "Id": null - }, - "PrincipalId": "42dd60ea-57e9-47ea-8a43-a213d36a9cb0", - "RoleAssignmentOriginId": "uBph6InB6EaU4WAhOrH4FOpg3ULpV-pHikOiE9NqnLA-1", - "RoleAssignmentScheduleId": "b6624013-0364-471b-a861-00aad19e7415", - "RoleDefinition": { - "AllowedPrincipalTypes": null, - "Description": null, - "DisplayName": null, - "Id": null, - "InheritsPermissionsFrom": null, - "IsBuiltIn": null, - "IsEnabled": null, - "IsPrivileged": null, - "ResourceScopes": null, - "RolePermissions": null, - "TemplateId": null, - "Version": null - }, - "RoleDefinitionId": "e8611ab8-c189-46e8-94e1-60213ab1f814", - "StartDateTime": "Date(1647482863980)", - "AdditionalProperties": { - } - }, - { - "ActivatedUsing": { - "AppScope": { - "DisplayName": null, - "Id": null, - "Type": null - }, - "AppScopeId": null, - "DirectoryScope": { - "DeletedDateTime": null, - "Id": null - }, - "DirectoryScopeId": null, - "EndDateTime": null, - "Id": null, - "MemberType": null, - "Principal": { - "DeletedDateTime": null, - "Id": null - }, - "PrincipalId": null, - "RoleDefinition": { - "AllowedPrincipalTypes": null, - "Description": null, - "DisplayName": null, - "Id": null, - "InheritsPermissionsFrom": null, - "IsBuiltIn": null, - "IsEnabled": null, - "IsPrivileged": null, - "ResourceScopes": null, - "RolePermissions": null, - "TemplateId": null, - "Version": null - }, - "RoleDefinitionId": null, - "RoleEligibilityScheduleId": null, - "StartDateTime": null - }, - "AppScope": { - "DisplayName": null, - "Id": null, - "Type": null - }, - "AppScopeId": null, - "AssignmentType": "Assigned", - "DirectoryScope": { - "DeletedDateTime": null, - "Id": null - }, - "DirectoryScopeId": "/", - "EndDateTime": null, - "Id": "uBph6InB6EaU4WAhOrH4FHD63wsgYRdMntj8byMyoUk-1", - "MemberType": "Direct", - "Principal": { - "DeletedDateTime": null, - "Id": null - }, - "PrincipalId": "0bdffa70-6120-4c17-9ed8-fc6f2332a149", - "RoleAssignmentOriginId": "uBph6InB6EaU4WAhOrH4FHD63wsgYRdMntj8byMyoUk-1", - "RoleAssignmentScheduleId": "uBph6InB6EaU4WAhOrH4FHD63wsgYRdMntj8byMyoUk-1", - "RoleDefinition": { - "AllowedPrincipalTypes": null, - "Description": null, - "DisplayName": null, - "Id": null, - "InheritsPermissionsFrom": null, - "IsBuiltIn": null, - "IsEnabled": null, - "IsPrivileged": null, - "ResourceScopes": null, - "RolePermissions": null, - "TemplateId": null, - "Version": null - }, - "RoleDefinitionId": "e8611ab8-c189-46e8-94e1-60213ab1f814", - "StartDateTime": null, - "AdditionalProperties": { - - } - } ], "Rules": [ { @@ -7801,7 +7926,7 @@ ], "TargetObjects": null }, - "RuleSource": "Privileged Role Administrator", + "RuleSource": "Cloud Application Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyExpirationRule", @@ -7825,7 +7950,7 @@ ], "TargetObjects": null }, - "RuleSource": "Privileged Role Administrator", + "RuleSource": "Cloud Application Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", @@ -7854,7 +7979,7 @@ ], "TargetObjects": null }, - "RuleSource": "Privileged Role Administrator", + "RuleSource": "Cloud Application Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", @@ -7883,7 +8008,7 @@ ], "TargetObjects": null }, - "RuleSource": "Privileged Role Administrator", + "RuleSource": "Cloud Application Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", @@ -7912,7 +8037,7 @@ ], "TargetObjects": null }, - "RuleSource": "Privileged Role Administrator", + "RuleSource": "Cloud Application Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyEnablementRule", @@ -7937,7 +8062,7 @@ ], "TargetObjects": null }, - "RuleSource": "Privileged Role Administrator", + "RuleSource": "Cloud Application Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyExpirationRule", @@ -7961,7 +8086,7 @@ ], "TargetObjects": null }, - "RuleSource": "Privileged Role Administrator", + "RuleSource": "Cloud Application Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyEnablementRule", @@ -7986,7 +8111,7 @@ ], "TargetObjects": null }, - "RuleSource": "Privileged Role Administrator", + "RuleSource": "Cloud Application Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", @@ -8015,7 +8140,7 @@ ], "TargetObjects": null }, - "RuleSource": "Privileged Role Administrator", + "RuleSource": "Cloud Application Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", @@ -8044,7 +8169,7 @@ ], "TargetObjects": null }, - "RuleSource": "Privileged Role Administrator", + "RuleSource": "Cloud Application Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", @@ -8073,12 +8198,12 @@ ], "TargetObjects": null }, - "RuleSource": "Privileged Role Administrator", + "RuleSource": "Cloud Application Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyExpirationRule", "isExpirationRequired": false, - "maximumDuration": "P1D" + "maximumDuration": "PT8H" } }, { @@ -8097,7 +8222,7 @@ ], "TargetObjects": null }, - "RuleSource": "Privileged Role Administrator", + "RuleSource": "Cloud Application Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyEnablementRule", @@ -8123,7 +8248,7 @@ ], "TargetObjects": null }, - "RuleSource": "Privileged Role Administrator", + "RuleSource": "Cloud Application Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyApprovalRule", @@ -8139,12 +8264,7 @@ "escalationTimeInMinutes": 0, "isEscalationEnabled": false, "primaryApprovers": [ - { - "@odata.type": "#microsoft.graph.groupMembers", - "isBackup": false, - "id": "54e56ffb-a568-4c65-b04a-7a6feabab17c", - "description": "privileged escalation approvers" - } + ], "escalationApprovers": [ @@ -8170,7 +8290,7 @@ ], "TargetObjects": null }, - "RuleSource": "Privileged Role Administrator", + "RuleSource": "Cloud Application Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyAuthenticationContextRule", @@ -8194,7 +8314,7 @@ ], "TargetObjects": null }, - "RuleSource": "Privileged Role Administrator", + "RuleSource": "Cloud Application Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", @@ -8223,7 +8343,7 @@ ], "TargetObjects": null }, - "RuleSource": "Privileged Role Administrator", + "RuleSource": "Cloud Application Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", @@ -8252,7 +8372,7 @@ ], "TargetObjects": null }, - "RuleSource": "Privileged Role Administrator", + "RuleSource": "Cloud Application Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", @@ -8268,8 +8388,8 @@ ] }, { - "DisplayName": "Cloud Application Administrator", - "RoleTemplateId": "158c047a-c907-4556-b7ef-446551a6b5f7", + "DisplayName": "Hybrid Identity Administrator", + "RoleTemplateId": "8ac3fc64-6eca-42ea-9e69-59f4c7b60eb2", "Assignments": [ ], @@ -8290,7 +8410,7 @@ ], "TargetObjects": null }, - "RuleSource": "Cloud Application Administrator", + "RuleSource": "Hybrid Identity Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyExpirationRule", @@ -8314,7 +8434,7 @@ ], "TargetObjects": null }, - "RuleSource": "Cloud Application Administrator", + "RuleSource": "Hybrid Identity Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", @@ -8343,7 +8463,7 @@ ], "TargetObjects": null }, - "RuleSource": "Cloud Application Administrator", + "RuleSource": "Hybrid Identity Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", @@ -8372,7 +8492,7 @@ ], "TargetObjects": null }, - "RuleSource": "Cloud Application Administrator", + "RuleSource": "Hybrid Identity Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", @@ -8401,7 +8521,7 @@ ], "TargetObjects": null }, - "RuleSource": "Cloud Application Administrator", + "RuleSource": "Hybrid Identity Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyEnablementRule", @@ -8426,7 +8546,7 @@ ], "TargetObjects": null }, - "RuleSource": "Cloud Application Administrator", + "RuleSource": "Hybrid Identity Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyExpirationRule", @@ -8450,7 +8570,7 @@ ], "TargetObjects": null }, - "RuleSource": "Cloud Application Administrator", + "RuleSource": "Hybrid Identity Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyEnablementRule", @@ -8475,7 +8595,7 @@ ], "TargetObjects": null }, - "RuleSource": "Cloud Application Administrator", + "RuleSource": "Hybrid Identity Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", @@ -8504,7 +8624,7 @@ ], "TargetObjects": null }, - "RuleSource": "Cloud Application Administrator", + "RuleSource": "Hybrid Identity Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", @@ -8533,7 +8653,7 @@ ], "TargetObjects": null }, - "RuleSource": "Cloud Application Administrator", + "RuleSource": "Hybrid Identity Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", @@ -8562,7 +8682,7 @@ ], "TargetObjects": null }, - "RuleSource": "Cloud Application Administrator", + "RuleSource": "Hybrid Identity Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyExpirationRule", @@ -8586,12 +8706,11 @@ ], "TargetObjects": null }, - "RuleSource": "Cloud Application Administrator", + "RuleSource": "Hybrid Identity Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyEnablementRule", "enabledRules": [ - "MultiFactorAuthentication", "Justification" ] } @@ -8612,7 +8731,7 @@ ], "TargetObjects": null }, - "RuleSource": "Cloud Application Administrator", + "RuleSource": "Hybrid Identity Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyApprovalRule", @@ -8654,7 +8773,7 @@ ], "TargetObjects": null }, - "RuleSource": "Cloud Application Administrator", + "RuleSource": "Hybrid Identity Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyAuthenticationContextRule", @@ -8678,7 +8797,7 @@ ], "TargetObjects": null }, - "RuleSource": "Cloud Application Administrator", + "RuleSource": "Hybrid Identity Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", @@ -8707,7 +8826,7 @@ ], "TargetObjects": null }, - "RuleSource": "Cloud Application Administrator", + "RuleSource": "Hybrid Identity Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", @@ -8736,7 +8855,7 @@ ], "TargetObjects": null }, - "RuleSource": "Cloud Application Administrator", + "RuleSource": "Hybrid Identity Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", @@ -8750,2524 +8869,2448 @@ } } ] + } +], + "service_plans": [ + { + "AppliesTo": "Company", + "ProvisioningStatus": "Success", + "ServicePlanId": "922ba911-5694-4e99-a794-73aed9bfeec8", + "ServicePlanName": "EXCHANGE_S_FOUNDATION_GOV", + "AdditionalProperties": { + + } }, { - "DisplayName": "Hybrid Identity Administrator", - "RoleTemplateId": "8ac3fc64-6eca-42ea-9e69-59f4c7b60eb2", - "Assignments": [ - { - "ActivatedUsing": { - "AppScope": { - "DisplayName": null, - "Id": null, - "Type": null - }, - "AppScopeId": null, - "DirectoryScope": { - "DeletedDateTime": null, - "Id": null - }, - "DirectoryScopeId": null, - "EndDateTime": null, - "Id": null, - "MemberType": null, - "Principal": { - "DeletedDateTime": null, - "Id": null - }, - "PrincipalId": null, - "RoleDefinition": { - "AllowedPrincipalTypes": null, - "Description": null, - "DisplayName": null, - "Id": null, - "InheritsPermissionsFrom": null, - "IsBuiltIn": null, - "IsEnabled": null, - "IsPrivileged": null, - "ResourceScopes": null, - "RolePermissions": null, - "TemplateId": null, - "Version": null - }, - "RoleDefinitionId": null, - "RoleEligibilityScheduleId": null, - "StartDateTime": null - }, - "AppScope": { - "DisplayName": null, - "Id": null, - "Type": null - }, - "AppScopeId": null, - "AssignmentType": "Assigned", - "DirectoryScope": { - "DeletedDateTime": null, - "Id": null - }, - "DirectoryScopeId": "/", - "EndDateTime": "Date(1713401724057)", - "Id": "ZPzDispu6kKeaVn0x7YOsm7SRdJWBKxAtWzMVB0lzn4-1", - "MemberType": "Direct", - "Principal": { - "DeletedDateTime": null, - "Id": null - }, - "PrincipalId": "d245d26e-0456-40ac-b56c-cc541d25ce7e", - "RoleAssignmentOriginId": "ZPzDispu6kKeaVn0x7YOsm7SRdJWBKxAtWzMVB0lzn4-1", - "RoleAssignmentScheduleId": "45ce5414-fbd8-4c78-b461-cbc425cd6bd7", - "RoleDefinition": { - "AllowedPrincipalTypes": null, - "Description": null, - "DisplayName": null, - "Id": null, - "InheritsPermissionsFrom": null, - "IsBuiltIn": null, - "IsEnabled": null, - "IsPrivileged": null, - "ResourceScopes": null, - "RolePermissions": null, - "TemplateId": null, - "Version": null - }, - "RoleDefinitionId": "8ac3fc64-6eca-42ea-9e69-59f4c7b60eb2", - "StartDateTime": "Date(1710809776663)", - "AdditionalProperties": { + "AppliesTo": "Company", + "ProvisioningStatus": "Success", + "ServicePlanId": "1ddffef6-4f69-455e-89c7-d5d72105f915", + "ServicePlanName": "CDS_DB_CAPACITY_GOV", + "AdditionalProperties": { - } - } - ], - "Rules": [ - { - "Id": "Expiration_Admin_Eligibility", - "Target": { - "Caller": "Admin", - "EnforcedSettings": [ + } + }, + { + "AppliesTo": "User", + "ProvisioningStatus": "Success", + "ServicePlanId": "cd31b152-6326-4d1b-ae1b-997b625182e6", + "ServicePlanName": "MIP_S_Exchange", + "AdditionalProperties": { - ], - "InheritableSettings": [ + } + }, + { + "AppliesTo": "User", + "ProvisioningStatus": "Success", + "ServicePlanId": "b74d57b2-58e9-484a-9731-aeccbba954f0", + "ServicePlanName": "GRAPH_CONNECTORS_SEARCH_INDEX_TOPICEXP", + "AdditionalProperties": { - ], - "Level": "Eligibility", - "Operations": [ - "All" - ], - "TargetObjects": null - }, - "RuleSource": "Hybrid Identity Administrator", - "RuleSourceType": "Directory Role", - "AdditionalProperties": { - "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyExpirationRule", - "isExpirationRequired": false, - "maximumDuration": "P365D" - } - }, - { - "Id": "Notification_Admin_Admin_Eligibility", - "Target": { - "Caller": "Admin", - "EnforcedSettings": [ - - ], - "InheritableSettings": [ + } + }, + { + "AppliesTo": "User", + "ProvisioningStatus": "Success", + "ServicePlanId": "a6520331-d7d4-4276-95f5-15c0933bc757", + "ServicePlanName": "GRAPH_CONNECTORS_SEARCH_INDEX", + "AdditionalProperties": { - ], - "Level": "Eligibility", - "Operations": [ - "All" - ], - "TargetObjects": null - }, - "RuleSource": "Hybrid Identity Administrator", - "RuleSourceType": "Directory Role", - "AdditionalProperties": { - "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", - "notificationType": "Email", - "recipientType": "Admin", - "notificationLevel": "All", - "isDefaultRecipientsEnabled": true, - "notificationRecipients": [ + } + }, + { + "AppliesTo": "User", + "ProvisioningStatus": "Success", + "ServicePlanId": "bf6f5520-59e3-4f82-974b-7dbbc4fd27c7", + "ServicePlanName": "SAFEDOCS", + "AdditionalProperties": { - ] - } - }, - { - "Id": "Notification_Requestor_Admin_Eligibility", - "Target": { - "Caller": "Admin", - "EnforcedSettings": [ + } + }, + { + "AppliesTo": "User", + "ProvisioningStatus": "Success", + "ServicePlanId": "9b7c50ec-cd50-44f2-bf48-d72de6f90717", + "ServicePlanName": "PROJECT_O365_P3_GOV", + "AdditionalProperties": { - ], - "InheritableSettings": [ + } + }, + { + "AppliesTo": "User", + "ProvisioningStatus": "Success", + "ServicePlanId": "3fb82609-8c27-4f7b-bd51-30634711ee67", + "ServicePlanName": "BPOS_S_TODO_3", + "AdditionalProperties": { - ], - "Level": "Eligibility", - "Operations": [ - "All" - ], - "TargetObjects": null - }, - "RuleSource": "Hybrid Identity Administrator", - "RuleSourceType": "Directory Role", - "AdditionalProperties": { - "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", - "notificationType": "Email", - "recipientType": "Requestor", - "notificationLevel": "All", - "isDefaultRecipientsEnabled": true, - "notificationRecipients": [ + } + }, + { + "AppliesTo": "User", + "ProvisioningStatus": "Success", + "ServicePlanId": "4a51bca5-1eff-43f5-878c-177680f191af", + "ServicePlanName": "WHITEBOARD_PLAN3", + "AdditionalProperties": { - ] - } - }, - { - "Id": "Notification_Approver_Admin_Eligibility", - "Target": { - "Caller": "Admin", - "EnforcedSettings": [ + } + }, + { + "AppliesTo": "Company", + "ProvisioningStatus": "Success", + "ServicePlanId": "94065c59-bc8e-4e8b-89e5-5138d471eaff", + "ServicePlanName": "MICROSOFT_SEARCH", + "AdditionalProperties": { - ], - "InheritableSettings": [ + } + }, + { + "AppliesTo": "Company", + "ProvisioningStatus": "Success", + "ServicePlanId": "2b815d45-56e4-4e3a-b65c-66cb9175b560", + "ServicePlanName": "ContentExplorer_Standard", + "AdditionalProperties": { - ], - "Level": "Eligibility", - "Operations": [ - "All" - ], - "TargetObjects": null - }, - "RuleSource": "Hybrid Identity Administrator", - "RuleSourceType": "Directory Role", - "AdditionalProperties": { - "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", - "notificationType": "Email", - "recipientType": "Approver", - "notificationLevel": "All", - "isDefaultRecipientsEnabled": true, - "notificationRecipients": [ + } + }, + { + "AppliesTo": "User", + "ProvisioningStatus": "Success", + "ServicePlanId": "c4801e8a-cb58-4c35-aca6-f2dcc106f287", + "ServicePlanName": "INFORMATION_BARRIERS", + "AdditionalProperties": { - ] - } - }, - { - "Id": "Enablement_Admin_Eligibility", - "Target": { - "Caller": "Admin", - "EnforcedSettings": [ + } + }, + { + "AppliesTo": "User", + "ProvisioningStatus": "Success", + "ServicePlanId": "bce5e5ca-c2fd-4d53-8ee2-58dfffed4c10", + "ServicePlanName": "CDS_O365_P3_GCC", + "AdditionalProperties": { - ], - "InheritableSettings": [ + } + }, + { + "AppliesTo": "User", + "ProvisioningStatus": "Success", + "ServicePlanId": "a7d3fb37-b6df-4085-b509-50810d991a39", + "ServicePlanName": "DYN365_CDS_O365_P3_GCC", + "AdditionalProperties": { - ], - "Level": "Eligibility", - "Operations": [ - "All" - ], - "TargetObjects": null - }, - "RuleSource": "Hybrid Identity Administrator", - "RuleSourceType": "Directory Role", - "AdditionalProperties": { - "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyEnablementRule", - "enabledRules": [ + } + }, + { + "AppliesTo": "User", + "ProvisioningStatus": "Success", + "ServicePlanId": "d2d51368-76c9-4317-ada2-a12c004c432f", + "ServicePlanName": "ML_CLASSIFICATION", + "AdditionalProperties": { - ] - } - }, - { - "Id": "Expiration_Admin_Assignment", - "Target": { - "Caller": "Admin", - "EnforcedSettings": [ + } + }, + { + "AppliesTo": "User", + "ProvisioningStatus": "Success", + "ServicePlanId": "64bfac92-2b17-4482-b5e5-a0304429de3e", + "ServicePlanName": "MICROSOFTENDPOINTDLP", + "AdditionalProperties": { - ], - "InheritableSettings": [ + } + }, + { + "AppliesTo": "User", + "ProvisioningStatus": "Success", + "ServicePlanId": "a31ef4a2-f787-435e-8335-e47eb0cafc94", + "ServicePlanName": "MCOSTANDARD_GOV", + "AdditionalProperties": { - ], - "Level": "Assignment", - "Operations": [ - "All" - ], - "TargetObjects": null - }, - "RuleSource": "Hybrid Identity Administrator", - "RuleSourceType": "Directory Role", - "AdditionalProperties": { - "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyExpirationRule", - "isExpirationRequired": true, - "maximumDuration": "P30D" - } - }, - { - "Id": "Enablement_Admin_Assignment", - "Target": { - "Caller": "Admin", - "EnforcedSettings": [ + } + }, + { + "AppliesTo": "User", + "ProvisioningStatus": "Success", + "ServicePlanId": "153f85dd-d912-4762-af6c-d6e0fb4f6692", + "ServicePlanName": "SHAREPOINTENTERPRISE_GOV", + "AdditionalProperties": { - ], - "InheritableSettings": [ + } + }, + { + "AppliesTo": "User", + "ProvisioningStatus": "Success", + "ServicePlanId": "617b097b-4b93-4ede-83de-5f075bb5fb2f", + "ServicePlanName": "PREMIUM_ENCRYPTION", + "AdditionalProperties": { - ], - "Level": "Assignment", - "Operations": [ - "All" - ], - "TargetObjects": null - }, - "RuleSource": "Hybrid Identity Administrator", - "RuleSourceType": "Directory Role", - "AdditionalProperties": { - "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyEnablementRule", - "enabledRules": [ - "Justification" - ] - } - }, - { - "Id": "Notification_Admin_Admin_Assignment", - "Target": { - "Caller": "Admin", - "EnforcedSettings": [ + } + }, + { + "AppliesTo": "User", + "ProvisioningStatus": "Success", + "ServicePlanId": "944e9726-f011-4353-b654-5f7d2663db76", + "ServicePlanName": "BI_AZURE_P_2_GOV", + "AdditionalProperties": { - ], - "InheritableSettings": [ + } + }, + { + "AppliesTo": "User", + "ProvisioningStatus": "Success", + "ServicePlanId": "8055d84a-c172-42eb-b997-6c2ae4628246", + "ServicePlanName": "FLOW_O365_P3_GOV", + "AdditionalProperties": { - ], - "Level": "Assignment", - "Operations": [ - "All" - ], - "TargetObjects": null - }, - "RuleSource": "Hybrid Identity Administrator", - "RuleSourceType": "Directory Role", - "AdditionalProperties": { - "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", - "notificationType": "Email", - "recipientType": "Admin", - "notificationLevel": "All", - "isDefaultRecipientsEnabled": true, - "notificationRecipients": [ + } + }, + { + "AppliesTo": "User", + "ProvisioningStatus": "Success", + "ServicePlanId": "0eacfc38-458a-40d3-9eab-9671258f1a3e", + "ServicePlanName": "POWERAPPS_O365_P3_GOV", + "AdditionalProperties": { - ] - } - }, - { - "Id": "Notification_Requestor_Admin_Assignment", - "Target": { - "Caller": "Admin", - "EnforcedSettings": [ + } + }, + { + "AppliesTo": "User", + "ProvisioningStatus": "Success", + "ServicePlanId": "8f9f0f3b-ca90-406c-a842-95579171f8ec", + "ServicePlanName": "SHAREPOINTWAC_GOV", + "AdditionalProperties": { - ], - "InheritableSettings": [ + } + }, + { + "AppliesTo": "User", + "ProvisioningStatus": "Success", + "ServicePlanId": "5b4ef465-7ea1-459a-9f91-033317755a51", + "ServicePlanName": "PROJECTWORKMANAGEMENT_GOV", + "AdditionalProperties": { - ], - "Level": "Assignment", - "Operations": [ - "All" - ], - "TargetObjects": null - }, - "RuleSource": "Hybrid Identity Administrator", - "RuleSourceType": "Directory Role", - "AdditionalProperties": { - "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", - "notificationType": "Email", - "recipientType": "Requestor", - "notificationLevel": "All", - "isDefaultRecipientsEnabled": true, - "notificationRecipients": [ + } + }, + { + "AppliesTo": "User", + "ProvisioningStatus": "Success", + "ServicePlanId": "d1cbfb67-18a8-4792-b643-630b7f19aad1", + "ServicePlanName": "EQUIVIO_ANALYTICS_GOV", + "AdditionalProperties": { - ] - } - }, - { - "Id": "Notification_Approver_Admin_Assignment", - "Target": { - "Caller": "Admin", - "EnforcedSettings": [ + } + }, + { + "AppliesTo": "User", + "ProvisioningStatus": "Success", + "ServicePlanId": "304767db-7d23-49e8-a945-4a7eb65f9f28", + "ServicePlanName": "TEAMS_GOV", + "AdditionalProperties": { - ], - "InheritableSettings": [ + } + }, + { + "AppliesTo": "User", + "ProvisioningStatus": "Success", + "ServicePlanId": "92c2089d-9a53-49fe-b1a6-9e6bdf959547", + "ServicePlanName": "STREAM_O365_E5_GOV", + "AdditionalProperties": { - ], - "Level": "Assignment", - "Operations": [ - "All" - ], - "TargetObjects": null - }, - "RuleSource": "Hybrid Identity Administrator", - "RuleSourceType": "Directory Role", - "AdditionalProperties": { - "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", - "notificationType": "Email", - "recipientType": "Approver", - "notificationLevel": "All", - "isDefaultRecipientsEnabled": true, - "notificationRecipients": [ + } + }, + { + "AppliesTo": "User", + "ProvisioningStatus": "Success", + "ServicePlanId": "65cc641f-cccd-4643-97e0-a17e3045e541", + "ServicePlanName": "RECORDS_MANAGEMENT", + "AdditionalProperties": { - ] - } - }, - { - "Id": "Expiration_EndUser_Assignment", - "Target": { - "Caller": "EndUser", - "EnforcedSettings": [ + } + }, + { + "AppliesTo": "User", + "ProvisioningStatus": "Success", + "ServicePlanId": "208120d1-9adb-4daf-8c22-816bd5d237e7", + "ServicePlanName": "EXCHANGE_ANALYTICS_GOV", + "AdditionalProperties": { - ], - "InheritableSettings": [ + } + }, + { + "AppliesTo": "User", + "ProvisioningStatus": "Success", + "ServicePlanId": "c1ec4a95-1f05-45b3-a911-aa3fa01094f5", + "ServicePlanName": "INTUNE_A", + "AdditionalProperties": { - ], - "Level": "Assignment", - "Operations": [ - "All" - ], - "TargetObjects": null - }, - "RuleSource": "Hybrid Identity Administrator", - "RuleSourceType": "Directory Role", - "AdditionalProperties": { - "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyExpirationRule", - "isExpirationRequired": false, - "maximumDuration": "PT8H" - } - }, - { - "Id": "Enablement_EndUser_Assignment", - "Target": { - "Caller": "EndUser", - "EnforcedSettings": [ + } + }, + { + "AppliesTo": "User", + "ProvisioningStatus": "Success", + "ServicePlanId": "d587c7a3-bda9-4f99-8776-9bcf59c84f75", + "ServicePlanName": "INSIDER_RISK", + "AdditionalProperties": { - ], - "InheritableSettings": [ + } + }, + { + "AppliesTo": "User", + "ProvisioningStatus": "Success", + "ServicePlanId": "900018f1-0cdb-4ecb-94d4-90281760fdc6", + "ServicePlanName": "THREAT_INTELLIGENCE_GOV", + "AdditionalProperties": { - ], - "Level": "Assignment", - "Operations": [ - "All" - ], - "TargetObjects": null - }, - "RuleSource": "Hybrid Identity Administrator", - "RuleSourceType": "Directory Role", - "AdditionalProperties": { - "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyEnablementRule", - "enabledRules": [ - "Justification" - ] - } - }, - { - "Id": "Approval_EndUser_Assignment", - "Target": { - "Caller": "EndUser", - "EnforcedSettings": [ + } + }, + { + "AppliesTo": "Company", + "ProvisioningStatus": "Success", + "ServicePlanId": "493ff600-6a2b-4db6-ad37-a7d4eb214516", + "ServicePlanName": "ATP_ENTERPRISE_GOV", + "AdditionalProperties": { - ], - "InheritableSettings": [ + } + }, + { + "AppliesTo": "User", + "ProvisioningStatus": "Success", + "ServicePlanId": "14ab5db5-e6c4-4b20-b4bc-13e36fd2227f", + "ServicePlanName": "ATA", + "AdditionalProperties": { - ], - "Level": "Assignment", - "Operations": [ - "All" - ], - "TargetObjects": null - }, - "RuleSource": "Hybrid Identity Administrator", - "RuleSourceType": "Directory Role", - "AdditionalProperties": { - "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyApprovalRule", - "setting": { - "isApprovalRequired": false, - "isApprovalRequiredForExtension": false, - "isRequestorJustificationRequired": true, - "approvalMode": "SingleStage", - "approvalStages": [ - { - "approvalStageTimeOutInDays": 1, - "isApproverJustificationRequired": true, - "escalationTimeInMinutes": 0, - "isEscalationEnabled": false, - "primaryApprovers": [ + } + }, + { + "AppliesTo": "User", + "ProvisioningStatus": "Success", + "ServicePlanId": "6db1f1db-2b46-403f-be40-e39395f08dbb", + "ServicePlanName": "CUSTOMER_KEY", + "AdditionalProperties": { - ], - "escalationApprovers": [ + } + }, + { + "AppliesTo": "User", + "ProvisioningStatus": "Success", + "ServicePlanId": "6dc145d6-95dd-4191-b9c3-185575ee6f6b", + "ServicePlanName": "COMMUNICATIONS_DLP", + "AdditionalProperties": { - ] - } - ] - } - } - }, - { - "Id": "AuthenticationContext_EndUser_Assignment", - "Target": { - "Caller": "EndUser", - "EnforcedSettings": [ + } + }, + { + "AppliesTo": "User", + "ProvisioningStatus": "Success", + "ServicePlanId": "2e2ddb96-6af9-4b1d-a3f0-d6ecfd22edb2", + "ServicePlanName": "ADALLOM_S_STANDALONE", + "AdditionalProperties": { - ], - "InheritableSettings": [ + } + }, + { + "AppliesTo": "User", + "ProvisioningStatus": "Success", + "ServicePlanId": "199a5c09-e0ca-4e37-8f7c-b05d533e1ea2", + "ServicePlanName": "MICROSOFTBOOKINGS", + "AdditionalProperties": { - ], - "Level": "Assignment", - "Operations": [ - "All" - ], - "TargetObjects": null - }, - "RuleSource": "Hybrid Identity Administrator", - "RuleSourceType": "Directory Role", - "AdditionalProperties": { - "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyAuthenticationContextRule", - "isEnabled": false, - "claimValue": "" - } - }, - { - "Id": "Notification_Admin_EndUser_Assignment", - "Target": { - "Caller": "EndUser", - "EnforcedSettings": [ + } + }, + { + "AppliesTo": "User", + "ProvisioningStatus": "Success", + "ServicePlanId": "8a256a2b-b617-496d-b51b-e76466e88db0", + "ServicePlanName": "MFA_PREMIUM", + "AdditionalProperties": { - ], - "InheritableSettings": [ + } + }, + { + "AppliesTo": "User", + "ProvisioningStatus": "Success", + "ServicePlanId": "db23fce2-a974-42ef-9002-d78dd42a0f22", + "ServicePlanName": "MCOEV_GOV", + "AdditionalProperties": { - ], - "Level": "Assignment", - "Operations": [ - "All" - ], - "TargetObjects": null - }, - "RuleSource": "Hybrid Identity Administrator", - "RuleSourceType": "Directory Role", - "AdditionalProperties": { - "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", - "notificationType": "Email", - "recipientType": "Admin", - "notificationLevel": "All", - "isDefaultRecipientsEnabled": true, - "notificationRecipients": [ + } + }, + { + "AppliesTo": "User", + "ProvisioningStatus": "Success", + "ServicePlanId": "bf28f719-7844-4079-9c78-c1307898e192", + "ServicePlanName": "MTP", + "AdditionalProperties": { - ] - } - }, - { - "Id": "Notification_Requestor_EndUser_Assignment", - "Target": { - "Caller": "EndUser", - "EnforcedSettings": [ + } + }, + { + "AppliesTo": "User", + "ProvisioningStatus": "Success", + "ServicePlanId": "f544b08d-1645-4287-82de-8d91f37c02a1", + "ServicePlanName": "MCOMEETADV_GOV", + "AdditionalProperties": { - ], - "InheritableSettings": [ + } + }, + { + "AppliesTo": "User", + "ProvisioningStatus": "Success", + "ServicePlanId": "de9234ff-6483-44d9-b15e-dca72fdd27af", + "ServicePlanName": "OFFICESUBSCRIPTION_GOV", + "AdditionalProperties": { - ], - "Level": "Assignment", - "Operations": [ - "All" - ], - "TargetObjects": null - }, - "RuleSource": "Hybrid Identity Administrator", - "RuleSourceType": "Directory Role", - "AdditionalProperties": { - "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", - "notificationType": "Email", - "recipientType": "Requestor", - "notificationLevel": "All", - "isDefaultRecipientsEnabled": true, - "notificationRecipients": [ + } + }, + { + "AppliesTo": "User", + "ProvisioningStatus": "Success", + "ServicePlanId": "2f442157-a11c-46b9-ae5b-6e39ff4e5849", + "ServicePlanName": "M365_ADVANCED_AUDITING", + "AdditionalProperties": { - ] - } - }, - { - "Id": "Notification_Approver_EndUser_Assignment", - "Target": { - "Caller": "EndUser", - "EnforcedSettings": [ + } + }, + { + "AppliesTo": "User", + "ProvisioningStatus": "Success", + "ServicePlanId": "a413a9ff-720c-4822-98ef-2f37c2a21f4c", + "ServicePlanName": "MICROSOFT_COMMUNICATION_COMPLIANCE", + "AdditionalProperties": { - ], - "InheritableSettings": [ + } + }, + { + "AppliesTo": "User", + "ProvisioningStatus": "Success", + "ServicePlanId": "5136a095-5cf0-4aff-bec3-e84448b38ea5", + "ServicePlanName": "MIP_S_CLP1", + "AdditionalProperties": { - ], - "Level": "Assignment", - "Operations": [ - "All" - ], - "TargetObjects": null - }, - "RuleSource": "Hybrid Identity Administrator", - "RuleSourceType": "Directory Role", - "AdditionalProperties": { - "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", - "notificationType": "Email", - "recipientType": "Approver", - "notificationLevel": "All", - "isDefaultRecipientsEnabled": true, - "notificationRecipients": [ + } + }, + { + "AppliesTo": "User", + "ProvisioningStatus": "Success", + "ServicePlanId": "efb0351d-3b08-4503-993d-383af8de41e3", + "ServicePlanName": "MIP_S_CLP2", + "AdditionalProperties": { - ] - } - }, - { - "Id": "Expiration_Admin_Eligibility", - "Target": { - "Caller": "Admin", - "EnforcedSettings": [ + } + }, + { + "AppliesTo": "Company", + "ProvisioningStatus": "Success", + "ServicePlanId": "d9fa6af4-e046-4c89-9226-729a0786685d", + "ServicePlanName": "Content_Explorer", + "AdditionalProperties": { - ], - "InheritableSettings": [ + } + }, + { + "AppliesTo": "User", + "ProvisioningStatus": "Success", + "ServicePlanId": "843da3a8-d2cc-4e7a-9e90-dc46019f964c", + "ServicePlanName": "FORMS_GOV_E5", + "AdditionalProperties": { - ], - "Level": "Eligibility", - "Operations": [ - "All" - ], - "TargetObjects": null - }, - "RuleSource": "PIM Test Group 2", - "RuleSourceType": "PIM Group", - "AdditionalProperties": { - "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyExpirationRule", - "isExpirationRequired": true, - "maximumDuration": "P365D" - } - }, - { - "Id": "Notification_Admin_Admin_Eligibility", - "Target": { - "Caller": "Admin", - "EnforcedSettings": [ + } + }, + { + "AppliesTo": "User", + "ProvisioningStatus": "Success", + "ServicePlanId": "8c3069c0-ccdb-44be-ab77-986203a67df2", + "ServicePlanName": "EXCHANGE_S_ENTERPRISE_GOV", + "AdditionalProperties": { - ], - "InheritableSettings": [ + } + }, + { + "AppliesTo": "User", + "ProvisioningStatus": "Success", + "ServicePlanId": "89b5d3b1-3855-49fe-b46c-87c66dbc1526", + "ServicePlanName": "LOCKBOX_ENTERPRISE_GOV", + "AdditionalProperties": { - ], - "Level": "Eligibility", - "Operations": [ - "All" - ], - "TargetObjects": null - }, - "RuleSource": "PIM Test Group 2", - "RuleSourceType": "PIM Group", - "AdditionalProperties": { - "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", - "notificationType": "Email", - "recipientType": "Admin", - "notificationLevel": "All", - "isDefaultRecipientsEnabled": true, - "notificationRecipients": [ - "bobo@fakemail.com" - ] - } - }, - { - "Id": "Notification_Requestor_Admin_Eligibility", - "Target": { - "Caller": "Admin", - "EnforcedSettings": [ + } + }, + { + "AppliesTo": "User", + "ProvisioningStatus": "Success", + "ServicePlanId": "1b66aedf-8ca1-4f73-af76-ec76c6180f98", + "ServicePlanName": "RMS_S_PREMIUM_GOV", + "AdditionalProperties": { - ], - "InheritableSettings": [ + } + }, + { + "AppliesTo": "User", + "ProvisioningStatus": "Success", + "ServicePlanId": "5400a66d-eaa5-427d-80f2-0f26d59d8fce", + "ServicePlanName": "RMS_S_PREMIUM2_GOV", + "AdditionalProperties": { - ], - "Level": "Eligibility", - "Operations": [ - "All" - ], - "TargetObjects": null - }, - "RuleSource": "PIM Test Group 2", - "RuleSourceType": "PIM Group", - "AdditionalProperties": { - "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", - "notificationType": "Email", - "recipientType": "Requestor", - "notificationLevel": "All", - "isDefaultRecipientsEnabled": true, - "notificationRecipients": [ + } + }, + { + "AppliesTo": "User", + "ProvisioningStatus": "Success", + "ServicePlanId": "6a76346d-5d6e-4051-9fe3-ed3f312b5597", + "ServicePlanName": "RMS_S_ENTERPRISE_GOV", + "AdditionalProperties": { - ] - } - }, - { - "Id": "Notification_Approver_Admin_Eligibility", - "Target": { - "Caller": "Admin", - "EnforcedSettings": [ + } + }, + { + "AppliesTo": "User", + "ProvisioningStatus": "Success", + "ServicePlanId": "eec0eb4f-6444-4f95-aba0-50c24d67f998", + "ServicePlanName": "AAD_PREMIUM_P2", + "AdditionalProperties": { - ], - "InheritableSettings": [ + } + }, + { + "AppliesTo": "User", + "ProvisioningStatus": "Success", + "ServicePlanId": "41781fb2-bc02-4b7c-bd55-b576c07bb09d", + "ServicePlanName": "AAD_PREMIUM", + "AdditionalProperties": { - ], - "Level": "Eligibility", - "Operations": [ - "All" - ], - "TargetObjects": null - }, - "RuleSource": "PIM Test Group 2", - "RuleSourceType": "PIM Group", - "AdditionalProperties": { - "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", - "notificationType": "Email", - "recipientType": "Approver", - "notificationLevel": "All", - "isDefaultRecipientsEnabled": true, - "notificationRecipients": [ + } + }, + { + "AppliesTo": "User", + "ProvisioningStatus": "Success", + "ServicePlanId": "e26c2fcc-ab91-4a61-b35c-03cdc8dddf66", + "ServicePlanName": "INFO_GOVERNANCE", + "AdditionalProperties": { - ] - } - }, - { - "Id": "Enablement_Admin_Eligibility", - "Target": { - "Caller": "Admin", - "EnforcedSettings": [ + } + }, + { + "AppliesTo": "User", + "ProvisioningStatus": "Success", + "ServicePlanId": "871d91ec-ec1a-452b-a83f-bd76c7d770ef", + "ServicePlanName": "WINDEFATP", + "AdditionalProperties": { - ], - "InheritableSettings": [ + } + } +], + "directory_settings": [ + { + "DisplayName": "Group.Unified", + "Id": "5ce54204-ef8d-44c5-af88-dc8bd4c16069", + "TemplateId": "62375ab9-6b52-47ed-826b-58e47e0e304b", + "Values": [ + { + "Name": "NewUnifiedGroupWritebackDefault", + "Value": "true" + }, + { + "Name": "EnableMIPLabels", + "Value": "False" + }, + { + "Name": "CustomBlockedWordsList", + "Value": "" + }, + { + "Name": "EnableMSStandardBlockedWords", + "Value": "False" + }, + { + "Name": "ClassificationDescriptions", + "Value": "" + }, + { + "Name": "DefaultClassification", + "Value": "" + }, + { + "Name": "PrefixSuffixNamingRequirement", + "Value": "" + }, + { + "Name": "AllowGuestsToBeGroupOwner", + "Value": "False" + }, + { + "Name": "AllowGuestsToAccessGroups", + "Value": "True" + }, + { + "Name": "GuestUsageGuidelinesUrl", + "Value": "" + }, + { + "Name": "GroupCreationAllowedGroupId", + "Value": "67f62883-f97a-4192-a300-8a1576af8056" + }, + { + "Name": "AllowToAddGuests", + "Value": "True" + }, + { + "Name": "UsageGuidelinesUrl", + "Value": "" + }, + { + "Name": "ClassificationList", + "Value": "" + }, + { + "Name": "EnableGroupCreation", + "Value": "False" + } + ], + "AdditionalProperties": { - ], - "Level": "Eligibility", - "Operations": [ - "All" - ], - "TargetObjects": null - }, - "RuleSource": "PIM Test Group 2", - "RuleSourceType": "PIM Group", - "AdditionalProperties": { - "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyEnablementRule", - "enabledRules": [ - - ] - } - }, - { - "Id": "Expiration_Admin_Assignment", - "Target": { - "Caller": "Admin", - "EnforcedSettings": [ + } + }, + { + "DisplayName": "Consent Policy Settings", + "Id": "62c1305f-60f0-4096-8d72-e1f74e8627f5", + "TemplateId": "dffd5d46-495d-40a9-8e21-954ff55e198a", + "Values": [ + { + "Name": "BlockUserConsentForRiskyApps", + "Value": "true" + }, + { + "Name": "EnableAdminConsentRequests", + "Value": "false" + } + ], + "AdditionalProperties": { - ], - "InheritableSettings": [ + } + } +], + "authentication_method": [ + { + "authentication_method_feature_settings": [ + { + "ExcludeTargets": [ + + ], + "Id": "Fido2", + "State": "enabled", + "AdditionalProperties": { + "@odata.type": "#microsoft.graph.fido2AuthenticationMethodConfiguration", + "isSelfServiceRegistrationAllowed": true, + "isAttestationEnforced": true, + "defaultPasskeyProfile": "00000000-0000-0000-0000-000000000001", + "keyRestrictions": { + "isEnforced": true, + "enforcementType": "allow", + "aaGuids": [ + "c1f9a0bc-1dd2-404a-b27f-8e29047a43fd", + "73bb0cd4-e502-49b8-9c6f-b59445bf720b", + "85203421-48f9-4355-9bc8-8a53846e5083" + ] + }, + "includeTargets@odata.context": "https://graph.microsoft.com/beta/$metadata#policies/authenticationMethodsPolicy/authenticationMethodConfigurations(\u0027Fido2\u0027)/microsoft.graph.fido2AuthenticationMethodConfiguration/includeTargets", + "includeTargets": [ + { + "targetType": "group", + "id": "e426e4a9-2045-48fe-9949-774a999f7972", + "isRegistrationRequired": false, + "allowedPasskeyProfiles": [ + "00000000-0000-0000-0000-000000000001" + ] + } + ], + "passkeyProfiles": [ + { + "id": "00000000-0000-0000-0000-000000000001", + "name": "FIDO2 default profile", + "passkeyTypes": "deviceBound", + "isAttestationEnforced": true, + "keyRestrictions": { + "isEnforced": true, + "enforcementType": "allow", + "aaGuids": [ + "c1f9a0bc-1dd2-404a-b27f-8e29047a43fd", + "73bb0cd4-e502-49b8-9c6f-b59445bf720b", + "85203421-48f9-4355-9bc8-8a53846e5083" + ] + } + } + ] + } + }, + { + "ExcludeTargets": [ + + ], + "Id": "MicrosoftAuthenticator", + "State": "enabled", + "AdditionalProperties": { + "@odata.type": "#microsoft.graph.microsoftAuthenticatorAuthenticationMethodConfiguration", + "isSoftwareOathEnabled": false, + "featureSettings": { + "companionAppAllowedState": { + "state": "default", + "includeTarget": { + "targetType": "group", + "id": "all_users" + }, + "excludeTarget": { + "targetType": "group", + "id": "00000000-0000-0000-0000-000000000000" + } + }, + "numberMatchingRequiredState": { + "state": "enabled", + "includeTarget": { + "targetType": "group", + "id": "all_users" + }, + "excludeTarget": { + "targetType": "group", + "id": "00000000-0000-0000-0000-000000000000" + } + }, + "displayAppInformationRequiredState": { + "state": "enabled", + "includeTarget": { + "targetType": "group", + "id": "all_users" + }, + "excludeTarget": { + "targetType": "group", + "id": "00000000-0000-0000-0000-000000000000" + } + }, + "displayLocationInformationRequiredState": { + "state": "enabled", + "includeTarget": { + "targetType": "group", + "id": "all_users" + }, + "excludeTarget": { + "targetType": "group", + "id": "00000000-0000-0000-0000-000000000000" + } + } + }, + "includeTargets@odata.context": "https://graph.microsoft.com/beta/$metadata#policies/authenticationMethodsPolicy/authenticationMethodConfigurations(\u0027MicrosoftAuthenticator\u0027)/microsoft.graph.microsoftAuthenticatorAuthenticationMethodConfiguration/includeTargets", + "includeTargets": [ + { + "targetType": "group", + "id": "all_users", + "isRegistrationRequired": false, + "authenticationMode": "any" + } + ] + } + }, + { + "ExcludeTargets": [ + + ], + "Id": "Sms", + "State": "disabled", + "AdditionalProperties": { + "@odata.type": "#microsoft.graph.smsAuthenticationMethodConfiguration", + "includeTargets@odata.context": "https://graph.microsoft.com/beta/$metadata#policies/authenticationMethodsPolicy/authenticationMethodConfigurations(\u0027Sms\u0027)/microsoft.graph.smsAuthenticationMethodConfiguration/includeTargets", + "includeTargets": [ + { + "targetType": "user", + "id": "42dd60ea-57e9-47ea-8a43-a213d36a9cb0", + "isRegistrationRequired": false, + "isUsableForSignIn": true + } + ] + } + }, + { + "ExcludeTargets": [ + + ], + "Id": "TemporaryAccessPass", + "State": "enabled", + "AdditionalProperties": { + "@odata.type": "#microsoft.graph.temporaryAccessPassAuthenticationMethodConfiguration", + "defaultLifetimeInMinutes": 60, + "defaultLength": 8, + "minimumLifetimeInMinutes": 10, + "maximumLifetimeInMinutes": 120, + "isUsableOnce": true, + "includeTargets@odata.context": "https://graph.microsoft.com/beta/$metadata#policies/authenticationMethodsPolicy/authenticationMethodConfigurations(\u0027TemporaryAccessPass\u0027)/microsoft.graph.temporaryAccessPassAuthenticationMethodConfiguration/includeTargets", + "includeTargets": [ + { + "targetType": "group", + "id": "all_users", + "isRegistrationRequired": false + } + ] + } + }, + { + "ExcludeTargets": [ + + ], + "Id": "HardwareOath", + "State": "disabled", + "AdditionalProperties": { + "@odata.type": "#microsoft.graph.hardwareOathAuthenticationMethodConfiguration", + "includeTargets@odata.context": "https://graph.microsoft.com/beta/$metadata#policies/authenticationMethodsPolicy/authenticationMethodConfigurations(\u0027HardwareOath\u0027)/microsoft.graph.hardwareOathAuthenticationMethodConfiguration/includeTargets", + "includeTargets": [ + { + "targetType": "group", + "id": "all_users", + "isRegistrationRequired": false + } + ] + } + }, + { + "ExcludeTargets": [ + + ], + "Id": "SoftwareOath", + "State": "disabled", + "AdditionalProperties": { + "@odata.type": "#microsoft.graph.softwareOathAuthenticationMethodConfiguration", + "includeTargets@odata.context": "https://graph.microsoft.com/beta/$metadata#policies/authenticationMethodsPolicy/authenticationMethodConfigurations(\u0027SoftwareOath\u0027)/microsoft.graph.softwareOathAuthenticationMethodConfiguration/includeTargets", + "includeTargets": [ + { + "targetType": "group", + "id": "all_users", + "isRegistrationRequired": false + } + ] + } + }, + { + "ExcludeTargets": [ + + ], + "Id": "Voice", + "State": "disabled", + "AdditionalProperties": { + "@odata.type": "#microsoft.graph.voiceAuthenticationMethodConfiguration", + "isOfficePhoneAllowed": false, + "isCustomGreetingEnabled": false, + "includeTargets@odata.context": "https://graph.microsoft.com/beta/$metadata#policies/authenticationMethodsPolicy/authenticationMethodConfigurations(\u0027Voice\u0027)/microsoft.graph.voiceAuthenticationMethodConfiguration/includeTargets", + "includeTargets": [ + { + "targetType": "group", + "id": "all_users", + "isRegistrationRequired": false + } + ] + } + }, + { + "ExcludeTargets": [ + + ], + "Id": "Email", + "State": "disabled", + "AdditionalProperties": { + "@odata.type": "#microsoft.graph.emailAuthenticationMethodConfiguration", + "allowExternalIdToUseEmailOtp": "disabled", + "includeTargets@odata.context": "https://graph.microsoft.com/beta/$metadata#policies/authenticationMethodsPolicy/authenticationMethodConfigurations(\u0027Email\u0027)/microsoft.graph.emailAuthenticationMethodConfiguration/includeTargets", + "includeTargets": [ + + ] + } + }, + { + "ExcludeTargets": [ + + ], + "Id": "X509Certificate", + "State": "enabled", + "AdditionalProperties": { + "@odata.type": "#microsoft.graph.x509CertificateAuthenticationMethodConfiguration", + "certificateUserBindings": [ + { + "x509CertificateField": "PrincipalName", + "userProperty": "certificateUserIds", + "priority": 1, + "trustAffinityLevel": "low" + } + ], + "authenticationModeConfiguration": { + "x509CertificateAuthenticationDefaultMode": "x509CertificateSingleFactor", + "x509CertificateDefaultRequiredAffinityLevel": "low", + "rules": [ + { + "x509CertificateRuleType": "policyOID", + "identifier": "2.16.840.1.101.3.2.1.3.13", + "x509CertificateAuthenticationMode": "x509CertificateMultiFactor", + "x509CertificateRequiredAffinityLevel": "low", + "policyOidIdentifier": "2.16.840.1.101.3.2.1.3.13" + } + ] + }, + "issuerHintsConfiguration": { + "state": "disabled" + }, + "crlValidationConfiguration": { + "state": "disabled", + "exemptedCertificateAuthoritiesSubjectKeyIdentifiers": [ + + ] + }, + "includeTargets@odata.context": "https://graph.microsoft.com/beta/$metadata#policies/authenticationMethodsPolicy/authenticationMethodConfigurations(\u0027X509Certificate\u0027)/microsoft.graph.x509CertificateAuthenticationMethodConfiguration/includeTargets", + "includeTargets": [ + { + "targetType": "group", + "id": "64720f66-b5cc-41ae-aec7-562f90038952", + "isRegistrationRequired": false + }, + { + "targetType": "group", + "id": "bf430dde-a18a-476d-977b-81796b4ab2c0", + "isRegistrationRequired": false + } + ] + } + } + ], + "authentication_method_policy": { + "Description": "The tenant-wide policy that controls which authentication methods are allowed in the tenant, authentication method registration requirements, and self-service password reset settings", + "DisplayName": "Authentication Methods Policy", + "Id": "authenticationMethodsPolicy", + "LastModifiedDateTime": "Date(1708376786872)", + "PolicyMigrationState": "preMigration", + "PolicyVersion": "1.5", + "ReconfirmationInDays": null, + "RegistrationEnforcement": { + "AuthenticationMethodsRegistrationCampaign": { + "EnforceRegistrationAfterAllowedSnoozes": true, + "ExcludeTargets": [ + { + "Id": "64720f66-b5cc-41ae-aec7-562f90038952", + "TargetType": "group" + }, + { + "Id": "6066af10-d921-4de6-9ae4-7f01057ec372", + "TargetType": "user" + }, + { + "Id": "2bfd4ad1-66be-4952-9d8e-d80f228660a0", + "TargetType": "user" + }, + { + "Id": "7a22bd70-341c-4903-a014-d8cfd5c1d75f", + "TargetType": "user" + } + ], + "IncludeTargets": [ + { + "Id": "all_users", + "TargetType": "group", + "TargetedAuthenticationMethod": "microsoftAuthenticator" + } + ], + "SnoozeDurationInDays": 1, + "State": "disabled" + } + }, + "ReportSuspiciousActivitySettings": { + "IncludeTarget": { + "Id": "all_users", + "TargetType": "group" + }, + "State": "default", + "VoiceReportingCode": 0 + }, + "SystemCredentialPreferences": { + "ExcludeTargets": [ + + ], + "IncludeTargets": [ + { + "Id": "all_users", + "TargetType": "group" + } + ], + "State": "default" + }, + "AdditionalProperties": { + "@odata.context": "https://graph.microsoft.com/beta/$metadata#authenticationMethodsPolicy", + "authenticationMethodConfigurations@odata.context": "https://graph.microsoft.com/beta/$metadata#policies/authenticationMethodsPolicy/authenticationMethodConfigurations" + } + } + } +], + "domain_settings": [ + { + "AuthenticationType": "Managed", + "AvailabilityStatus": null, + "DomainNameReferences": null, + "FederationConfiguration": null, + "Id": "tedtest.hoorah.com", + "IsAdminManaged": true, + "IsDefault": false, + "IsInitial": false, + "IsRoot": false, + "IsVerified": false, + "PasswordNotificationWindowInDays": null, + "PasswordValidityPeriodInDays": null, + "ServiceConfigurationRecords": null, + "SharedEmailDomainInvitations": null, + "State": { + "LastActionDateTime": null, + "Operation": null, + "Status": null + }, + "SupportedServices": [ - ], - "Level": "Assignment", - "Operations": [ - "All" - ], - "TargetObjects": null - }, - "RuleSource": "PIM Test Group 2", - "RuleSourceType": "PIM Group", - "AdditionalProperties": { - "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyExpirationRule", - "isExpirationRequired": true, - "maximumDuration": "P180D" - } - }, - { - "Id": "Enablement_Admin_Assignment", - "Target": { - "Caller": "Admin", - "EnforcedSettings": [ + ], + "VerificationDnsRecords": null, + "AdditionalProperties": { - ], - "InheritableSettings": [ + } + }, + { + "AuthenticationType": "Managed", + "AvailabilityStatus": null, + "DomainNameReferences": null, + "FederationConfiguration": null, + "Id": "tqhjy.onmicrosoft.com", + "IsAdminManaged": true, + "IsDefault": true, + "IsInitial": true, + "IsRoot": true, + "IsVerified": true, + "PasswordNotificationWindowInDays": 14, + "PasswordValidityPeriodInDays": 2147483647, + "ServiceConfigurationRecords": null, + "SharedEmailDomainInvitations": null, + "State": { + "LastActionDateTime": null, + "Operation": null, + "Status": null + }, + "SupportedServices": [ + "Email", + "OfficeCommunicationsOnline" + ], + "VerificationDnsRecords": null, + "AdditionalProperties": { - ], - "Level": "Assignment", - "Operations": [ - "All" - ], - "TargetObjects": null - }, - "RuleSource": "PIM Test Group 2", - "RuleSourceType": "PIM Group", - "AdditionalProperties": { - "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyEnablementRule", - "enabledRules": [ - "Justification" - ] - } - }, - { - "Id": "Notification_Admin_Admin_Assignment", - "Target": { - "Caller": "Admin", - "EnforcedSettings": [ + } + } +], + "license_information": [ + { + "SkuId": "eddf428b-da0e-4115-accf-b29eb0b83965", + "SkuPartNumber": "CDS_DB_CAPACITY_GOV", + "ConsumedUnits": 0, + "PrepaidUnits": { + "Enabled": 1, + "LockedOut": 0, + "Suspended": 0, + "Warning": 0 + } + }, + { + "SkuId": "e2be619b-b125-455f-8660-fb503e431a5d", + "SkuPartNumber": "M365_G5_GCC", + "ConsumedUnits": 9, + "PrepaidUnits": { + "Enabled": 10, + "LockedOut": 0, + "Suspended": 0, + "Warning": 0 + } + } +], + "total_user_count": 10, + "aad_successful_commands": [ + "Get-MgBetaIdentityConditionalAccessPolicy", + "Get-MgBetaSubscribedSku", + "Get-PrivilegedUser", + "Get-PrivilegedRole", + "Get-MgBetaUserCount", + "Get-MgBetaPolicyAuthorizationPolicy", + "Get-MgBetaDirectorySetting", + "Get-MgBetaPolicyAuthenticationMethodPolicy", + "Get-MgBetaDomain" +], + "aad_unsuccessful_commands": [ - ], - "InheritableSettings": [ +], "protection_policy_rules": [ + { + "HostedContentFilterPolicy": "Strict Preset Security Policy1681329956650", + "AntiPhishPolicy": "Strict Preset Security Policy1681329955447", + "MalwareFilterPolicy": "Strict Preset Security Policy1681329957931", + "State": "Enabled", + "Priority": 0, + "Comments": null, + "Description": "If the message:\r\n\tIs sent to \u0027johndoe@tqhjy.onmicrosoft.com\u0027\r\n\tand Is sent to a member of group \u0027mofuntonight@tqhjy.onmicrosoft.com\u0027\r\n\tand recipients\u0027s address domain portion belongs to any of these domains: \u0027badpeople.r.us\u0027\r\nTake the following actions:\r\n\tApply hosted content filter policy \"Strict Preset Security Policy1681329956650\"., Apply AntiPhish policy \"Strict Preset Security Policy1681329955447\"., Apply malware filter policy \"Strict Preset Security Policy1681329957931\".\r\n", + "RuleVersion": { + "Major": 15, + "Minor": 0, + "Build": 5, + "Revision": 2, + "MajorRevision": 0, + "MinorRevision": 2 + }, + "SentTo": [ + "johndoe@tqhjy.onmicrosoft.com" + ], + "SentToMemberOf": [ + "mofuntonight@tqhjy.onmicrosoft.com" + ], + "RecipientDomainIs": [ + "badpeople.r.us" + ], + "ExceptIfSentTo": null, + "ExceptIfSentToMemberOf": null, + "ExceptIfRecipientDomainIs": null, + "Conditions": [ + "Microsoft.Exchange.MessagingPolicies.Rules.Tasks.SentToPredicate", + "Microsoft.Exchange.MessagingPolicies.Rules.Tasks.SentToMemberOfPredicate", + "Microsoft.Exchange.MessagingPolicies.Rules.Tasks.RecipientDomainIsPredicate" + ], + "Exceptions": null, + "Identity": "Strict Preset Security Policy", + "DistinguishedName": "CN=Strict Preset Security Policy,CN=EOPProtectionPolicyRuleVersioned,CN=Rules,CN=Transport Settings,CN=Configuration,CN=tqhjy.onmicrosoft.com,CN=ConfigurationUnits,DC=NAMPR09A006,DC=PROD,DC=OUTLOOK,DC=COM", + "Guid": "9d0f5aee-cf8c-4239-9ec4-3560118c1b7e", + "ImmutableId": "9d0f5aee-cf8c-4239-9ec4-3560118c1b7e", + "OrganizationId": "NAMPR09A006.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - NAMPR09A006.PROD.OUTLOOK.COM/ConfigurationUnits/tqhjy.onmicrosoft.com/Configuration", + "Name": "Strict Preset Security Policy", + "IsValid": true, + "WhenChanged": "Date(1717562164000)", + "ExchangeVersion": "0.1 (8.0.535.0)", + "ObjectState": "Unchanged" + }, + { + "HostedContentFilterPolicy": "Standard Preset Security Policy1659535432883", + "AntiPhishPolicy": "Standard Preset Security Policy1659535429826", + "MalwareFilterPolicy": "Standard Preset Security Policy1659535435292", + "State": "Enabled", + "Priority": 1, + "Comments": null, + "Description": "Take the following actions:\r\n\tApply hosted content filter policy \"Standard Preset Security Policy1659535432883\"., Apply AntiPhish policy \"Standard Preset Security Policy1659535429826\"., Apply malware filter policy \"Standard Preset Security Policy1659535435292\".\r\n", + "RuleVersion": { + "Major": 14, + "Minor": 0, + "Build": 0, + "Revision": 0, + "MajorRevision": 0, + "MinorRevision": 0 + }, + "SentTo": null, + "SentToMemberOf": null, + "RecipientDomainIs": null, + "ExceptIfSentTo": null, + "ExceptIfSentToMemberOf": null, + "ExceptIfRecipientDomainIs": null, + "Conditions": null, + "Exceptions": null, + "Identity": "Standard Preset Security Policy", + "DistinguishedName": "CN=Standard Preset Security Policy,CN=EOPProtectionPolicyRuleVersioned,CN=Rules,CN=Transport Settings,CN=Configuration,CN=tqhjy.onmicrosoft.com,CN=ConfigurationUnits,DC=NAMPR09A006,DC=PROD,DC=OUTLOOK,DC=COM", + "Guid": "83318c49-93e8-497b-8fd3-614b090e6103", + "ImmutableId": "83318c49-93e8-497b-8fd3-614b090e6103", + "OrganizationId": "NAMPR09A006.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - NAMPR09A006.PROD.OUTLOOK.COM/ConfigurationUnits/tqhjy.onmicrosoft.com/Configuration", + "Name": "Standard Preset Security Policy", + "IsValid": true, + "WhenChanged": "Date(1717562091000)", + "ExchangeVersion": "0.1 (8.0.535.0)", + "ObjectState": "Unchanged" + } +], + "atp_policy_rules": [ + { + "SafeAttachmentPolicy": "Strict Preset Security Policy1681329958553", + "SafeLinksPolicy": "Strict Preset Security Policy1681329959203", + "State": "Enabled", + "Priority": 0, + "Comments": null, + "Description": "If the message:\r\n\tIs sent to \u0027johndoe@tqhjy.onmicrosoft.com\u0027\r\n\tand Is sent to a member of group \u0027mofuntonight@tqhjy.onmicrosoft.com\u0027\r\n\tand recipients\u0027s address domain portion belongs to any of these domains: \u0027badpeople.r.us\u0027\r\nTake the following actions:\r\n\tApply safe attachment policy \"Strict Preset Security Policy1681329958553\"., Apply safe links policy \"Strict Preset Security Policy1681329959203\".\r\n", + "RuleVersion": { + "Major": 15, + "Minor": 0, + "Build": 5, + "Revision": 2, + "MajorRevision": 0, + "MinorRevision": 2 + }, + "SentTo": [ + "johndoe@tqhjy.onmicrosoft.com" + ], + "SentToMemberOf": [ + "mofuntonight@tqhjy.onmicrosoft.com" + ], + "RecipientDomainIs": [ + "badpeople.r.us" + ], + "ExceptIfSentTo": null, + "ExceptIfSentToMemberOf": null, + "ExceptIfRecipientDomainIs": null, + "Conditions": [ + "Microsoft.Exchange.MessagingPolicies.Rules.Tasks.SentToPredicate", + "Microsoft.Exchange.MessagingPolicies.Rules.Tasks.SentToMemberOfPredicate", + "Microsoft.Exchange.MessagingPolicies.Rules.Tasks.RecipientDomainIsPredicate" + ], + "Exceptions": null, + "Identity": "Strict Preset Security Policy", + "DistinguishedName": "CN=Strict Preset Security Policy,CN=ATPProtectionPolicyRuleVersioned,CN=Rules,CN=Transport Settings,CN=Configuration,CN=tqhjy.onmicrosoft.com,CN=ConfigurationUnits,DC=NAMPR09A006,DC=PROD,DC=OUTLOOK,DC=COM", + "Guid": "92ea4876-f3bc-4f2f-9c6a-d4ad7bedc31e", + "ImmutableId": "92ea4876-f3bc-4f2f-9c6a-d4ad7bedc31e", + "OrganizationId": "NAMPR09A006.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - NAMPR09A006.PROD.OUTLOOK.COM/ConfigurationUnits/tqhjy.onmicrosoft.com/Configuration", + "Name": "Strict Preset Security Policy", + "IsValid": true, + "WhenChanged": "Date(1717562091000)", + "ExchangeVersion": "0.1 (8.0.535.0)", + "ObjectState": "Unchanged" + }, + { + "SafeAttachmentPolicy": "Standard Preset Security Policy1659535436109", + "SafeLinksPolicy": "Standard Preset Security Policy1659535436756", + "State": "Disabled", + "Priority": 1, + "Comments": null, + "Description": "Take the following actions:\r\n\tApply safe attachment policy \"Standard Preset Security Policy1659535436109\"., Apply safe links policy \"Standard Preset Security Policy1659535436756\".\r\n", + "RuleVersion": { + "Major": 14, + "Minor": 0, + "Build": 0, + "Revision": 0, + "MajorRevision": 0, + "MinorRevision": 0 + }, + "SentTo": null, + "SentToMemberOf": null, + "RecipientDomainIs": null, + "ExceptIfSentTo": null, + "ExceptIfSentToMemberOf": null, + "ExceptIfRecipientDomainIs": null, + "Conditions": null, + "Exceptions": null, + "Identity": "Standard Preset Security Policy", + "DistinguishedName": "CN=Standard Preset Security Policy,CN=ATPProtectionPolicyRuleVersioned,CN=Rules,CN=Transport Settings,CN=Configuration,CN=tqhjy.onmicrosoft.com,CN=ConfigurationUnits,DC=NAMPR09A006,DC=PROD,DC=OUTLOOK,DC=COM", + "Guid": "d6c7c877-13b8-4baf-a85c-bc1c008fa515", + "ImmutableId": "d6c7c877-13b8-4baf-a85c-bc1c008fa515", + "OrganizationId": "NAMPR09A006.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - NAMPR09A006.PROD.OUTLOOK.COM/ConfigurationUnits/tqhjy.onmicrosoft.com/Configuration", + "Name": "Standard Preset Security Policy", + "IsValid": true, + "WhenChanged": "Date(1717562091000)", + "ExchangeVersion": "0.1 (8.0.535.0)", + "ObjectState": "Unchanged" + } +], + "dlp_compliance_policies": [ + { + "Mode": "Enable", + "DisplayName": "Default Office 365 DLP policy", + "Type": "Dlp", + "ExchangeLocation": [ + "All" + ], + "SharePointLocation": [ + "All" + ], + "SharePointLocationException": [ - ], - "Level": "Assignment", - "Operations": [ - "All" - ], - "TargetObjects": null - }, - "RuleSource": "PIM Test Group 2", - "RuleSourceType": "PIM Group", - "AdditionalProperties": { - "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", - "notificationType": "Email", - "recipientType": "Admin", - "notificationLevel": "All", - "isDefaultRecipientsEnabled": true, - "notificationRecipients": [ - "bobo@fakemail.com" - ] - } - }, - { - "Id": "Notification_Requestor_Admin_Assignment", - "Target": { - "Caller": "Admin", - "EnforcedSettings": [ + ], + "OneDriveLocation": [ + "All" + ], + "OneDriveLocationException": [ - ], - "InheritableSettings": [ + ], + "ExchangeOnPremisesLocation": [ - ], - "Level": "Assignment", - "Operations": [ - "All" - ], - "TargetObjects": null - }, - "RuleSource": "PIM Test Group 2", - "RuleSourceType": "PIM Group", - "AdditionalProperties": { - "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", - "notificationType": "Email", - "recipientType": "Requestor", - "notificationLevel": "All", - "isDefaultRecipientsEnabled": true, - "notificationRecipients": [ + ], + "SharePointOnPremisesLocation": [ - ] - } - }, - { - "Id": "Notification_Approver_Admin_Assignment", - "Target": { - "Caller": "Admin", - "EnforcedSettings": [ + ], + "SharePointOnPremisesLocationException": [ - ], - "InheritableSettings": [ + ], + "TeamsLocation": [ + "All" + ], + "TeamsLocationException": [ - ], - "Level": "Assignment", - "Operations": [ - "All" - ], - "TargetObjects": null - }, - "RuleSource": "PIM Test Group 2", - "RuleSourceType": "PIM Group", - "AdditionalProperties": { - "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", - "notificationType": "Email", - "recipientType": "Approver", - "notificationLevel": "All", - "isDefaultRecipientsEnabled": true, - "notificationRecipients": [ + ], + "EndpointDlpLocation": [ - ] - } - }, - { - "Id": "Expiration_EndUser_Assignment", - "Target": { - "Caller": "EndUser", - "EnforcedSettings": [ + ], + "EndpointDlpLocationException": [ - ], - "InheritableSettings": [ + ], + "ThirdPartyAppDlpLocation": [ - ], - "Level": "Assignment", - "Operations": [ - "All" - ], - "TargetObjects": null - }, - "RuleSource": "PIM Test Group 2", - "RuleSourceType": "PIM Group", - "AdditionalProperties": { - "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyExpirationRule", - "isExpirationRequired": true, - "maximumDuration": "PT8H" - } - }, - { - "Id": "Enablement_EndUser_Assignment", - "Target": { - "Caller": "EndUser", - "EnforcedSettings": [ + ], + "ThirdPartyAppDlpLocationException": [ - ], - "InheritableSettings": [ + ], + "OnPremisesScannerDlpLocation": [ + "All" + ], + "OnPremisesScannerDlpLocationException": [ - ], - "Level": "Assignment", - "Operations": [ - "All" - ], - "TargetObjects": null - }, - "RuleSource": "PIM Test Group 2", - "RuleSourceType": "PIM Group", - "AdditionalProperties": { - "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyEnablementRule", - "enabledRules": [ - "Justification" - ] - } - }, - { - "Id": "Approval_EndUser_Assignment", - "Target": { - "Caller": "EndUser", - "EnforcedSettings": [ + ], + "PowerBIDlpLocation": [ - ], - "InheritableSettings": [ + ], + "PowerBIDlpLocationException": [ - ], - "Level": "Assignment", - "Operations": [ - "All" - ], - "TargetObjects": null - }, - "RuleSource": "PIM Test Group 2", - "RuleSourceType": "PIM Group", - "AdditionalProperties": { - "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyApprovalRule", - "setting": { - "isApprovalRequired": false, - "isApprovalRequiredForExtension": false, - "isRequestorJustificationRequired": true, - "approvalMode": "SingleStage", - "approvalStages": [ - { - "approvalStageTimeOutInDays": 1, - "isApproverJustificationRequired": true, - "escalationTimeInMinutes": 0, - "isEscalationEnabled": false, - "primaryApprovers": [ + ], + "Locations": "", + "LocationInclusions": [ - ], - "escalationApprovers": [ + ], + "LocationExclusions": [ - ] - } - ] - } - } - }, - { - "Id": "AuthenticationContext_EndUser_Assignment", - "Target": { - "Caller": "EndUser", - "EnforcedSettings": [ + ], + "EndpointDlpExtendedLocations": "", + "ExchangeSender": [ - ], - "InheritableSettings": [ + ], + "ExchangeSenderException": [ - ], - "Level": "Assignment", - "Operations": [ - "All" - ], - "TargetObjects": null - }, - "RuleSource": "PIM Test Group 2", - "RuleSourceType": "PIM Group", - "AdditionalProperties": { - "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyAuthenticationContextRule", - "isEnabled": false, - "claimValue": "" - } - }, - { - "Id": "Notification_Admin_EndUser_Assignment", - "Target": { - "Caller": "EndUser", - "EnforcedSettings": [ + ], + "PolicyTemplateInfo": { - ], - "InheritableSettings": [ + }, + "MatchedItemsCount": null, + "TotalItemsCount": null, + "TopNLocationStatistics": null, + "WorkloadStatistics": null, + "IsSimulationPolicy": false, + "SimulationStatus": null, + "AutoEnableAfter": null, + "IsFromSmartInsights": null, + "IsColdDataSimulationPolicy": false, + "ExtendedProperties": null, + "Summary": false, + "OneDriveSharedBy": [ - ], - "Level": "Assignment", - "Operations": [ - "All" - ], - "TargetObjects": null - }, - "RuleSource": "PIM Test Group 2", - "RuleSourceType": "PIM Group", - "AdditionalProperties": { - "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", - "notificationType": "Email", - "recipientType": "Admin", - "notificationLevel": "All", - "isDefaultRecipientsEnabled": true, - "notificationRecipients": [ - "bobo@fakemail.com" - ] - } - }, - { - "Id": "Notification_Requestor_EndUser_Assignment", - "Target": { - "Caller": "EndUser", - "EnforcedSettings": [ + ], + "ExceptIfOneDriveSharedBy": [ - ], - "InheritableSettings": [ + ], + "OneDriveSharedByMemberOf": [ - ], - "Level": "Assignment", - "Operations": [ - "All" - ], - "TargetObjects": null - }, - "RuleSource": "PIM Test Group 2", - "RuleSourceType": "PIM Group", - "AdditionalProperties": { - "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", - "notificationType": "Email", - "recipientType": "Requestor", - "notificationLevel": "All", - "isDefaultRecipientsEnabled": true, - "notificationRecipients": [ + ], + "ExceptIfOneDriveSharedByMemberOf": [ - ] - } - }, - { - "Id": "Notification_Approver_EndUser_Assignment", - "Target": { - "Caller": "EndUser", - "EnforcedSettings": [ + ], + "ExchangeSenderMemberOf": [ - ], - "InheritableSettings": [ + ], + "ExchangeSenderMemberOfException": [ - ], - "Level": "Assignment", - "Operations": [ - "All" - ], - "TargetObjects": null - }, - "RuleSource": "PIM Test Group 2", - "RuleSourceType": "PIM Group", - "AdditionalProperties": { - "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", - "notificationType": "Email", - "recipientType": "Approver", - "notificationLevel": "All", - "isDefaultRecipientsEnabled": true, - "notificationRecipients": [ + ], + "ExchangeAdaptiveScopes": null, + "ExchangeAdaptiveScopesException": null, + "SharePointAdaptiveScopes": null, + "SharePointAdaptiveScopesException": null, + "OneDriveAdaptiveScopes": null, + "OneDriveAdaptiveScopesException": null, + "TeamsAdaptiveScopes": null, + "TeamsAdaptiveScopesException": null, + "EndpointDlpAdaptiveScopes": null, + "EndpointDlpAdaptiveScopesException": null, + "ExpectedLocations": 0, + "CompletedLocations": 0, + "FailedLocations": 0, + "ItemStatistics": null, + "RuleMatchBlob": null, + "ErrorMetadata": null, + "UserAdministrativeUnitMembershipMap": null, + "ForceValidate": false, + "PolicyRulesMetaData": "{\"WhenRulesChangedUtc\":\"2023-10-05T17:47:20.3689468Z\"}", + "Workload": "Exchange, SharePoint, OneDriveForBusiness, Teams, OnPremisesScanner", + "Priority": 1, + "ObjectVersion": "fe559c64-4f24-4f09-09f6-08dc7675e468", + "CreatedBy": "", + "LastModifiedBy": "John Public", + "ReadOnly": false, + "ExternalIdentity": "", + "Comment": "This policy detects the presence of credit card numbers in externally shared documents and emails. End users are notified of the detection with the suggestion to consider either removing the sensitive data or restricting the sharing.", + "Enabled": true, + "DistributionStatus": "Pending", + "DistributionSyncStatus": "Unknown", + "DistributionResults": null, + "LastStatusUpdateTime": null, + "ModificationTimeUtc": "Date(1715970789503)", + "CreationTimeUtc": "Date(1614655720970)", + "PolicyRBACScopes": [ - ] - } - } - ] + ], + "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration/Default Office 365 DLP policy", + "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration/Default Office 365 DLP policy", + "IsValid": true, + "ExchangeVersion": "0.20 (15.0.0.0)", + "Name": "Default Office 365 DLP policy", + "DistinguishedName": "CN=Default Office 365 DLP policy,CN=Configuration,CN=tqhjy.onmicrosoft.com,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", + "ObjectCategory": null, + "ObjectClass": [ + "msExchUnifiedPolicy" + ], + "WhenChanged": "Date(1715952789000)", + "WhenCreated": "Date(1617646100000)", + "WhenChangedUTC": "Date(1715952789000)", + "WhenCreatedUTC": "Date(1617646100000)", + "ExchangeObjectId": "8cb4f574-1a54-45e1-bf58-73bbe023ebad", + "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com", + "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration", + "Guid": "8cb4f574-1a54-45e1-bf58-73bbe023ebad", + "OriginatingServer": "", + "ObjectState": "Changed" } ], - "service_plans": [ + "dlp_compliance_rules": [ { - "AppliesTo": "Company", - "ProvisioningStatus": "Success", - "ServicePlanId": "922ba911-5694-4e99-a794-73aed9bfeec8", - "ServicePlanName": "EXCHANGE_S_FOUNDATION_GOV", - "AdditionalProperties": { + "SubjectContainsWords": [ - } - }, - { - "AppliesTo": "Company", - "ProvisioningStatus": "Success", - "ServicePlanId": "1ddffef6-4f69-455e-89c7-d5d72105f915", - "ServicePlanName": "CDS_DB_CAPACITY_GOV", - "AdditionalProperties": { + ], + "ExceptIfSubjectContainsWords": [ - } - }, - { - "AppliesTo": "User", - "ProvisioningStatus": "Success", - "ServicePlanId": "cd31b152-6326-4d1b-ae1b-997b625182e6", - "ServicePlanName": "MIP_S_Exchange", - "AdditionalProperties": { + ], + "SubjectOrBodyMatchesPatterns": [ - } - }, - { - "AppliesTo": "User", - "ProvisioningStatus": "Success", - "ServicePlanId": "b74d57b2-58e9-484a-9731-aeccbba954f0", - "ServicePlanName": "GRAPH_CONNECTORS_SEARCH_INDEX_TOPICEXP", - "AdditionalProperties": { + ], + "ExceptIfSubjectOrBodyMatchesPatterns": [ - } - }, - { - "AppliesTo": "User", - "ProvisioningStatus": "Success", - "ServicePlanId": "a6520331-d7d4-4276-95f5-15c0933bc757", - "ServicePlanName": "GRAPH_CONNECTORS_SEARCH_INDEX", - "AdditionalProperties": { + ], + "SubjectOrBodyContainsWords": [ - } - }, - { - "AppliesTo": "User", - "ProvisioningStatus": "Success", - "ServicePlanId": "bf6f5520-59e3-4f82-974b-7dbbc4fd27c7", - "ServicePlanName": "SAFEDOCS", - "AdditionalProperties": { + ], + "ExceptIfSubjectOrBodyContainsWords": [ - } - }, - { - "AppliesTo": "User", - "ProvisioningStatus": "Success", - "ServicePlanId": "9b7c50ec-cd50-44f2-bf48-d72de6f90717", - "ServicePlanName": "PROJECT_O365_P3_GOV", - "AdditionalProperties": { + ], + "DocumentMatchesPatterns": [ - } - }, - { - "AppliesTo": "User", - "ProvisioningStatus": "Success", - "ServicePlanId": "3fb82609-8c27-4f7b-bd51-30634711ee67", - "ServicePlanName": "BPOS_S_TODO_3", - "AdditionalProperties": { + ], + "ExceptIfDocumentMatchesPatterns": [ - } - }, - { - "AppliesTo": "User", - "ProvisioningStatus": "Success", - "ServicePlanId": "4a51bca5-1eff-43f5-878c-177680f191af", - "ServicePlanName": "WHITEBOARD_PLAN3", - "AdditionalProperties": { + ], + "DocumentContainsWords": [ - } - }, - { - "AppliesTo": "Company", - "ProvisioningStatus": "Success", - "ServicePlanId": "94065c59-bc8e-4e8b-89e5-5138d471eaff", - "ServicePlanName": "MICROSOFT_SEARCH", - "AdditionalProperties": { + ], + "ExceptIfDocumentContainsWords": [ - } - }, - { - "AppliesTo": "Company", - "ProvisioningStatus": "Success", - "ServicePlanId": "2b815d45-56e4-4e3a-b65c-66cb9175b560", - "ServicePlanName": "ContentExplorer_Standard", - "AdditionalProperties": { + ], + "SenderADAttributeMatchesPatterns": null, + "ExceptIfSenderADAttributeMatchesPatterns": null, + "SenderADAttributeContainsWords": null, + "ExceptIfSenderADAttributeContainsWords": null, + "RecipientADAttributeMatchesPatterns": null, + "ExceptIfRecipientADAttributeMatchesPatterns": null, + "RecipientADAttributeContainsWords": null, + "ExceptIfRecipientADAttributeContainsWords": null, + "ContentCharacterSetContainsWords": [ - } - }, - { - "AppliesTo": "User", - "ProvisioningStatus": "Success", - "ServicePlanId": "c4801e8a-cb58-4c35-aca6-f2dcc106f287", - "ServicePlanName": "INFORMATION_BARRIERS", - "AdditionalProperties": { + ], + "ExceptIfContentCharacterSetContainsWords": [ - } - }, - { - "AppliesTo": "User", - "ProvisioningStatus": "Success", - "ServicePlanId": "bce5e5ca-c2fd-4d53-8ee2-58dfffed4c10", - "ServicePlanName": "CDS_O365_P3_GCC", - "AdditionalProperties": { + ], + "DocumentNameMatchesPatterns": [ - } - }, - { - "AppliesTo": "User", - "ProvisioningStatus": "Success", - "ServicePlanId": "a7d3fb37-b6df-4085-b509-50810d991a39", - "ServicePlanName": "DYN365_CDS_O365_P3_GCC", - "AdditionalProperties": { + ], + "ExceptIfDocumentNameMatchesPatterns": [ - } - }, - { - "AppliesTo": "User", - "ProvisioningStatus": "Success", - "ServicePlanId": "d2d51368-76c9-4317-ada2-a12c004c432f", - "ServicePlanName": "ML_CLASSIFICATION", - "AdditionalProperties": { + ], + "MessageSizeOver": "", + "ExceptIfMessageSizeOver": "", + "AttachmentCountOver": null, + "MessageTypeMatches": null, + "ExceptIfMessageTypeMatches": null, + "UnscannableDocumentExtensionIs": [ - } - }, - { - "AppliesTo": "User", - "ProvisioningStatus": "Success", - "ServicePlanId": "64bfac92-2b17-4482-b5e5-a0304429de3e", - "ServicePlanName": "MICROSOFTENDPOINTDLP", - "AdditionalProperties": { + ], + "ExceptIfUnscannableDocumentExtensionIs": [ - } - }, - { - "AppliesTo": "User", - "ProvisioningStatus": "Success", - "ServicePlanId": "a31ef4a2-f787-435e-8335-e47eb0cafc94", - "ServicePlanName": "MCOSTANDARD_GOV", - "AdditionalProperties": { + ], + "HeaderContainsWords": null, + "ExceptIfHeaderContainsWords": null, + "HeaderContainsTokens": null, + "ExceptIfHeaderContainsTokens": null, + "DeviceManagementType": null, + "ExceptIfDeviceManagementType": null, + "AccessedBy": [ - } - }, - { - "AppliesTo": "User", - "ProvisioningStatus": "Success", - "ServicePlanId": "153f85dd-d912-4762-af6c-d6e0fb4f6692", - "ServicePlanName": "SHAREPOINTENTERPRISE_GOV", - "AdditionalProperties": { + ], + "ExceptIfAccessedBy": [ - } - }, - { - "AppliesTo": "User", - "ProvisioningStatus": "Success", - "ServicePlanId": "617b097b-4b93-4ede-83de-5f075bb5fb2f", - "ServicePlanName": "PREMIUM_ENCRYPTION", - "AdditionalProperties": { + ], + "AccessedByMemberOf": [ - } - }, - { - "AppliesTo": "User", - "ProvisioningStatus": "Success", - "ServicePlanId": "944e9726-f011-4353-b654-5f7d2663db76", - "ServicePlanName": "BI_AZURE_P_2_GOV", - "AdditionalProperties": { + ], + "ExceptIfAccessedByMemberOf": [ - } - }, - { - "AppliesTo": "User", - "ProvisioningStatus": "Success", - "ServicePlanId": "8055d84a-c172-42eb-b997-6c2ae4628246", - "ServicePlanName": "FLOW_O365_P3_GOV", - "AdditionalProperties": { + ], + "BlockAccess": true, + "BlockAccessScope": "All", + "EncryptRMSTemplate": null, + "EnforcePortalAccess": true, + "ApplyBrandingTemplate": "", + "RemoveRMSTemplate": false, + "EndpointDlpRestrictions": null, + "EndpointDlpBrowserRestrictions": null, + "ThirdPartyAppDlpRestrictions": null, + "OnPremisesScannerDlpRestrictions": null, + "PowerBIDlpRestrictions": null, + "AlertProperties": { + "AggregationType": "None" + }, + "GenerateAlert": [ + "true" + ], + "GenerateIncidentReport": [ - } - }, - { - "AppliesTo": "User", - "ProvisioningStatus": "Success", - "ServicePlanId": "0eacfc38-458a-40d3-9eab-9671258f1a3e", - "ServicePlanName": "POWERAPPS_O365_P3_GOV", - "AdditionalProperties": { + ], + "IncidentReportContent": null, + "NotifyUser": [ + "LastModifier" + ], + "NotifyAllowOverride": null, + "NotifyEmailCustomText": "", + "NotifyEmailCustomSubject": "", + "NotifyEmailCustomSenderDisplayName": "", + "NotifyEmailExchangeIncludeAttachment": true, + "NotifyEmailOnedriveRemediationActions": "NotSet", + "NotifyJustificationCustomText": "", + "NotifyJustificationCustomTextTranslations": [ - } - }, - { - "AppliesTo": "User", - "ProvisioningStatus": "Success", - "ServicePlanId": "8f9f0f3b-ca90-406c-a842-95579171f8ec", - "ServicePlanName": "SHAREPOINTWAC_GOV", - "AdditionalProperties": { + ], + "NotifyPolicyTipCustomText": "", + "NotifyUserType": "NotSet", + "NotifyPolicyTipCustomTextTranslations": [ + + ], + "NotifyOverrideRequirements": "None", + "NotifyPolicyTipDisplayOption": "Tip", + "NotifyPolicyTipUrl": "", + "NotifyPolicyTipCustomDialog": "", + "NotifyEndpointUser": null, + "RemoveHeader": [ + + ], + "AccessTimeControl": null, + "StopPolicyProcessing": false, + "SetHeader": null, + "AddRecipients": null, + "Moderate": null, + "ModifySubject": null, + "MapRecipients": null, + "RedirectMessageTo": null, + "PrependSubject": "", + "ApplyHtmlDisclaimer": null, + "Quarantine": false, + "TriggerPowerAutomateFlow": "", + "RestrictAccess": null, + "MipRestrictAccess": null, + "SourceType": "", + "Guid": "a7739b6b-9831-467a-a355-3ba7aab938bc", + "AdvancedRuleBuilderContext": null, + "ParentPolicyName": "Info_TypeITIN_Missing", + "ReportSeverityLevel": "Low", + "ActivationDate": null, + "ExpiryDate": null, + "SenderType": null, + "SenderAddressLocation": null, + "AdvancedRule": "{\r\n \"Version\": \"1.0\",\r\n \"Condition\": {\r\n \"Operator\": \"And\",\r\n \"SubConditions\": [\r\n {\r\n \"ConditionName\": \"ContentContainsSensitiveInformation\",\r\n \"Value\": [\r\n {\r\n \"Groups\": [\r\n {\r\n \"Name\": \"BadInfoTypes\",\r\n \"Operator\": \"Or\",\r\n \"Sensitivetypes\": [\r\n {\r\n \"Name\": \"U.S. Social Security Number (SSN)\",\r\n \"Id\": \"a44669fe-0d48-453d-a9b1-2cc83f2cba77\",\r\n \"Mincount\": 1,\r\n \"Maxcount\": -1,\r\n \"Confidencelevel\": \"Medium\",\r\n \"Minconfidence\": 75,\r\n \"Maxconfidence\": 100\r\n },\r\n {\r\n \"Name\": \"U.S. / U.K. Passport Number\",\r\n \"Id\": \"178ec42a-18b4-47cc-85c7-d62c92fd67f8\",\r\n \"Mincount\": 1,\r\n \"Maxcount\": -1,\r\n \"Confidencelevel\": \"Medium\",\r\n \"Minconfidence\": 75,\r\n \"Maxconfidence\": 100\r\n },\r\n {\r\n \"Name\": \"Credit Card Number\",\r\n \"Id\": \"50842eb7-edc8-4019-85dd-5a5c1f2bb085\",\r\n \"Mincount\": 1,\r\n \"Maxcount\": -1,\r\n \"Confidencelevel\": \"High\",\r\n \"Minconfidence\": 85,\r\n \"Maxconfidence\": 100\r\n }\r\n ]\r\n }\r\n ],\r\n \"Operator\": \"And\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n}", + "ExecutionRuleGuids": null, + "DisplayName": "Missing_ITIN_Has_UKPassports", + "StorageBindings": null, + "EvaluateRulePerComponent": false, + "IsAdvancedRule": true, + "ContentContainsSensitiveInformation": null, + "ExceptIfContentContainsSensitiveInformation": null, + "ContentMissingSensitivityLabel": null, + "ContentIsNotLabeled": false, + "AttachmentIsNotLabeled": false, + "MessageIsNotLabeled": false, + "DocumentCreatedBy": [ - } - }, - { - "AppliesTo": "User", - "ProvisioningStatus": "Success", - "ServicePlanId": "5b4ef465-7ea1-459a-9f91-033317755a51", - "ServicePlanName": "PROJECTWORKMANAGEMENT_GOV", - "AdditionalProperties": { + ], + "ExceptIfDocumentCreatedBy": [ - } - }, - { - "AppliesTo": "User", - "ProvisioningStatus": "Success", - "ServicePlanId": "d1cbfb67-18a8-4792-b643-630b7f19aad1", - "ServicePlanName": "EQUIVIO_ANALYTICS_GOV", - "AdditionalProperties": { + ], + "DocumentSizeOver": "", + "ExceptIfDocumentSizeOver": "", + "DocumentNameMatchesWords": [ - } - }, - { - "AppliesTo": "User", - "ProvisioningStatus": "Success", - "ServicePlanId": "304767db-7d23-49e8-a945-4a7eb65f9f28", - "ServicePlanName": "TEAMS_GOV", - "AdditionalProperties": { + ], + "ExceptIfDocumentNameMatchesWords": [ - } - }, - { - "AppliesTo": "User", - "ProvisioningStatus": "Success", - "ServicePlanId": "92c2089d-9a53-49fe-b1a6-9e6bdf959547", - "ServicePlanName": "STREAM_O365_E5_GOV", - "AdditionalProperties": { + ], + "AccessScope": null, + "NonBifurcatingAccessScope": null, + "ExceptIfAccessScope": null, + "FromScope": null, + "ExceptIfFromScope": null, + "WithImportance": null, + "ExceptIfWithImportance": null, + "ExternalScenarioDependancies": { + "ProtectionAlertId": "e95437f3-7b8b-4055-9383-2686e02de873" + }, + "ContentPropertyContainsWords": [ - } - }, - { - "AppliesTo": "User", - "ProvisioningStatus": "Success", - "ServicePlanId": "65cc641f-cccd-4643-97e0-a17e3045e541", - "ServicePlanName": "RECORDS_MANAGEMENT", - "AdditionalProperties": { + ], + "ExceptIfContentPropertyContainsWords": [ - } - }, - { - "AppliesTo": "User", - "ProvisioningStatus": "Success", - "ServicePlanId": "208120d1-9adb-4daf-8c22-816bd5d237e7", - "ServicePlanName": "EXCHANGE_ANALYTICS_GOV", - "AdditionalProperties": { + ], + "From": null, + "ExceptIfFrom": null, + "FromMemberOf": null, + "ExceptIfFromMemberOf": null, + "DocumentIsUnsupported": false, + "ExceptIfDocumentIsUnsupported": false, + "HasSenderOverride": false, + "ExceptIfHasSenderOverride": false, + "RestrictBrowserAccess": false, + "ProcessingLimitExceeded": false, + "ExceptIfProcessingLimitExceeded": false, + "SentTo": [ - } - }, - { - "AppliesTo": "User", - "ProvisioningStatus": "Success", - "ServicePlanId": "c1ec4a95-1f05-45b3-a911-aa3fa01094f5", - "ServicePlanName": "INTUNE_A", - "AdditionalProperties": { + ], + "ExceptIfSentTo": [ - } - }, - { - "AppliesTo": "User", - "ProvisioningStatus": "Success", - "ServicePlanId": "d587c7a3-bda9-4f99-8776-9bcf59c84f75", - "ServicePlanName": "INSIDER_RISK", - "AdditionalProperties": { + ], + "RecipientDomainIs": [ - } - }, - { - "AppliesTo": "User", - "ProvisioningStatus": "Success", - "ServicePlanId": "900018f1-0cdb-4ecb-94d4-90281760fdc6", - "ServicePlanName": "THREAT_INTELLIGENCE_GOV", - "AdditionalProperties": { + ], + "ExceptIfRecipientDomainIs": [ - } - }, - { - "AppliesTo": "Company", - "ProvisioningStatus": "Success", - "ServicePlanId": "493ff600-6a2b-4db6-ad37-a7d4eb214516", - "ServicePlanName": "ATP_ENTERPRISE_GOV", - "AdditionalProperties": { + ], + "DocumentIsPasswordProtected": false, + "ExceptIfDocumentIsPasswordProtected": false, + "SenderIPRanges": [ - } - }, - { - "AppliesTo": "User", - "ProvisioningStatus": "Success", - "ServicePlanId": "14ab5db5-e6c4-4b20-b4bc-13e36fd2227f", - "ServicePlanName": "ATA", - "AdditionalProperties": { + ], + "ExceptIfSenderIPRanges": [ - } - }, - { - "AppliesTo": "User", - "ProvisioningStatus": "Success", - "ServicePlanId": "6db1f1db-2b46-403f-be40-e39395f08dbb", - "ServicePlanName": "CUSTOMER_KEY", - "AdditionalProperties": { + ], + "ContentExtensionMatchesWords": [ - } - }, - { - "AppliesTo": "User", - "ProvisioningStatus": "Success", - "ServicePlanId": "6dc145d6-95dd-4191-b9c3-185575ee6f6b", - "ServicePlanName": "COMMUNICATIONS_DLP", - "AdditionalProperties": { + ], + "ExceptIfContentExtensionMatchesWords": [ - } - }, - { - "AppliesTo": "User", - "ProvisioningStatus": "Success", - "ServicePlanId": "2e2ddb96-6af9-4b1d-a3f0-d6ecfd22edb2", - "ServicePlanName": "ADALLOM_S_STANDALONE", - "AdditionalProperties": { + ], + "ContentFileTypeMatches": [ - } - }, - { - "AppliesTo": "User", - "ProvisioningStatus": "Success", - "ServicePlanId": "199a5c09-e0ca-4e37-8f7c-b05d533e1ea2", - "ServicePlanName": "MICROSOFTBOOKINGS", - "AdditionalProperties": { + ], + "ExceptIfContentFileTypeMatches": [ - } - }, - { - "AppliesTo": "User", - "ProvisioningStatus": "Success", - "ServicePlanId": "8a256a2b-b617-496d-b51b-e76466e88db0", - "ServicePlanName": "MFA_PREMIUM", - "AdditionalProperties": { + ], + "HeaderMatchesPatterns": null, + "ExceptIfHeaderMatchesPatterns": null, + "SubjectMatchesPatterns": [ - } - }, - { - "AppliesTo": "User", - "ProvisioningStatus": "Success", - "ServicePlanId": "db23fce2-a974-42ef-9002-d78dd42a0f22", - "ServicePlanName": "MCOEV_GOV", - "AdditionalProperties": { + ], + "ExceptIfSubjectMatchesPatterns": [ - } - }, - { - "AppliesTo": "User", - "ProvisioningStatus": "Success", - "ServicePlanId": "bf28f719-7844-4079-9c78-c1307898e192", - "ServicePlanName": "MTP", - "AdditionalProperties": { + ], + "AnyOfRecipientAddressContainsWords": [ - } - }, - { - "AppliesTo": "User", - "ProvisioningStatus": "Success", - "ServicePlanId": "f544b08d-1645-4287-82de-8d91f37c02a1", - "ServicePlanName": "MCOMEETADV_GOV", - "AdditionalProperties": { + ], + "ExceptIfAnyOfRecipientAddressContainsWords": [ - } - }, - { - "AppliesTo": "User", - "ProvisioningStatus": "Success", - "ServicePlanId": "de9234ff-6483-44d9-b15e-dca72fdd27af", - "ServicePlanName": "OFFICESUBSCRIPTION_GOV", - "AdditionalProperties": { + ], + "AnyOfRecipientAddressMatchesPatterns": [ - } - }, - { - "AppliesTo": "User", - "ProvisioningStatus": "Success", - "ServicePlanId": "2f442157-a11c-46b9-ae5b-6e39ff4e5849", - "ServicePlanName": "M365_ADVANCED_AUDITING", - "AdditionalProperties": { + ], + "ExceptIfAnyOfRecipientAddressMatchesPatterns": [ - } - }, - { - "AppliesTo": "User", - "ProvisioningStatus": "Success", - "ServicePlanId": "a413a9ff-720c-4822-98ef-2f37c2a21f4c", - "ServicePlanName": "MICROSOFT_COMMUNICATION_COMPLIANCE", - "AdditionalProperties": { + ], + "FromAddressMatchesPatterns": [ - } - }, - { - "AppliesTo": "User", - "ProvisioningStatus": "Success", - "ServicePlanId": "5136a095-5cf0-4aff-bec3-e84448b38ea5", - "ServicePlanName": "MIP_S_CLP1", - "AdditionalProperties": { + ], + "ExceptIfFromAddressMatchesPatterns": [ - } - }, - { - "AppliesTo": "User", - "ProvisioningStatus": "Success", - "ServicePlanId": "efb0351d-3b08-4503-993d-383af8de41e3", - "ServicePlanName": "MIP_S_CLP2", - "AdditionalProperties": { + ], + "FromAddressContainsWords": [ - } - }, - { - "AppliesTo": "Company", - "ProvisioningStatus": "Success", - "ServicePlanId": "d9fa6af4-e046-4c89-9226-729a0786685d", - "ServicePlanName": "Content_Explorer", - "AdditionalProperties": { + ], + "ExceptIfFromAddressContainsWords": [ - } - }, - { - "AppliesTo": "User", - "ProvisioningStatus": "Success", - "ServicePlanId": "843da3a8-d2cc-4e7a-9e90-dc46019f964c", - "ServicePlanName": "FORMS_GOV_E5", - "AdditionalProperties": { + ], + "SenderDomainIs": [ - } - }, - { - "AppliesTo": "User", - "ProvisioningStatus": "Success", - "ServicePlanId": "8c3069c0-ccdb-44be-ab77-986203a67df2", - "ServicePlanName": "EXCHANGE_S_ENTERPRISE_GOV", - "AdditionalProperties": { + ], + "ExceptIfSenderDomainIs": [ - } - }, - { - "AppliesTo": "User", - "ProvisioningStatus": "Success", - "ServicePlanId": "89b5d3b1-3855-49fe-b46c-87c66dbc1526", - "ServicePlanName": "LOCKBOX_ENTERPRISE_GOV", - "AdditionalProperties": { + ], + "SentToMemberOf": null, + "ExceptIfSentToMemberOf": null, + "DocumentCreatedByMemberOf": null, + "ExceptIfDocumentCreatedByMemberOf": null, + "HasLabelDowngradedFrom": [ - } - }, - { - "AppliesTo": "User", - "ProvisioningStatus": "Success", - "ServicePlanId": "1b66aedf-8ca1-4f73-af76-ec76c6180f98", - "ServicePlanName": "RMS_S_PREMIUM_GOV", - "AdditionalProperties": { + ], + "ContentIsShared": false, + "ExceptIfContentIsShared": false, + "SharedByIRMUserRisk": [ - } + ], + "MessageLabelChangeDetected": null, + "ExceptIfMessageLabelChangeDetected": null, + "RuleErrorAction": null, + "RuleXml": "", + "ReadOnly": false, + "ErrorMetadata": null, + "ExternalIdentity": "", + "ImmutableId": "6c63bd2e-3caf-4817-bab8-1794c388b8c8", + "Priority": 0, + "Workload": "Exchange, SharePoint, OneDriveForBusiness, Teams", + "Policy": "0362dd12-1c3e-484b-983a-3b600a6f9e2a", + "Comment": "Sensitive info types required except ITIN. Has additional UK Passports instead.", + "Disabled": false, + "Mode": "Enforce", + "ObjectVersion": "d1826caf-850a-4c5a-c335-08dbfd7bb17b", + "MaximumBlobRuleLength": 0, + "CreatedBy": "John Public", + "LastModifiedBy": "John Public", + "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration/Missing_ITIN_Has_UKPassports", + "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration/Missing_ITIN_Has_UKPassports", + "IsValid": true, + "ExchangeVersion": "0.20 (15.0.0.0)", + "Name": "Missing_ITIN_Has_UKPassports", + "DistinguishedName": "CN=Missing_ITIN_Has_UKPassports,CN=Configuration,CN=tqhjy.onmicrosoft.com,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", + "ObjectCategory": null, + "ObjectClass": [ + "msExchUnifiedRule" + ], + "WhenChanged": "Date(1702651190000)", + "WhenCreated": "Date(1702651039000)", + "WhenChangedUTC": "Date(1702651190000)", + "WhenCreatedUTC": "Date(1702651039000)", + "ExchangeObjectId": "a7739b6b-9831-467a-a355-3ba7aab938bc", + "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com", + "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration", + "OriginatingServer": "", + "ObjectState": "Changed", + "IsObjectUnderSystemOperation": false, + "IsSummarizedPsRule": false }, { - "AppliesTo": "User", - "ProvisioningStatus": "Success", - "ServicePlanId": "5400a66d-eaa5-427d-80f2-0f26d59d8fce", - "ServicePlanName": "RMS_S_PREMIUM2_GOV", - "AdditionalProperties": { + "SubjectContainsWords": [ - } - }, - { - "AppliesTo": "User", - "ProvisioningStatus": "Success", - "ServicePlanId": "6a76346d-5d6e-4051-9fe3-ed3f312b5597", - "ServicePlanName": "RMS_S_ENTERPRISE_GOV", - "AdditionalProperties": { + ], + "ExceptIfSubjectContainsWords": [ - } - }, - { - "AppliesTo": "User", - "ProvisioningStatus": "Success", - "ServicePlanId": "eec0eb4f-6444-4f95-aba0-50c24d67f998", - "ServicePlanName": "AAD_PREMIUM_P2", - "AdditionalProperties": { + ], + "SubjectOrBodyMatchesPatterns": [ - } - }, - { - "AppliesTo": "User", - "ProvisioningStatus": "Success", - "ServicePlanId": "41781fb2-bc02-4b7c-bd55-b576c07bb09d", - "ServicePlanName": "AAD_PREMIUM", - "AdditionalProperties": { + ], + "ExceptIfSubjectOrBodyMatchesPatterns": [ - } - }, - { - "AppliesTo": "User", - "ProvisioningStatus": "Success", - "ServicePlanId": "e26c2fcc-ab91-4a61-b35c-03cdc8dddf66", - "ServicePlanName": "INFO_GOVERNANCE", - "AdditionalProperties": { + ], + "SubjectOrBodyContainsWords": [ - } - }, - { - "AppliesTo": "User", - "ProvisioningStatus": "Success", - "ServicePlanId": "871d91ec-ec1a-452b-a83f-bd76c7d770ef", - "ServicePlanName": "WINDEFATP", - "AdditionalProperties": { + ], + "ExceptIfSubjectOrBodyContainsWords": [ - } - } -], - "directory_settings": [ - { - "DisplayName": "Group.Unified", - "Id": "5ce54204-ef8d-44c5-af88-dc8bd4c16069", - "TemplateId": "62375ab9-6b52-47ed-826b-58e47e0e304b", - "Values": [ - { - "Name": "NewUnifiedGroupWritebackDefault", - "Value": "true" - }, - { - "Name": "EnableMIPLabels", - "Value": "False" - }, - { - "Name": "CustomBlockedWordsList", - "Value": "" - }, - { - "Name": "EnableMSStandardBlockedWords", - "Value": "False" - }, - { - "Name": "ClassificationDescriptions", - "Value": "" - }, - { - "Name": "DefaultClassification", - "Value": "" - }, - { - "Name": "PrefixSuffixNamingRequirement", - "Value": "" - }, - { - "Name": "AllowGuestsToBeGroupOwner", - "Value": "False" - }, - { - "Name": "AllowGuestsToAccessGroups", - "Value": "True" - }, - { - "Name": "GuestUsageGuidelinesUrl", - "Value": "" - }, - { - "Name": "GroupCreationAllowedGroupId", - "Value": "67f62883-f97a-4192-a300-8a1576af8056" - }, - { - "Name": "AllowToAddGuests", - "Value": "True" - }, - { - "Name": "UsageGuidelinesUrl", - "Value": "" - }, - { - "Name": "ClassificationList", - "Value": "" - }, - { - "Name": "EnableGroupCreation", - "Value": "False" - } - ], - "AdditionalProperties": { + ], + "DocumentMatchesPatterns": [ + + ], + "ExceptIfDocumentMatchesPatterns": [ + + ], + "DocumentContainsWords": [ - } - }, - { - "DisplayName": "Consent Policy Settings", - "Id": "62c1305f-60f0-4096-8d72-e1f74e8627f5", - "TemplateId": "dffd5d46-495d-40a9-8e21-954ff55e198a", - "Values": [ - { - "Name": "EnableGroupSpecificConsent", - "Value": "false" - }, - { - "Name": "BlockUserConsentForRiskyApps", - "Value": "true" - }, - { - "Name": "EnableAdminConsentRequests", - "Value": "false" - }, - { - "Name": "ConstrainGroupSpecificConsentToMembersOfGroupId", - "Value": "" - } - ], - "AdditionalProperties": { + ], + "ExceptIfDocumentContainsWords": [ - } - } -], - "authentication_method": [ - { - "AuthenticationMethodConfigurations": [ - { - "ExcludeTargets": [ + ], + "SenderADAttributeMatchesPatterns": null, + "ExceptIfSenderADAttributeMatchesPatterns": null, + "SenderADAttributeContainsWords": null, + "ExceptIfSenderADAttributeContainsWords": null, + "RecipientADAttributeMatchesPatterns": null, + "ExceptIfRecipientADAttributeMatchesPatterns": null, + "RecipientADAttributeContainsWords": null, + "ExceptIfRecipientADAttributeContainsWords": null, + "ContentCharacterSetContainsWords": [ - ], - "Id": "Fido2", - "State": "enabled" - }, - { - "ExcludeTargets": [ + ], + "ExceptIfContentCharacterSetContainsWords": [ - ], - "Id": "MicrosoftAuthenticator", - "State": "enabled" - }, - { - "ExcludeTargets": [ + ], + "DocumentNameMatchesPatterns": [ - ], - "Id": "Sms", - "State": "disabled" - }, - { - "ExcludeTargets": [ + ], + "ExceptIfDocumentNameMatchesPatterns": [ - ], - "Id": "TemporaryAccessPass", - "State": "enabled" - }, - { - "ExcludeTargets": [ + ], + "MessageSizeOver": "", + "ExceptIfMessageSizeOver": "", + "AttachmentCountOver": null, + "MessageTypeMatches": null, + "ExceptIfMessageTypeMatches": null, + "UnscannableDocumentExtensionIs": [ - ], - "Id": "HardwareOath", - "State": "disabled" - }, - { - "ExcludeTargets": [ + ], + "ExceptIfUnscannableDocumentExtensionIs": [ - ], - "Id": "SoftwareOath", - "State": "disabled" - }, - { - "ExcludeTargets": [ + ], + "HeaderContainsWords": null, + "ExceptIfHeaderContainsWords": null, + "HeaderContainsTokens": null, + "ExceptIfHeaderContainsTokens": null, + "DeviceManagementType": null, + "ExceptIfDeviceManagementType": null, + "AccessedBy": [ - ], - "Id": "Voice", - "State": "disabled" - }, - { - "ExcludeTargets": [ + ], + "ExceptIfAccessedBy": [ - ], - "Id": "Email", - "State": "disabled" - }, - { - "ExcludeTargets": [ + ], + "AccessedByMemberOf": [ - ], - "Id": "X509Certificate", - "State": "enabled" - } - ], - "Description": "The tenant-wide policy that controls which authentication methods are allowed in the tenant, authentication method registration requirements, and self-service password reset settings", - "DisplayName": "Authentication Methods Policy", - "Id": "authenticationMethodsPolicy", - "LastModifiedDateTime": "Date(1708376786872)", - "PolicyMigrationState": "preMigration", - "PolicyVersion": "1.5", - "ReconfirmationInDays": null, - "RegistrationEnforcement": { - "AuthenticationMethodsRegistrationCampaign": { - "EnforceRegistrationAfterAllowedSnoozes": true, - "ExcludeTargets": [ - { - "Id": "64720f66-b5cc-41ae-aec7-562f90038952", - "TargetType": "group" - } - ], - "IncludeTargets": [ - { - "Id": "all_users", - "TargetType": "group", - "TargetedAuthenticationMethod": "microsoftAuthenticator" - } - ], - "SnoozeDurationInDays": 1, - "State": "disabled" - } - }, - "ReportSuspiciousActivitySettings": { - "IncludeTarget": { - "Id": "all_users", - "TargetType": "group" - }, - "State": "default", - "VoiceReportingCode": 0 - }, - "SystemCredentialPreferences": { - "ExcludeTargets": [ - - ], - "IncludeTargets": [ - { - "Id": "all_users", - "TargetType": "group" - } - ], - "State": "default" + ], + "ExceptIfAccessedByMemberOf": [ + + ], + "BlockAccess": false, + "BlockAccessScope": null, + "EncryptRMSTemplate": null, + "EnforcePortalAccess": true, + "ApplyBrandingTemplate": "", + "RemoveRMSTemplate": false, + "EndpointDlpRestrictions": [ + { + "setting": "CloudEgress", + "defaultmessage": "none", + "value": "Audit", + "appgroup": "none" + }, + { + "setting": "CopyPaste", + "defaultmessage": "none", + "value": "Audit", + "appgroup": "none" + }, + { + "setting": "RemovableMedia", + "defaultmessage": "none", + "value": "Audit", + "appgroup": "none" + }, + { + "setting": "NetworkShare", + "defaultmessage": "none", + "value": "Audit", + "appgroup": "none" + }, + { + "setting": "UnallowedApps", + "defaultmessage": "none", + "value": "Block", + "appgroup": "none" + }, + { + "setting": "Print", + "defaultmessage": "none", + "value": "Audit", + "appgroup": "none" } - } -], - "domain_settings": [ - { - "AuthenticationType": "Managed", - "AvailabilityStatus": null, - "DomainNameReferences": null, - "FederationConfiguration": null, - "Id": "tqhjy.onmicrosoft.com", - "IsAdminManaged": true, - "IsDefault": true, - "IsInitial": true, - "IsRoot": true, - "IsVerified": true, - "PasswordNotificationWindowInDays": 14, - "PasswordValidityPeriodInDays": 2147483647, - "ServiceConfigurationRecords": null, - "SharedEmailDomainInvitations": null, - "State": { - "LastActionDateTime": null, - "Operation": null, - "Status": null - }, - "SupportedServices": [ - "Email", - "OfficeCommunicationsOnline" - ], - "VerificationDnsRecords": null, - "AdditionalProperties": { + ], + "EndpointDlpBrowserRestrictions": null, + "ThirdPartyAppDlpRestrictions": null, + "OnPremisesScannerDlpRestrictions": null, + "PowerBIDlpRestrictions": null, + "AlertProperties": { + "AggregationType": "None" + }, + "GenerateAlert": [ + "true" + ], + "GenerateIncidentReport": [ - } - }, - { - "AuthenticationType": "Managed", - "AvailabilityStatus": null, - "DomainNameReferences": null, - "FederationConfiguration": null, - "Id": "tqhjy.onmicrosoft.com", - "IsAdminManaged": true, - "IsDefault": false, - "IsInitial": false, - "IsRoot": true, - "IsVerified": true, - "PasswordNotificationWindowInDays": 14, - "PasswordValidityPeriodInDays": 2147483647, - "ServiceConfigurationRecords": null, - "SharedEmailDomainInvitations": null, - "State": { - "LastActionDateTime": null, - "Operation": null, - "Status": null - }, - "SupportedServices": [ + ], + "IncidentReportContent": null, + "NotifyUser": [ + "LastModifier" + ], + "NotifyAllowOverride": null, + "NotifyEmailCustomText": "", + "NotifyEmailCustomSubject": "", + "NotifyEmailCustomSenderDisplayName": "", + "NotifyEmailExchangeIncludeAttachment": true, + "NotifyEmailOnedriveRemediationActions": "NotSet", + "NotifyJustificationCustomText": "", + "NotifyJustificationCustomTextTranslations": [ + + ], + "NotifyPolicyTipCustomText": "", + "NotifyUserType": "NotSet", + "NotifyPolicyTipCustomTextTranslations": [ + + ], + "NotifyOverrideRequirements": "None", + "NotifyPolicyTipDisplayOption": "Tip", + "NotifyPolicyTipUrl": "", + "NotifyPolicyTipCustomDialog": "", + "NotifyEndpointUser": null, + "RemoveHeader": [ + + ], + "AccessTimeControl": null, + "StopPolicyProcessing": false, + "SetHeader": null, + "AddRecipients": null, + "Moderate": null, + "ModifySubject": null, + "MapRecipients": null, + "RedirectMessageTo": null, + "PrependSubject": "", + "ApplyHtmlDisclaimer": null, + "Quarantine": false, + "TriggerPowerAutomateFlow": "", + "RestrictAccess": null, + "MipRestrictAccess": null, + "SourceType": "", + "Guid": "cb32ef11-441c-4536-a40e-a062000a55c5", + "AdvancedRuleBuilderContext": null, + "ParentPolicyName": "DevicePolicy_CCOnly", + "ReportSeverityLevel": "Low", + "ActivationDate": null, + "ExpiryDate": null, + "SenderType": null, + "SenderAddressLocation": null, + "AdvancedRule": "{\r\n \"Version\": \"1.0\",\r\n \"Condition\": {\r\n \"Operator\": \"And\",\r\n \"SubConditions\": [\r\n {\r\n \"ConditionName\": \"ContentContainsSensitiveInformation\",\r\n \"Value\": [\r\n {\r\n \"Groups\": [\r\n {\r\n \"Name\": \"CCOnly\",\r\n \"Operator\": \"Or\",\r\n \"Sensitivetypes\": [\r\n {\r\n \"Name\": \"Credit Card Number\",\r\n \"Id\": \"50842eb7-edc8-4019-85dd-5a5c1f2bb085\",\r\n \"Mincount\": 1,\r\n \"Maxcount\": -1,\r\n \"Confidencelevel\": \"High\",\r\n \"Minconfidence\": 85,\r\n \"Maxconfidence\": 100\r\n }\r\n ]\r\n }\r\n ],\r\n \"Operator\": \"And\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n}", + "ExecutionRuleGuids": null, + "DisplayName": "CreditCardsOnly", + "StorageBindings": null, + "EvaluateRulePerComponent": false, + "IsAdvancedRule": true, + "ContentContainsSensitiveInformation": null, + "ExceptIfContentContainsSensitiveInformation": null, + "ContentMissingSensitivityLabel": null, + "ContentIsNotLabeled": false, + "AttachmentIsNotLabeled": false, + "MessageIsNotLabeled": false, + "DocumentCreatedBy": [ ], - "VerificationDnsRecords": null, - "AdditionalProperties": { + "ExceptIfDocumentCreatedBy": [ - } - } -], - "license_information": [ - { - "SkuId": "eddf428b-da0e-4115-accf-b29eb0b83965", - "SkuPartNumber": "CDS_DB_CAPACITY_GOV", - "ConsumedUnits": 0, - "PrepaidUnits": { - "Enabled": 1, - "LockedOut": 0, - "Suspended": 0, - "Warning": 0 - } - }, - { - "SkuId": "e2be619b-b125-455f-8660-fb503e431a5d", - "SkuPartNumber": "M365_G5_GCC", - "ConsumedUnits": 30, - "PrepaidUnits": { - "Enabled": 30, - "LockedOut": 0, - "Suspended": 0, - "Warning": 0 - } - } -], - "total_user_count": 82, - "aad_successful_commands": [ - "Get-MgBetaIdentityConditionalAccessPolicy", - "Get-MgBetaSubscribedSku", - "Get-PrivilegedUser", - "Get-PrivilegedRole", - "Get-MgBetaUserCount", - "Get-MgBetaPolicyAuthorizationPolicy", - "Get-MgBetaDirectorySetting", - "Get-MgBetaPolicyAuthenticationMethodPolicy", - "Get-MgBetaDomain" -], - "aad_unsuccessful_commands": [ + ], + "DocumentSizeOver": "", + "ExceptIfDocumentSizeOver": "", + "DocumentNameMatchesWords": [ -], "protection_policy_rules": [ - { - "HostedContentFilterPolicy": "Strict Preset Security Policy1681329956650", - "AntiPhishPolicy": "Strict Preset Security Policy1681329955447", - "MalwareFilterPolicy": "Strict Preset Security Policy1681329957931", - "State": "Disabled", - "Priority": 0, - "Comments": null, - "Description": "If the message:\r\n\tIs sent to \u0027topdog@tqhjy.onmicrosoft.com\u0027\r\n\tand Is sent to a member of group \u0027topteam@tqhjy.onmicrosoft.com\u0027\r\n\tand recipients\u0027s address domain portion belongs to any of these domains: \u0027tqhjy.onmicrosoft.com\u0027\r\nTake the following actions:\r\n\tApply hosted content filter policy \"Strict Preset Security Policy1681329956650\"., Apply AntiPhish policy \"Strict Preset Security Policy1681329955447\"., Apply malware filter policy \"Strict Preset Security Policy1681329957931\".\r\n", - "RuleVersion": { - "Major": 15, - "Minor": 0, - "Build": 5, - "Revision": 2, - "MajorRevision": 0, - "MinorRevision": 2 - }, - "SentTo": [ - "topdog@tqhjy.onmicrosoft.com" - ], - "SentToMemberOf": [ - "topteam@tqhjy.onmicrosoft.com" - ], - "RecipientDomainIs": [ - "tqhjy.onmicrosoft.com" - ], - "ExceptIfSentTo": null, - "ExceptIfSentToMemberOf": null, - "ExceptIfRecipientDomainIs": null, - "Conditions": [ - "Microsoft.Exchange.MessagingPolicies.Rules.Tasks.SentToPredicate", - "Microsoft.Exchange.MessagingPolicies.Rules.Tasks.SentToMemberOfPredicate", - "Microsoft.Exchange.MessagingPolicies.Rules.Tasks.RecipientDomainIsPredicate" - ], - "Exceptions": null, - "Identity": "Strict Preset Security Policy", - "DistinguishedName": "CN=Strict Preset Security Policy,CN=EOPProtectionPolicyRuleVersioned,CN=Rules,CN=Transport Settings,CN=Configuration,CN=tqhjy.onmicrosoft.com,CN=ConfigurationUnits,DC=NAMPR09A006,DC=PROD,DC=OUTLOOK,DC=COM", - "Guid": "9d0f5aee-cf8c-4239-9ec4-3560118c1b7e", - "ImmutableId": "9d0f5aee-cf8c-4239-9ec4-3560118c1b7e", - "OrganizationId": "NAMPR09A006.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - NAMPR09A006.PROD.OUTLOOK.COM/ConfigurationUnits/tqhjy.onmicrosoft.com/Configuration", - "Name": "Strict Preset Security Policy", - "IsValid": true, - "WhenChanged": "Date(1712120866000)", - "ExchangeVersion": "0.1 (8.0.535.0)", - "ObjectState": "Unchanged" - }, - { - "HostedContentFilterPolicy": "Standard Preset Security Policy1659535432883", - "AntiPhishPolicy": "Standard Preset Security Policy1659535429826", - "MalwareFilterPolicy": "Standard Preset Security Policy1659535435292", - "State": "Enabled", - "Priority": 1, - "Comments": null, - "Description": "Take the following actions:\r\n\tApply hosted content filter policy \"Standard Preset Security Policy1659535432883\"., Apply AntiPhish policy \"Standard Preset Security Policy1659535429826\"., Apply malware filter policy \"Standard Preset Security Policy1659535435292\".\r\n", - "RuleVersion": { - "Major": 14, - "Minor": 0, - "Build": 0, - "Revision": 0, - "MajorRevision": 0, - "MinorRevision": 0 - }, - "SentTo": null, - "SentToMemberOf": null, - "RecipientDomainIs": null, - "ExceptIfSentTo": null, - "ExceptIfSentToMemberOf": null, - "ExceptIfRecipientDomainIs": null, - "Conditions": null, - "Exceptions": null, - "Identity": "Standard Preset Security Policy", - "DistinguishedName": "CN=Standard Preset Security Policy,CN=EOPProtectionPolicyRuleVersioned,CN=Rules,CN=Transport Settings,CN=Configuration,CN=tqhjy.onmicrosoft.com,CN=ConfigurationUnits,DC=NAMPR09A006,DC=PROD,DC=OUTLOOK,DC=COM", - "Guid": "83318c49-93e8-497b-8fd3-614b090e6103", - "ImmutableId": "83318c49-93e8-497b-8fd3-614b090e6103", - "OrganizationId": "NAMPR09A006.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - NAMPR09A006.PROD.OUTLOOK.COM/ConfigurationUnits/tqhjy.onmicrosoft.com/Configuration", - "Name": "Standard Preset Security Policy", - "IsValid": true, - "WhenChanged": "Date(1712120902000)", - "ExchangeVersion": "0.1 (8.0.535.0)", - "ObjectState": "Unchanged" - } -], - "atp_policy_rules": [ - { - "SafeAttachmentPolicy": "Strict Preset Security Policy1681329958553", - "SafeLinksPolicy": "Strict Preset Security Policy1681329959203", - "State": "Enabled", - "Priority": 0, - "Comments": null, - "Description": "If the message:\r\n\tIs sent to \u0027jdoe@example.com\u0027\r\n\tand Is sent to a member of group \u0027mofuntonight@tqhjy.onmicrosoft.com\u0027\r\n\tand recipients\u0027s address domain portion belongs to any of these domains: \u0027badpeople.example.net\u0027\r\nTake the following actions:\r\n\tApply safe attachment policy \"Strict Preset Security Policy1681329958553\"., Apply safe links policy \"Strict Preset Security Policy1681329959203\".\r\n", - "RuleVersion": { - "Major": 15, - "Minor": 0, - "Build": 5, - "Revision": 2, - "MajorRevision": 0, - "MinorRevision": 2 - }, + ], + "ExceptIfDocumentNameMatchesWords": [ + + ], + "AccessScope": null, + "NonBifurcatingAccessScope": null, + "ExceptIfAccessScope": null, + "FromScope": null, + "ExceptIfFromScope": null, + "WithImportance": null, + "ExceptIfWithImportance": null, + "ExternalScenarioDependancies": { + "ProtectionAlertId": "d46f69a5-6277-49fc-ad26-e0b701c034d0" + }, + "ContentPropertyContainsWords": [ + + ], + "ExceptIfContentPropertyContainsWords": [ + + ], + "From": null, + "ExceptIfFrom": null, + "FromMemberOf": null, + "ExceptIfFromMemberOf": null, + "DocumentIsUnsupported": false, + "ExceptIfDocumentIsUnsupported": false, + "HasSenderOverride": false, + "ExceptIfHasSenderOverride": false, + "RestrictBrowserAccess": false, + "ProcessingLimitExceeded": false, + "ExceptIfProcessingLimitExceeded": false, "SentTo": [ - "jdoe@example.com" + ], - "SentToMemberOf": [ - "mofuntonight@tqhjy.onmicrosoft.com" + "ExceptIfSentTo": [ + ], "RecipientDomainIs": [ - "badpeople.example.net" - ], - "ExceptIfSentTo": null, - "ExceptIfSentToMemberOf": null, - "ExceptIfRecipientDomainIs": null, - "Conditions": [ - "Microsoft.Exchange.MessagingPolicies.Rules.Tasks.SentToPredicate", - "Microsoft.Exchange.MessagingPolicies.Rules.Tasks.SentToMemberOfPredicate", - "Microsoft.Exchange.MessagingPolicies.Rules.Tasks.RecipientDomainIsPredicate" - ], - "Exceptions": null, - "Identity": "Strict Preset Security Policy", - "DistinguishedName": "CN=Strict Preset Security Policy,CN=ATPProtectionPolicyRuleVersioned,CN=Rules,CN=Transport Settings,CN=Configuration,CN=tqhjy.onmicrosoft.com,CN=ConfigurationUnits,DC=NAMPR09A006,DC=PROD,DC=OUTLOOK,DC=COM", - "Guid": "92ea4876-f3bc-4f2f-9c6a-d4ad7bedc31e", - "ImmutableId": "92ea4876-f3bc-4f2f-9c6a-d4ad7bedc31e", - "OrganizationId": "NAMPR09A006.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - NAMPR09A006.PROD.OUTLOOK.COM/ConfigurationUnits/tqhjy.onmicrosoft.com/Configuration", - "Name": "Strict Preset Security Policy", - "IsValid": true, - "WhenChanged": "Date(1712121048000)", - "ExchangeVersion": "0.1 (8.0.535.0)", - "ObjectState": "Unchanged" - }, - { - "SafeAttachmentPolicy": "Standard Preset Security Policy1659535436109", - "SafeLinksPolicy": "Standard Preset Security Policy1659535436756", - "State": "Disabled", - "Priority": 1, - "Comments": null, - "Description": "Take the following actions:\r\n\tApply safe attachment policy \"Standard Preset Security Policy1659535436109\"., Apply safe links policy \"Standard Preset Security Policy1659535436756\".\r\n", - "RuleVersion": { - "Major": 14, - "Minor": 0, - "Build": 0, - "Revision": 0, - "MajorRevision": 0, - "MinorRevision": 0 - }, - "SentTo": null, - "SentToMemberOf": null, - "RecipientDomainIs": null, - "ExceptIfSentTo": null, - "ExceptIfSentToMemberOf": null, - "ExceptIfRecipientDomainIs": null, - "Conditions": null, - "Exceptions": null, - "Identity": "Standard Preset Security Policy", - "DistinguishedName": "CN=Standard Preset Security Policy,CN=ATPProtectionPolicyRuleVersioned,CN=Rules,CN=Transport Settings,CN=Configuration,CN=tqhjy.onmicrosoft.com,CN=ConfigurationUnits,DC=NAMPR09A006,DC=PROD,DC=OUTLOOK,DC=COM", - "Guid": "d6c7c877-13b8-4baf-a85c-bc1c008fa515", - "ImmutableId": "d6c7c877-13b8-4baf-a85c-bc1c008fa515", - "OrganizationId": "NAMPR09A006.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - NAMPR09A006.PROD.OUTLOOK.COM/ConfigurationUnits/tqhjy.onmicrosoft.com/Configuration", - "Name": "Standard Preset Security Policy", - "IsValid": true, - "WhenChanged": "Date(1712120975000)", - "ExchangeVersion": "0.1 (8.0.535.0)", - "ObjectState": "Unchanged" - } -], - "dlp_compliance_policies": [ - { - "Mode": "Enable", - "DisplayName": "Default Office 365 DLP policy", - "Type": "Dlp", - "ExchangeLocation": [ - "All" - ], - "SharePointLocation": [ - "All" - ], - "SharePointLocationException": [ - - ], - "OneDriveLocation": [ - "All" - ], - "OneDriveLocationException": [ - - ], - "ExchangeOnPremisesLocation": [ - ], - "SharePointOnPremisesLocation": [ + ], + "ExceptIfRecipientDomainIs": [ - ], - "SharePointOnPremisesLocationException": [ + ], + "DocumentIsPasswordProtected": false, + "ExceptIfDocumentIsPasswordProtected": false, + "SenderIPRanges": [ - ], - "TeamsLocation": [ - "All" - ], - "TeamsLocationException": [ + ], + "ExceptIfSenderIPRanges": [ ], - "EndpointDlpLocation": [ - - ], - "EndpointDlpLocationException": [ + "ContentExtensionMatchesWords": [ ], - "ThirdPartyAppDlpLocation": [ - - ], - "ThirdPartyAppDlpLocationException": [ + "ExceptIfContentExtensionMatchesWords": [ - ], - "OnPremisesScannerDlpLocation": [ - "All" - ], - "OnPremisesScannerDlpLocationException": [ + ], + "ContentFileTypeMatches": [ - ], - "PowerBIDlpLocation": [ + ], + "ExceptIfContentFileTypeMatches": [ - ], - "PowerBIDlpLocationException": [ + ], + "HeaderMatchesPatterns": null, + "ExceptIfHeaderMatchesPatterns": null, + "SubjectMatchesPatterns": [ - ], - "Locations": "", - "LocationInclusions": [ + ], + "ExceptIfSubjectMatchesPatterns": [ - ], - "LocationExclusions": [ + ], + "AnyOfRecipientAddressContainsWords": [ - ], - "ExchangeSender": [ + ], + "ExceptIfAnyOfRecipientAddressContainsWords": [ - ], - "ExchangeSenderException": [ + ], + "AnyOfRecipientAddressMatchesPatterns": [ - ], - "PolicyTemplateInfo": { + ], + "ExceptIfAnyOfRecipientAddressMatchesPatterns": [ - }, - "MatchedItemsCount": null, - "TotalItemsCount": null, - "TopNLocationStatistics": null, - "WorkloadStatistics": null, - "IsSimulationPolicy": false, - "SimulationStatus": null, - "AutoEnableAfter": null, - "IsFromSmartInsights": null, - "IsColdDataSimulationPolicy": false, - "ExtendedProperties": null, - "Summary": false, - "OneDriveSharedBy": [ + ], + "FromAddressMatchesPatterns": [ - ], - "ExceptIfOneDriveSharedBy": [ + ], + "ExceptIfFromAddressMatchesPatterns": [ - ], - "OneDriveSharedByMemberOf": [ + ], + "FromAddressContainsWords": [ ], - "ExceptIfOneDriveSharedByMemberOf": [ + "ExceptIfFromAddressContainsWords": [ ], - "ExchangeSenderMemberOf": [ + "SenderDomainIs": [ + + ], + "ExceptIfSenderDomainIs": [ ], - "ExchangeSenderMemberOfException": [ + "SentToMemberOf": null, + "ExceptIfSentToMemberOf": null, + "DocumentCreatedByMemberOf": null, + "ExceptIfDocumentCreatedByMemberOf": null, + "HasLabelDowngradedFrom": [ - ], - "ExchangeAdaptiveScopes": null, - "ExchangeAdaptiveScopesException": null, - "SharePointAdaptiveScopes": null, - "SharePointAdaptiveScopesException": null, - "OneDriveAdaptiveScopes": null, - "OneDriveAdaptiveScopesException": null, - "TeamsAdaptiveScopes": null, - "TeamsAdaptiveScopesException": null, - "EndpointDlpAdaptiveScopes": null, - "EndpointDlpAdaptiveScopesException": null, - "ExpectedLocations": 0, - "CompletedLocations": 0, - "FailedLocations": 0, - "ItemStatistics": null, - "RuleMatchBlob": null, - "ErrorMetadata": null, - "UserAdministrativeUnitMembershipMap": null, - "ForceValidate": false, - "PolicyRulesMetaData": "{\"WhenRulesChangedUtc\":\"2023-10-05T17:47:20.3689468Z\"}", - "Workload": "Exchange, SharePoint, OneDriveForBusiness, Teams, OnPremisesScanner", - "Priority": 1, - "ObjectVersion": "a9b7f29e-8530-4ed6-eae0-08dbfd7d90b1", - "CreatedBy": "", - "LastModifiedBy": "John Doe", + ], + "ContentIsShared": false, + "ExceptIfContentIsShared": false, + "SharedByIRMUserRisk": [ + + ], + "MessageLabelChangeDetected": null, + "ExceptIfMessageLabelChangeDetected": null, + "RuleErrorAction": null, + "RuleXml": "", "ReadOnly": false, + "ErrorMetadata": null, "ExternalIdentity": "", - "Comment": "This policy detects the presence of credit card numbers in externally shared documents and emails. End users are notified of the detection with the suggestion to consider either removing the sensitive data or restricting the sharing.", - "Enabled": true, - "DistributionStatus": "Pending", - "DistributionSyncStatus": "Unknown", - "DistributionResults": null, - "LastStatusUpdateTime": null, - "ModificationTimeUtc": "Date(1702673594337)", - "CreationTimeUtc": "Date(1614655720970)", - "PolicyRBACScopes": [ - - ], - "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration/Default Office 365 DLP policy", - "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration/Default Office 365 DLP policy", + "ImmutableId": "37de612f-186b-4069-918f-b4c6f90037a8", + "Priority": 0, + "Workload": "Exchange, SharePoint, OneDriveForBusiness, EndpointDevices", + "Policy": "2a4e7cb6-9da7-468f-a58e-42975ea7cd71", + "Comment": "Rule that blocks access to credit card numbers on devices.", + "Disabled": false, + "Mode": "Enforce", + "ObjectVersion": "69df3855-a67f-4b5a-1b8a-08dbfd7c0c88", + "MaximumBlobRuleLength": 0, + "CreatedBy": "John Public", + "LastModifiedBy": "John Public", + "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration/CreditCardsOnly", + "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration/CreditCardsOnly", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", - "Name": "Default Office 365 DLP policy", - "DistinguishedName": "CN=Default Office 365 DLP policy,CN=Configuration,CN=tqhjy.onmicrosoft.com,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", + "Name": "CreditCardsOnly", + "DistinguishedName": "CN=CreditCardsOnly,CN=Configuration,CN=tqhjy.onmicrosoft.com,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ - "msExchUnifiedPolicy" + "msExchUnifiedRule" ], - "WhenChanged": "Date(1702651994000)", - "WhenCreated": "Date(1617646100000)", - "WhenChangedUTC": "Date(1702651994000)", - "WhenCreatedUTC": "Date(1617646100000)", - "ExchangeObjectId": "8cb4f574-1a54-45e1-bf58-73bbe023ebad", + "WhenChanged": "Date(1702651343000)", + "WhenCreated": "Date(1702651343000)", + "WhenChangedUTC": "Date(1702651343000)", + "WhenCreatedUTC": "Date(1702651343000)", + "ExchangeObjectId": "cb32ef11-441c-4536-a40e-a062000a55c5", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration", - "Guid": "8cb4f574-1a54-45e1-bf58-73bbe023ebad", "OriginatingServer": "", - "ObjectState": "Changed" + "ObjectState": "New", + "IsObjectUnderSystemOperation": false, + "IsSummarizedPsRule": false }, { - "Mode": "Enable", - "DisplayName": "Info_TypeITIN_Missing", - "Type": "Dlp", - "ExchangeLocation": [ - - ], - "SharePointLocation": [ + "SubjectContainsWords": [ - ], - "SharePointLocationException": [ + ], + "ExceptIfSubjectContainsWords": [ - ], - "OneDriveLocation": [ + ], + "SubjectOrBodyMatchesPatterns": [ - ], - "OneDriveLocationException": [ + ], + "ExceptIfSubjectOrBodyMatchesPatterns": [ - ], - "ExchangeOnPremisesLocation": [ + ], + "SubjectOrBodyContainsWords": [ ], - "SharePointOnPremisesLocation": [ + "ExceptIfSubjectOrBodyContainsWords": [ - ], - "SharePointOnPremisesLocationException": [ + ], + "DocumentMatchesPatterns": [ - ], - "TeamsLocation": [ - "All" - ], - "TeamsLocationException": [ + ], + "ExceptIfDocumentMatchesPatterns": [ - ], - "EndpointDlpLocation": [ + ], + "DocumentContainsWords": [ - ], - "EndpointDlpLocationException": [ + ], + "ExceptIfDocumentContainsWords": [ - ], - "ThirdPartyAppDlpLocation": [ + ], + "SenderADAttributeMatchesPatterns": null, + "ExceptIfSenderADAttributeMatchesPatterns": null, + "SenderADAttributeContainsWords": null, + "ExceptIfSenderADAttributeContainsWords": null, + "RecipientADAttributeMatchesPatterns": null, + "ExceptIfRecipientADAttributeMatchesPatterns": null, + "RecipientADAttributeContainsWords": null, + "ExceptIfRecipientADAttributeContainsWords": null, + "ContentCharacterSetContainsWords": [ - ], - "ThirdPartyAppDlpLocationException": [ + ], + "ExceptIfContentCharacterSetContainsWords": [ - ], - "OnPremisesScannerDlpLocation": [ + ], + "DocumentNameMatchesPatterns": [ - ], - "OnPremisesScannerDlpLocationException": [ + ], + "ExceptIfDocumentNameMatchesPatterns": [ - ], - "PowerBIDlpLocation": [ + ], + "MessageSizeOver": "", + "ExceptIfMessageSizeOver": "", + "AttachmentCountOver": null, + "MessageTypeMatches": null, + "ExceptIfMessageTypeMatches": null, + "UnscannableDocumentExtensionIs": [ - ], - "PowerBIDlpLocationException": [ + ], + "ExceptIfUnscannableDocumentExtensionIs": [ + + ], + "HeaderContainsWords": null, + "ExceptIfHeaderContainsWords": null, + "HeaderContainsTokens": null, + "ExceptIfHeaderContainsTokens": null, + "DeviceManagementType": null, + "ExceptIfDeviceManagementType": null, + "AccessedBy": [ - ], - "Locations": "", - "LocationInclusions": [ + ], + "ExceptIfAccessedBy": [ ], - "LocationExclusions": [ + "AccessedByMemberOf": [ ], - "ExchangeSender": [ - - ], - "ExchangeSenderException": [ + "ExceptIfAccessedByMemberOf": [ + ], + "BlockAccess": true, + "BlockAccessScope": "All", + "EncryptRMSTemplate": null, + "EnforcePortalAccess": true, + "ApplyBrandingTemplate": "", + "RemoveRMSTemplate": false, + "EndpointDlpRestrictions": [ + { + "setting": "CloudEgress", + "defaultmessage": "none", + "value": "Audit", + "appgroup": "none" + }, + { + "setting": "CopyPaste", + "defaultmessage": "none", + "value": "Audit", + "appgroup": "none" + }, + { + "setting": "RemovableMedia", + "defaultmessage": "none", + "value": "Audit", + "appgroup": "none" + }, + { + "setting": "NetworkShare", + "defaultmessage": "none", + "value": "Audit", + "appgroup": "none" + }, + { + "setting": "UnallowedApps", + "defaultmessage": "none", + "value": "Block", + "appgroup": "none" + }, + { + "setting": "Print", + "defaultmessage": "none", + "value": "Audit", + "appgroup": "none" + } ], - "PolicyTemplateInfo": null, - "MatchedItemsCount": null, - "TotalItemsCount": null, - "TopNLocationStatistics": null, - "WorkloadStatistics": null, - "IsSimulationPolicy": false, - "SimulationStatus": null, - "AutoEnableAfter": null, - "IsFromSmartInsights": null, - "IsColdDataSimulationPolicy": false, - "ExtendedProperties": null, - "Summary": false, - "OneDriveSharedBy": [ - - ], - "ExceptIfOneDriveSharedBy": [ + "EndpointDlpBrowserRestrictions": null, + "ThirdPartyAppDlpRestrictions": null, + "OnPremisesScannerDlpRestrictions": null, + "PowerBIDlpRestrictions": null, + "AlertProperties": { + "AggregationType": "None" + }, + "GenerateAlert": [ + "true" + ], + "GenerateIncidentReport": [ - ], - "OneDriveSharedByMemberOf": [ + ], + "IncidentReportContent": null, + "NotifyUser": [ + "LastModifier" + ], + "NotifyAllowOverride": null, + "NotifyEmailCustomText": "", + "NotifyEmailCustomSubject": "", + "NotifyEmailCustomSenderDisplayName": "", + "NotifyEmailExchangeIncludeAttachment": true, + "NotifyEmailOnedriveRemediationActions": "NotSet", + "NotifyJustificationCustomText": "", + "NotifyJustificationCustomTextTranslations": [ - ], - "ExceptIfOneDriveSharedByMemberOf": [ + ], + "NotifyPolicyTipCustomText": "", + "NotifyUserType": "NotSet", + "NotifyPolicyTipCustomTextTranslations": [ - ], - "ExchangeSenderMemberOf": [ + ], + "NotifyOverrideRequirements": "None", + "NotifyPolicyTipDisplayOption": "Tip", + "NotifyPolicyTipUrl": "", + "NotifyPolicyTipCustomDialog": "", + "NotifyEndpointUser": null, + "RemoveHeader": [ - ], - "ExchangeSenderMemberOfException": [ + ], + "AccessTimeControl": null, + "StopPolicyProcessing": false, + "SetHeader": null, + "AddRecipients": null, + "Moderate": null, + "ModifySubject": null, + "MapRecipients": null, + "RedirectMessageTo": null, + "PrependSubject": "", + "ApplyHtmlDisclaimer": null, + "Quarantine": false, + "TriggerPowerAutomateFlow": "", + "RestrictAccess": null, + "MipRestrictAccess": null, + "SourceType": "", + "Guid": "33285a89-e80c-4522-9954-ef58ab4e383a", + "AdvancedRuleBuilderContext": null, + "ParentPolicyName": "Escaped characters such as \\.\\O\\S\\T seem to be an issue.", + "ReportSeverityLevel": "Low", + "ActivationDate": null, + "ExpiryDate": null, + "SenderType": null, + "SenderAddressLocation": null, + "AdvancedRule": "{\r\n \"Version\": \"1.0\",\r\n \"Condition\": {\r\n \"Operator\": \"And\",\r\n \"SubConditions\": [\r\n {\r\n \"ConditionName\": \"ContentContainsSensitiveInformation\",\r\n \"Value\": [\r\n {\r\n \"Groups\": [\r\n {\r\n \"Name\": \"Sensitive Info Types with escapes \\\\.\\\\O\\\\S\\\\T\",\r\n \"Operator\": \"Or\",\r\n \"Sensitivetypes\": [\r\n {\r\n \"Name\": \"Credit Card Number\",\r\n \"Id\": \"50842eb7-edc8-4019-85dd-5a5c1f2bb085\",\r\n \"Mincount\": 1,\r\n \"Maxcount\": -1,\r\n \"Confidencelevel\": \"High\",\r\n \"Minconfidence\": 85,\r\n \"Maxconfidence\": 100\r\n },\r\n {\r\n \"Name\": \"U.S. Individual Taxpayer Identification Number (ITIN)\",\r\n \"Id\": \"e55e2a32-f92d-4985-a35d-a0b269eb687b\",\r\n \"Mincount\": 1,\r\n \"Maxcount\": -1,\r\n \"Confidencelevel\": \"Medium\",\r\n \"Minconfidence\": 75,\r\n \"Maxconfidence\": 100\r\n },\r\n {\r\n \"Name\": \"U.S. Social Security Number (SSN)\",\r\n \"Id\": \"a44669fe-0d48-453d-a9b1-2cc83f2cba77\",\r\n \"Mincount\": 1,\r\n \"Maxcount\": -1,\r\n \"Confidencelevel\": \"Medium\",\r\n \"Minconfidence\": 75,\r\n \"Maxconfidence\": 100\r\n }\r\n ]\r\n }\r\n ],\r\n \"Operator\": \"And\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n}", + "ExecutionRuleGuids": null, + "DisplayName": "Are escaped rule names a problem", + "StorageBindings": null, + "EvaluateRulePerComponent": false, + "IsAdvancedRule": true, + "ContentContainsSensitiveInformation": null, + "ExceptIfContentContainsSensitiveInformation": null, + "ContentMissingSensitivityLabel": null, + "ContentIsNotLabeled": false, + "AttachmentIsNotLabeled": false, + "MessageIsNotLabeled": false, + "DocumentCreatedBy": [ - ], - "ExchangeAdaptiveScopes": null, - "ExchangeAdaptiveScopesException": null, - "SharePointAdaptiveScopes": null, - "SharePointAdaptiveScopesException": null, - "OneDriveAdaptiveScopes": null, - "OneDriveAdaptiveScopesException": null, - "TeamsAdaptiveScopes": null, - "TeamsAdaptiveScopesException": null, - "EndpointDlpAdaptiveScopes": null, - "EndpointDlpAdaptiveScopesException": null, - "ExpectedLocations": 0, - "CompletedLocations": 0, - "FailedLocations": 0, - "ItemStatistics": null, - "RuleMatchBlob": null, - "ErrorMetadata": null, - "UserAdministrativeUnitMembershipMap": null, - "ForceValidate": false, - "PolicyRulesMetaData": "{\"WhenRulesChangedUtc\":\"2023-12-15T14:39:23.8092225Z\"}", - "Workload": "Exchange, SharePoint, OneDriveForBusiness, Teams", - "Priority": 5, - "ObjectVersion": "e302b4e8-6634-4c91-9616-08dbfd7bb1d1", - "CreatedBy": "John Doe", - "LastModifiedBy": "John Doe", - "ReadOnly": false, - "ExternalIdentity": "", - "Comment": "Custom policy meets all requirements for DLP under baseline EXCEPT it is missing the ITIN and instead has UK passports listed.", - "Enabled": true, - "DistributionStatus": "Pending", - "DistributionSyncStatus": "Unknown", - "DistributionResults": null, - "LastStatusUpdateTime": null, - "ModificationTimeUtc": "Date(1702672790917)", - "CreationTimeUtc": "Date(1702672630117)", - "PolicyRBACScopes": [ + ], + "ExceptIfDocumentCreatedBy": [ - ], - "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration/Info_TypeITIN_Missing", - "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration/Info_TypeITIN_Missing", - "IsValid": true, - "ExchangeVersion": "0.20 (15.0.0.0)", - "Name": "Info_TypeITIN_Missing", - "DistinguishedName": "CN=Info_TypeITIN_Missing,CN=Configuration,CN=tqhjy.onmicrosoft.com,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", - "ObjectCategory": null, - "ObjectClass": [ - "msExchUnifiedPolicy" - ], - "WhenChanged": "Date(1702651190000)", - "WhenCreated": "Date(1702651030000)", - "WhenChangedUTC": "Date(1702651190000)", - "WhenCreatedUTC": "Date(1702651030000)", - "ExchangeObjectId": "0362dd12-1c3e-484b-983a-3b600a6f9e2a", - "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com", - "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration", - "Guid": "0362dd12-1c3e-484b-983a-3b600a6f9e2a", - "OriginatingServer": "", - "ObjectState": "Changed" - }, - { - "Mode": "Enable", - "DisplayName": "DevicePolicy_CCOnly", - "Type": "Dlp", - "ExchangeLocation": [ + ], + "DocumentSizeOver": "", + "ExceptIfDocumentSizeOver": "", + "DocumentNameMatchesWords": [ - ], - "SharePointLocation": [ + ], + "ExceptIfDocumentNameMatchesWords": [ - ], - "SharePointLocationException": [ + ], + "AccessScope": null, + "NonBifurcatingAccessScope": null, + "ExceptIfAccessScope": null, + "FromScope": null, + "ExceptIfFromScope": null, + "WithImportance": null, + "ExceptIfWithImportance": null, + "ExternalScenarioDependancies": { + "ProtectionAlertId": "96e8531f-40be-418f-8c4f-341009daf3bb" + }, + "ContentPropertyContainsWords": [ - ], - "OneDriveLocation": [ + ], + "ExceptIfContentPropertyContainsWords": [ - ], - "OneDriveLocationException": [ + ], + "From": null, + "ExceptIfFrom": null, + "FromMemberOf": null, + "ExceptIfFromMemberOf": null, + "DocumentIsUnsupported": false, + "ExceptIfDocumentIsUnsupported": false, + "HasSenderOverride": false, + "ExceptIfHasSenderOverride": false, + "RestrictBrowserAccess": false, + "ProcessingLimitExceeded": false, + "ExceptIfProcessingLimitExceeded": false, + "SentTo": [ - ], - "ExchangeOnPremisesLocation": [ + ], + "ExceptIfSentTo": [ - ], - "SharePointOnPremisesLocation": [ + ], + "RecipientDomainIs": [ - ], - "SharePointOnPremisesLocationException": [ + ], + "ExceptIfRecipientDomainIs": [ - ], - "TeamsLocation": [ + ], + "DocumentIsPasswordProtected": false, + "ExceptIfDocumentIsPasswordProtected": false, + "SenderIPRanges": [ - ], - "TeamsLocationException": [ + ], + "ExceptIfSenderIPRanges": [ ], - "EndpointDlpLocation": [ - "All" - ], - "EndpointDlpLocationException": [ + "ContentExtensionMatchesWords": [ ], - "ThirdPartyAppDlpLocation": [ - - ], - "ThirdPartyAppDlpLocationException": [ + "ExceptIfContentExtensionMatchesWords": [ - ], - "OnPremisesScannerDlpLocation": [ + ], + "ContentFileTypeMatches": [ - ], - "OnPremisesScannerDlpLocationException": [ + ], + "ExceptIfContentFileTypeMatches": [ - ], - "PowerBIDlpLocation": [ + ], + "HeaderMatchesPatterns": null, + "ExceptIfHeaderMatchesPatterns": null, + "SubjectMatchesPatterns": [ - ], - "PowerBIDlpLocationException": [ + ], + "ExceptIfSubjectMatchesPatterns": [ - ], - "Locations": "", - "LocationInclusions": [ + ], + "AnyOfRecipientAddressContainsWords": [ - ], - "LocationExclusions": [ + ], + "ExceptIfAnyOfRecipientAddressContainsWords": [ - ], - "ExchangeSender": [ + ], + "AnyOfRecipientAddressMatchesPatterns": [ - ], - "ExchangeSenderException": [ + ], + "ExceptIfAnyOfRecipientAddressMatchesPatterns": [ - ], - "PolicyTemplateInfo": null, - "MatchedItemsCount": null, - "TotalItemsCount": null, - "TopNLocationStatistics": null, - "WorkloadStatistics": null, - "IsSimulationPolicy": false, - "SimulationStatus": null, - "AutoEnableAfter": null, - "IsFromSmartInsights": null, - "IsColdDataSimulationPolicy": false, - "ExtendedProperties": null, - "Summary": false, - "OneDriveSharedBy": [ + ], + "FromAddressMatchesPatterns": [ - ], - "ExceptIfOneDriveSharedBy": [ + ], + "ExceptIfFromAddressMatchesPatterns": [ - ], - "OneDriveSharedByMemberOf": [ + ], + "FromAddressContainsWords": [ ], - "ExceptIfOneDriveSharedByMemberOf": [ + "ExceptIfFromAddressContainsWords": [ ], - "ExchangeSenderMemberOf": [ + "SenderDomainIs": [ + + ], + "ExceptIfSenderDomainIs": [ ], - "ExchangeSenderMemberOfException": [ + "SentToMemberOf": null, + "ExceptIfSentToMemberOf": null, + "DocumentCreatedByMemberOf": null, + "ExceptIfDocumentCreatedByMemberOf": null, + "HasLabelDowngradedFrom": [ - ], - "ExchangeAdaptiveScopes": null, - "ExchangeAdaptiveScopesException": null, - "SharePointAdaptiveScopes": null, - "SharePointAdaptiveScopesException": null, - "OneDriveAdaptiveScopes": null, - "OneDriveAdaptiveScopesException": null, - "TeamsAdaptiveScopes": null, - "TeamsAdaptiveScopesException": null, - "EndpointDlpAdaptiveScopes": null, - "EndpointDlpAdaptiveScopesException": null, - "ExpectedLocations": 0, - "CompletedLocations": 0, - "FailedLocations": 0, - "ItemStatistics": null, - "RuleMatchBlob": null, - "ErrorMetadata": null, - "UserAdministrativeUnitMembershipMap": null, - "ForceValidate": false, - "PolicyRulesMetaData": "{\"WhenRulesChangedUtc\":\"2023-12-15T14:42:23.5450374Z\"}", - "Workload": "Exchange, SharePoint, OneDriveForBusiness, EndpointDevices", - "Priority": 6, - "ObjectVersion": "2b7e0c63-b0d5-4338-dc06-08dbfd7c0cca", - "CreatedBy": "John Doe", - "LastModifiedBy": "John Doe", + ], + "ContentIsShared": false, + "ExceptIfContentIsShared": false, + "SharedByIRMUserRisk": [ + + ], + "MessageLabelChangeDetected": null, + "ExceptIfMessageLabelChangeDetected": null, + "RuleErrorAction": null, + "RuleXml": "", "ReadOnly": false, + "ErrorMetadata": null, "ExternalIdentity": "", - "Comment": "Custom policy that protects devices by blocking access to credit card numbers only.", - "Enabled": true, - "DistributionStatus": "Pending", - "DistributionSyncStatus": "Unknown", - "DistributionResults": null, - "LastStatusUpdateTime": null, - "ModificationTimeUtc": "Date(1702672943547)", - "CreationTimeUtc": "Date(1702672936403)", - "PolicyRBACScopes": [ - - ], - "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration/DevicePolicy_CCOnly", - "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration/DevicePolicy_CCOnly", + "ImmutableId": "07fef34e-65b6-459f-a460-ec6d1ac8edb0", + "Priority": 0, + "Workload": "Exchange, SharePoint, OneDriveForBusiness, Teams, EndpointDevices", + "Policy": "3e6ae832-d413-498e-9cc1-6b725713992b", + "Comment": "Checking for issues with escapes in rule names.", + "Disabled": false, + "Mode": "Enforce", + "ObjectVersion": "e0cb8e78-e9f8-4aa3-2f31-08dc4aa0ac8c", + "MaximumBlobRuleLength": 0, + "CreatedBy": "John Public", + "LastModifiedBy": "John Public", + "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration/Are escaped rule names a problem", + "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration/Are escaped rule names a problem", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", - "Name": "DevicePolicy_CCOnly", - "DistinguishedName": "CN=DevicePolicy_CCOnly,CN=Configuration,CN=tqhjy.onmicrosoft.com,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", + "Name": "Are escaped rule names a problem", + "DistinguishedName": "CN=Are escaped rule names a problem,CN=Configuration,CN=tqhjy.onmicrosoft.com,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ - "msExchUnifiedPolicy" + "msExchUnifiedRule" ], - "WhenChanged": "Date(1702651343000)", - "WhenCreated": "Date(1702651336000)", - "WhenChangedUTC": "Date(1702651343000)", - "WhenCreatedUTC": "Date(1702651336000)", - "ExchangeObjectId": "2a4e7cb6-9da7-468f-a58e-42975ea7cd71", + "WhenChanged": "Date(1711133312000)", + "WhenCreated": "Date(1711133312000)", + "WhenChangedUTC": "Date(1711133312000)", + "WhenCreatedUTC": "Date(1711133312000)", + "ExchangeObjectId": "33285a89-e80c-4522-9954-ef58ab4e383a", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration", - "Guid": "2a4e7cb6-9da7-468f-a58e-42975ea7cd71", "OriginatingServer": "", - "ObjectState": "Changed" - } -], - "dlp_compliance_rules": [ + "ObjectState": "New", + "IsObjectUnderSystemOperation": false, + "IsSummarizedPsRule": false + }, { "SubjectContainsWords": [ @@ -11321,6 +11364,7 @@ ], "MessageSizeOver": "", "ExceptIfMessageSizeOver": "", + "AttachmentCountOver": null, "MessageTypeMatches": null, "ExceptIfMessageTypeMatches": null, "UnscannableDocumentExtensionIs": [ @@ -11347,8 +11391,8 @@ "ExceptIfAccessedByMemberOf": [ ], - "BlockAccess": true, - "BlockAccessScope": "All", + "BlockAccess": false, + "BlockAccessScope": null, "EncryptRMSTemplate": null, "EnforcePortalAccess": true, "ApplyBrandingTemplate": "", @@ -11369,25 +11413,25 @@ ], "IncidentReportContent": null, "NotifyUser": [ - "LastModifier" + ], "NotifyAllowOverride": null, "NotifyEmailCustomText": "", "NotifyEmailCustomSubject": "", "NotifyEmailCustomSenderDisplayName": "", "NotifyEmailExchangeIncludeAttachment": true, - "NotifyEmailOnedriveRemediationActions": "NotSet", + "NotifyEmailOnedriveRemediationActions": null, "NotifyJustificationCustomText": "", "NotifyJustificationCustomTextTranslations": [ ], "NotifyPolicyTipCustomText": "", - "NotifyUserType": "NotSet", + "NotifyUserType": null, "NotifyPolicyTipCustomTextTranslations": [ ], - "NotifyOverrideRequirements": "None", - "NotifyPolicyTipDisplayOption": "Tip", + "NotifyOverrideRequirements": null, + "NotifyPolicyTipDisplayOption": null, "NotifyPolicyTipUrl": "", "NotifyPolicyTipCustomDialog": "", "NotifyEndpointUser": null, @@ -11407,22 +11451,54 @@ "Quarantine": false, "TriggerPowerAutomateFlow": "", "RestrictAccess": null, + "MipRestrictAccess": null, "SourceType": "", - "Guid": "a7739b6b-9831-467a-a355-3ba7aab938bc", + "Guid": "53b168f2-012b-4d2f-a15c-1e05bedae10d", "AdvancedRuleBuilderContext": null, - "ParentPolicyName": "Info_TypeITIN_Missing", + "ParentPolicyName": "PR Test Policy", "ReportSeverityLevel": "Low", "ActivationDate": null, "ExpiryDate": null, "SenderType": null, "SenderAddressLocation": null, - "AdvancedRule": "{\r\n \"Version\": \"1.0\",\r\n \"Condition\": {\r\n \"Operator\": \"And\",\r\n \"SubConditions\": [\r\n {\r\n \"ConditionName\": \"ContentContainsSensitiveInformation\",\r\n \"Value\": [\r\n {\r\n \"Groups\": [\r\n {\r\n \"Name\": \"BadInfoTypes\",\r\n \"Operator\": \"Or\",\r\n \"Sensitivetypes\": [\r\n {\r\n \"Name\": \"U.S. Social Security Number (SSN)\",\r\n \"Id\": \"a44669fe-0d48-453d-a9b1-2cc83f2cba77\",\r\n \"Mincount\": 1,\r\n \"Maxcount\": -1,\r\n \"Confidencelevel\": \"Medium\",\r\n \"Minconfidence\": 75,\r\n \"Maxconfidence\": 100\r\n },\r\n {\r\n \"Name\": \"U.S. / U.K. Passport Number\",\r\n \"Id\": \"178ec42a-18b4-47cc-85c7-d62c92fd67f8\",\r\n \"Mincount\": 1,\r\n \"Maxcount\": -1,\r\n \"Confidencelevel\": \"Medium\",\r\n \"Minconfidence\": 75,\r\n \"Maxconfidence\": 100\r\n },\r\n {\r\n \"Name\": \"Credit Card Number\",\r\n \"Id\": \"50842eb7-edc8-4019-85dd-5a5c1f2bb085\",\r\n \"Mincount\": 1,\r\n \"Maxcount\": -1,\r\n \"Confidencelevel\": \"High\",\r\n \"Minconfidence\": 85,\r\n \"Maxconfidence\": 100\r\n }\r\n ]\r\n }\r\n ],\r\n \"Operator\": \"And\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n}", + "AdvancedRule": "{\r\n \"Version\": \"1.0\",\r\n \"Condition\": {\r\n \"Operator\": \"And\",\r\n \"SubConditions\": [\r\n {\r\n \"ConditionName\": \"ContentContainsSensitiveInformation\",\r\n \"Value\": [\r\n {\r\n \"id\": \"a44669fe-0d48-453d-a9b1-2cc83f2cba77\",\r\n \"maxconfidence\": \"100\",\r\n \"name\": \"U.S. Social Security Number (SSN)\",\r\n \"maxcount\": \"-1\",\r\n \"minconfidence\": \"75\",\r\n \"classifiertype\": \"Content\",\r\n \"mincount\": \"1\",\r\n \"confidencelevel\": \"Medium\"\r\n },\r\n {\r\n \"id\": \"50842eb7-edc8-4019-85dd-5a5c1f2bb085\",\r\n \"maxconfidence\": \"100\",\r\n \"name\": \"Credit Card Number\",\r\n \"maxcount\": \"-1\",\r\n \"minconfidence\": \"85\",\r\n \"classifiertype\": \"Content\",\r\n \"mincount\": \"1\",\r\n \"confidencelevel\": \"High\"\r\n },\r\n {\r\n \"id\": \"e55e2a32-f92d-4985-a35d-a0b269eb687b\",\r\n \"maxconfidence\": \"100\",\r\n \"name\": \"U.S. Individual Taxpayer Identification Number (ITIN)\",\r\n \"maxcount\": \"-1\",\r\n \"minconfidence\": \"75\",\r\n \"classifiertype\": \"Content\",\r\n \"mincount\": \"1\",\r\n \"confidencelevel\": \"Medium\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n}", "ExecutionRuleGuids": null, - "DisplayName": "Missing_ITIN_Has_UKPassports", + "DisplayName": "PII-temp", "StorageBindings": null, "EvaluateRulePerComponent": false, - "IsAdvancedRule": true, - "ContentContainsSensitiveInformation": null, + "IsAdvancedRule": false, + "ContentContainsSensitiveInformation": [ + { + "maxconfidence": "100", + "confidencelevel": "Medium", + "id": "a44669fe-0d48-453d-a9b1-2cc83f2cba77", + "minconfidence": "75", + "classifiertype": "Content", + "name": "U.S. Social Security Number (SSN)", + "mincount": "1", + "maxcount": "-1" + }, + { + "maxconfidence": "100", + "confidencelevel": "High", + "id": "50842eb7-edc8-4019-85dd-5a5c1f2bb085", + "minconfidence": "85", + "classifiertype": "Content", + "name": "Credit Card Number", + "mincount": "1", + "maxcount": "-1" + }, + { + "maxconfidence": "100", + "confidencelevel": "Medium", + "id": "e55e2a32-f92d-4985-a35d-a0b269eb687b", + "minconfidence": "75", + "classifiertype": "Content", + "name": "U.S. Individual Taxpayer Identification Number (ITIN)", + "mincount": "1", + "maxcount": "-1" + } + ], "ExceptIfContentContainsSensitiveInformation": null, "ContentMissingSensitivityLabel": null, "ContentIsNotLabeled": false, @@ -11450,7 +11526,7 @@ "WithImportance": null, "ExceptIfWithImportance": null, "ExternalScenarioDependancies": { - "ProtectionAlertId": "e95437f3-7b8b-4055-9383-2686e02de873" + "ProtectionAlertId": "48c87377-6fdd-45d7-91a6-bbbebd3d99f8" }, "ContentPropertyContainsWords": [ @@ -11558,37 +11634,38 @@ "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", - "ImmutableId": "6c63bd2e-3caf-4817-bab8-1794c388b8c8", + "ImmutableId": "8328f2c9-860e-4bbd-9f5c-1ef615a64947", "Priority": 0, - "Workload": "Exchange, SharePoint, OneDriveForBusiness, Teams", - "Policy": "0362dd12-1c3e-484b-983a-3b600a6f9e2a", - "Comment": "Sensitive info types required except ITIN. Has additional UK Passports instead.", + "Workload": "Exchange, SharePoint, OneDriveForBusiness, Teams, ThirdPartyApps", + "Policy": "46f77b71-78a1-428f-a433-a7c8cca1c6e7", + "Comment": "", "Disabled": false, "Mode": "Enforce", - "ObjectVersion": "d1826caf-850a-4c5a-c335-08dbfd7bb17b", + "ObjectVersion": "a1351454-19ea-4b35-14d0-08dbd1737c02", "MaximumBlobRuleLength": 0, "CreatedBy": "John Doe", "LastModifiedBy": "John Doe", - "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration/Missing_ITIN_Has_UKPassports", - "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration/Missing_ITIN_Has_UKPassports", + "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration/PII-temp", + "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration/PII-temp", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", - "Name": "Missing_ITIN_Has_UKPassports", - "DistinguishedName": "CN=Missing_ITIN_Has_UKPassports,CN=Configuration,CN=tqhjy.onmicrosoft.com,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", + "Name": "PII-temp", + "DistinguishedName": "CN=PII-temp,CN=Configuration,CN=tqhjy.onmicrosoft.com,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], - "WhenChanged": "Date(1702651190000)", - "WhenCreated": "Date(1702651039000)", - "WhenChangedUTC": "Date(1702651190000)", - "WhenCreatedUTC": "Date(1702651039000)", - "ExchangeObjectId": "a7739b6b-9831-467a-a355-3ba7aab938bc", + "WhenChanged": "Date(1697809813000)", + "WhenCreated": "Date(1697725866000)", + "WhenChangedUTC": "Date(1697809813000)", + "WhenCreatedUTC": "Date(1697725866000)", + "ExchangeObjectId": "53b168f2-012b-4d2f-a15c-1e05bedae10d", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration", "OriginatingServer": "", "ObjectState": "Changed", - "IsObjectUnderSystemOperation": false + "IsObjectUnderSystemOperation": false, + "IsSummarizedPsRule": false }, { "SubjectContainsWords": [ @@ -11643,6 +11720,7 @@ ], "MessageSizeOver": "", "ExceptIfMessageSizeOver": "", + "AttachmentCountOver": null, "MessageTypeMatches": null, "ExceptIfMessageTypeMatches": null, "UnscannableDocumentExtensionIs": [ @@ -11666,53 +11744,16 @@ "AccessedByMemberOf": [ ], - "ExceptIfAccessedByMemberOf": [ - - ], - "BlockAccess": false, - "BlockAccessScope": null, - "EncryptRMSTemplate": null, - "EnforcePortalAccess": true, - "ApplyBrandingTemplate": "", - "RemoveRMSTemplate": false, - "EndpointDlpRestrictions": [ - { - "setting": "CloudEgress", - "defaultmessage": "none", - "value": "Audit", - "appgroup": "none" - }, - { - "setting": "CopyPaste", - "defaultmessage": "none", - "value": "Audit", - "appgroup": "none" - }, - { - "setting": "RemovableMedia", - "defaultmessage": "none", - "value": "Audit", - "appgroup": "none" - }, - { - "setting": "NetworkShare", - "defaultmessage": "none", - "value": "Audit", - "appgroup": "none" - }, - { - "setting": "UnallowedApps", - "defaultmessage": "none", - "value": "Block", - "appgroup": "none" - }, - { - "setting": "Print", - "defaultmessage": "none", - "value": "Audit", - "appgroup": "none" - } - ], + "ExceptIfAccessedByMemberOf": [ + + ], + "BlockAccess": true, + "BlockAccessScope": "All", + "EncryptRMSTemplate": null, + "EnforcePortalAccess": true, + "ApplyBrandingTemplate": "", + "RemoveRMSTemplate": false, + "EndpointDlpRestrictions": null, "EndpointDlpBrowserRestrictions": null, "ThirdPartyAppDlpRestrictions": null, "OnPremisesScannerDlpRestrictions": null, @@ -11728,25 +11769,25 @@ ], "IncidentReportContent": null, "NotifyUser": [ - "LastModifier" + ], "NotifyAllowOverride": null, "NotifyEmailCustomText": "", "NotifyEmailCustomSubject": "", "NotifyEmailCustomSenderDisplayName": "", "NotifyEmailExchangeIncludeAttachment": true, - "NotifyEmailOnedriveRemediationActions": "NotSet", + "NotifyEmailOnedriveRemediationActions": null, "NotifyJustificationCustomText": "", "NotifyJustificationCustomTextTranslations": [ ], "NotifyPolicyTipCustomText": "", - "NotifyUserType": "NotSet", + "NotifyUserType": null, "NotifyPolicyTipCustomTextTranslations": [ ], - "NotifyOverrideRequirements": "None", - "NotifyPolicyTipDisplayOption": "Tip", + "NotifyOverrideRequirements": null, + "NotifyPolicyTipDisplayOption": null, "NotifyPolicyTipUrl": "", "NotifyPolicyTipCustomDialog": "", "NotifyEndpointUser": null, @@ -11766,18 +11807,19 @@ "Quarantine": false, "TriggerPowerAutomateFlow": "", "RestrictAccess": null, + "MipRestrictAccess": null, "SourceType": "", - "Guid": "cb32ef11-441c-4536-a40e-a062000a55c5", + "Guid": "b01a6475-0529-411d-8d00-53cb06de1804", "AdvancedRuleBuilderContext": null, - "ParentPolicyName": "DevicePolicy_CCOnly", + "ParentPolicyName": "Defender Baseline Testing Policy", "ReportSeverityLevel": "Low", "ActivationDate": null, "ExpiryDate": null, "SenderType": null, "SenderAddressLocation": null, - "AdvancedRule": "{\r\n \"Version\": \"1.0\",\r\n \"Condition\": {\r\n \"Operator\": \"And\",\r\n \"SubConditions\": [\r\n {\r\n \"ConditionName\": \"ContentContainsSensitiveInformation\",\r\n \"Value\": [\r\n {\r\n \"Groups\": [\r\n {\r\n \"Name\": \"CCOnly\",\r\n \"Operator\": \"Or\",\r\n \"Sensitivetypes\": [\r\n {\r\n \"Name\": \"Credit Card Number\",\r\n \"Id\": \"50842eb7-edc8-4019-85dd-5a5c1f2bb085\",\r\n \"Mincount\": 1,\r\n \"Maxcount\": -1,\r\n \"Confidencelevel\": \"High\",\r\n \"Minconfidence\": 85,\r\n \"Maxconfidence\": 100\r\n }\r\n ]\r\n }\r\n ],\r\n \"Operator\": \"And\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n}", + "AdvancedRule": "{\r\n \"Version\": \"1.0\",\r\n \"Condition\": {\r\n \"Operator\": \"And\",\r\n \"SubConditions\": [\r\n {\r\n \"ConditionName\": \"ContentContainsSensitiveInformation\",\r\n \"Value\": [\r\n {\r\n \"Groups\": [\r\n {\r\n \"Name\": \"Default\",\r\n \"Operator\": \"Or\",\r\n \"Sensitivetypes\": [\r\n {\r\n \"Name\": \"Credit Card Number\",\r\n \"Id\": \"50842eb7-edc8-4019-85dd-5a5c1f2bb085\",\r\n \"Mincount\": 1,\r\n \"Maxcount\": -1,\r\n \"Confidencelevel\": \"High\",\r\n \"Minconfidence\": 85,\r\n \"Maxconfidence\": 100\r\n },\r\n {\r\n \"Name\": \"U.S. Individual Taxpayer Identification Number (ITIN)\",\r\n \"Id\": \"e55e2a32-f92d-4985-a35d-a0b269eb687b\",\r\n \"Mincount\": 1,\r\n \"Maxcount\": -1,\r\n \"Confidencelevel\": \"Medium\",\r\n \"Minconfidence\": 75,\r\n \"Maxconfidence\": 100\r\n },\r\n {\r\n \"Name\": \"U.S. Social Security Number (SSN)\",\r\n \"Id\": \"a44669fe-0d48-453d-a9b1-2cc83f2cba77\",\r\n \"Mincount\": 1,\r\n \"Maxcount\": -1,\r\n \"Confidencelevel\": \"Medium\",\r\n \"Minconfidence\": 75,\r\n \"Maxconfidence\": 100\r\n }\r\n ]\r\n }\r\n ],\r\n \"Operator\": \"And\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n}", "ExecutionRuleGuids": null, - "DisplayName": "CreditCardsOnly", + "DisplayName": "Default", "StorageBindings": null, "EvaluateRulePerComponent": false, "IsAdvancedRule": true, @@ -11809,7 +11851,7 @@ "WithImportance": null, "ExceptIfWithImportance": null, "ExternalScenarioDependancies": { - "ProtectionAlertId": "d46f69a5-6277-49fc-ad26-e0b701c034d0" + "ProtectionAlertId": "7d53937e-b4f5-45d0-9bd8-7ea0305553bb" }, "ContentPropertyContainsWords": [ @@ -11917,39 +11959,39 @@ "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", - "ImmutableId": "37de612f-186b-4069-918f-b4c6f90037a8", + "ImmutableId": "5090ec10-3b5b-464b-b789-4e65bc6b5e3e", "Priority": 0, - "Workload": "Exchange, SharePoint, OneDriveForBusiness, EndpointDevices", - "Policy": "2a4e7cb6-9da7-468f-a58e-42975ea7cd71", - "Comment": "Rule that blocks access to credit card numbers on devices.", + "Workload": "Exchange, SharePoint, OneDriveForBusiness, Teams", + "Policy": "8038a28b-7b5c-42a8-a852-4bb68707afec", + "Comment": "", "Disabled": false, "Mode": "Enforce", - "ObjectVersion": "69df3855-a67f-4b5a-1b8a-08dbfd7c0c88", + "ObjectVersion": "3b836b63-457d-441d-dd73-08dbc5db81c6", "MaximumBlobRuleLength": 0, - "CreatedBy": "John Doe", - "LastModifiedBy": "John Doe", - "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration/CreditCardsOnly", - "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration/CreditCardsOnly", + "CreatedBy": "John Public", + "LastModifiedBy": "John Public", + "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration/Default", + "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration/Default", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", - "Name": "CreditCardsOnly", - "DistinguishedName": "CN=CreditCardsOnly,CN=Configuration,CN=tqhjy.onmicrosoft.com,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", + "Name": "Default", + "DistinguishedName": "CN=Default,CN=Configuration,CN=tqhjy.onmicrosoft.com,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], - "WhenChanged": "Date(1702651343000)", - "WhenCreated": "Date(1702651343000)", - "WhenChangedUTC": "Date(1702651343000)", - "WhenCreatedUTC": "Date(1702651343000)", - "ExchangeObjectId": "cb32ef11-441c-4536-a40e-a062000a55c5", + "WhenChanged": "Date(1696535076000)", + "WhenCreated": "Date(1696535076000)", + "WhenChangedUTC": "Date(1696535076000)", + "WhenCreatedUTC": "Date(1696535076000)", + "ExchangeObjectId": "b01a6475-0529-411d-8d00-53cb06de1804", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration", "OriginatingServer": "", "ObjectState": "New", - "IsObjectUnderSystemOperation": false + "IsObjectUnderSystemOperation": false, + "IsSummarizedPsRule": false }, - { "SubjectContainsWords": [ @@ -12003,6 +12045,7 @@ ], "MessageSizeOver": "", "ExceptIfMessageSizeOver": "", + "AttachmentCountOver": null, "MessageTypeMatches": null, "ExceptIfMessageTypeMatches": null, "UnscannableDocumentExtensionIs": [ @@ -12089,6 +12132,7 @@ "Quarantine": false, "TriggerPowerAutomateFlow": "", "RestrictAccess": null, + "MipRestrictAccess": null, "SourceType": "", "Guid": "74f600e2-dccc-4d6f-a748-7bff5ed5da69", "AdvancedRuleBuilderContext": null, @@ -12281,7 +12325,7 @@ "ObjectVersion": "f0bf389d-c2df-49af-e933-08dbc5cb3521", "MaximumBlobRuleLength": 0, "CreatedBy": "John Doe", - "LastModifiedBy": "John Doe", + "LastModifiedBy": "John Public", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration/Baseline Rule", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration/Baseline Rule", "IsValid": true, @@ -12301,7 +12345,8 @@ "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration", "OriginatingServer": "", "ObjectState": "Changed", - "IsObjectUnderSystemOperation": false + "IsObjectUnderSystemOperation": false, + "IsSummarizedPsRule": false }, { "SubjectContainsWords": [ @@ -12356,6 +12401,7 @@ ], "MessageSizeOver": "", "ExceptIfMessageSizeOver": "", + "AttachmentCountOver": null, "MessageTypeMatches": null, "ExceptIfMessageTypeMatches": null, "UnscannableDocumentExtensionIs": [ @@ -12442,10 +12488,11 @@ "Quarantine": false, "TriggerPowerAutomateFlow": "", "RestrictAccess": null, + "MipRestrictAccess": null, "SourceType": "", "Guid": "f2e78982-66b6-488a-a43a-e921800f6304", "AdvancedRuleBuilderContext": null, - "ParentPolicyName": "Tenant DLP Policy for PII", + "ParentPolicyName": "SCuBA DLP Policy for PII", "ReportSeverityLevel": "Low", "ActivationDate": null, "ExpiryDate": null, @@ -12453,7 +12500,7 @@ "SenderAddressLocation": null, "AdvancedRule": "{\r\n \"Version\": \"1.0\",\r\n \"Condition\": {\r\n \"Operator\": \"And\",\r\n \"SubConditions\": [\r\n {\r\n \"ConditionName\": \"AccessScope\",\r\n \"Value\": \"NotInOrganization\"\r\n },\r\n {\r\n \"ConditionName\": \"ContentContainsSensitiveInformation\",\r\n \"Value\": [\r\n {\r\n \"id\": \"50842eb7-edc8-4019-85dd-5a5c1f2bb085\",\r\n \"maxconfidence\": \"100\",\r\n \"name\": \"Credit Card Number\",\r\n \"maxcount\": \"9\",\r\n \"minconfidence\": \"85\",\r\n \"classifiertype\": \"Content\",\r\n \"mincount\": \"1\",\r\n \"confidencelevel\": \"High\"\r\n },\r\n {\r\n \"id\": \"a2ce32a8-f935-4bb6-8e96-2a5157672e2c\",\r\n \"maxconfidence\": \"100\",\r\n \"name\": \"U.S. Bank Account Number\",\r\n \"maxcount\": \"9\",\r\n \"minconfidence\": \"75\",\r\n \"classifiertype\": \"Content\",\r\n \"mincount\": \"1\",\r\n \"confidencelevel\": \"Medium\"\r\n },\r\n {\r\n \"id\": \"cb353f78-2b72-4c3c-8827-92ebe4f69fdf\",\r\n \"maxconfidence\": \"100\",\r\n \"name\": \"ABA Routing Number\",\r\n \"maxcount\": \"9\",\r\n \"minconfidence\": \"75\",\r\n \"classifiertype\": \"Content\",\r\n \"mincount\": \"1\",\r\n \"confidencelevel\": \"Medium\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n}", "ExecutionRuleGuids": null, - "DisplayName": "Low volume of content detected Tenant DLP Policy for PII", + "DisplayName": "Low volume of content detected SCuBA DLP Policy for PII", "StorageBindings": null, "EvaluateRulePerComponent": false, "IsAdvancedRule": false, @@ -12634,13 +12681,13 @@ "ObjectVersion": "f6f7ec90-c0aa-4ae4-e784-08dafa37f4cf", "MaximumBlobRuleLength": 0, "CreatedBy": "d459e626-e311-4242-bb40-263313097103", - "LastModifiedBy": "John Doe", - "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration/Low volume of content detected Tenant DLP Policy for PII", - "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration/Low volume of content detected Tenant DLP Policy for PII", + "LastModifiedBy": "John Public", + "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration/Low volume of content detected SCuBA DLP Policy for PII", + "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration/Low volume of content detected SCuBA DLP Policy for PII", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", - "Name": "Low volume of content detected Tenant DLP Policy for PII", - "DistinguishedName": "CN=Low volume of content detected Tenant DLP Policy for PII,CN=Configuration,CN=tqhjy.onmicrosoft.com,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", + "Name": "Low volume of content detected SCuBA DLP Policy for PII", + "DistinguishedName": "CN=Low volume of content detected SCuBA DLP Policy for PII,CN=Configuration,CN=tqhjy.onmicrosoft.com,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" @@ -12654,7 +12701,8 @@ "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration", "OriginatingServer": "", "ObjectState": "Changed", - "IsObjectUnderSystemOperation": false + "IsObjectUnderSystemOperation": false, + "IsSummarizedPsRule": false }, { "SubjectContainsWords": [ @@ -12709,6 +12757,7 @@ ], "MessageSizeOver": "", "ExceptIfMessageSizeOver": "", + "AttachmentCountOver": null, "MessageTypeMatches": null, "ExceptIfMessageTypeMatches": null, "UnscannableDocumentExtensionIs": [ @@ -12795,10 +12844,11 @@ "Quarantine": false, "TriggerPowerAutomateFlow": "", "RestrictAccess": null, + "MipRestrictAccess": null, "SourceType": "", "Guid": "8c40d462-f7c0-434d-bd37-d35c083c297a", "AdvancedRuleBuilderContext": null, - "ParentPolicyName": "Tenant DLP Policy for PII", + "ParentPolicyName": "SCuBA DLP Policy for PII", "ReportSeverityLevel": "High", "ActivationDate": null, "ExpiryDate": null, @@ -12806,7 +12856,7 @@ "SenderAddressLocation": null, "AdvancedRule": "{\r\n \"Version\": \"1.0\",\r\n \"Condition\": {\r\n \"Operator\": \"And\",\r\n \"SubConditions\": [\r\n {\r\n \"ConditionName\": \"AccessScope\",\r\n \"Value\": \"NotInOrganization\"\r\n },\r\n {\r\n \"ConditionName\": \"ContentContainsSensitiveInformation\",\r\n \"Value\": [\r\n {\r\n \"id\": \"50842eb7-edc8-4019-85dd-5a5c1f2bb085\",\r\n \"maxconfidence\": \"100\",\r\n \"name\": \"Credit Card Number\",\r\n \"maxcount\": \"-1\",\r\n \"minconfidence\": \"85\",\r\n \"classifiertype\": \"Content\",\r\n \"mincount\": \"10\",\r\n \"confidencelevel\": \"High\"\r\n },\r\n {\r\n \"id\": \"a2ce32a8-f935-4bb6-8e96-2a5157672e2c\",\r\n \"maxconfidence\": \"100\",\r\n \"name\": \"U.S. Bank Account Number\",\r\n \"maxcount\": \"-1\",\r\n \"minconfidence\": \"75\",\r\n \"classifiertype\": \"Content\",\r\n \"mincount\": \"10\",\r\n \"confidencelevel\": \"Medium\"\r\n },\r\n {\r\n \"id\": \"cb353f78-2b72-4c3c-8827-92ebe4f69fdf\",\r\n \"maxconfidence\": \"100\",\r\n \"name\": \"ABA Routing Number\",\r\n \"maxcount\": \"-1\",\r\n \"minconfidence\": \"75\",\r\n \"classifiertype\": \"Content\",\r\n \"mincount\": \"10\",\r\n \"confidencelevel\": \"Medium\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n}", "ExecutionRuleGuids": null, - "DisplayName": "High volume of content detected Tenant DLP Policy for PII", + "DisplayName": "High volume of content detected SCuBA DLP Policy for PII", "StorageBindings": null, "EvaluateRulePerComponent": false, "IsAdvancedRule": false, @@ -12987,13 +13037,13 @@ "ObjectVersion": "daf9a24d-19dd-4978-51b9-08dafa37f6c9", "MaximumBlobRuleLength": 0, "CreatedBy": "d459e626-e311-4242-bb40-263313097103", - "LastModifiedBy": "John Doe", - "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration/High volume of content detected Tenant DLP Policy for PII", - "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration/High volume of content detected Tenant DLP Policy for PII", + "LastModifiedBy": "John Public", + "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration/High volume of content detected SCuBA DLP Policy for PII", + "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration/High volume of content detected SCuBA DLP Policy for PII", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", - "Name": "High volume of content detected Tenant DLP Policy for PII", - "DistinguishedName": "CN=High volume of content detected Tenant DLP Policy for PII,CN=Configuration,CN=tqhjy.onmicrosoft.com,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", + "Name": "High volume of content detected SCuBA DLP Policy for PII", + "DistinguishedName": "CN=High volume of content detected SCuBA DLP Policy for PII,CN=Configuration,CN=tqhjy.onmicrosoft.com,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" @@ -13007,7 +13057,8 @@ "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration", "OriginatingServer": "", "ObjectState": "Changed", - "IsObjectUnderSystemOperation": false + "IsObjectUnderSystemOperation": false, + "IsSummarizedPsRule": false }, { "SubjectContainsWords": [ @@ -13062,6 +13113,7 @@ ], "MessageSizeOver": "", "ExceptIfMessageSizeOver": "", + "AttachmentCountOver": null, "MessageTypeMatches": null, "ExceptIfMessageTypeMatches": null, "UnscannableDocumentExtensionIs": [ @@ -13148,6 +13200,7 @@ "Quarantine": false, "TriggerPowerAutomateFlow": "", "RestrictAccess": null, + "MipRestrictAccess": null, "SourceType": "", "Guid": "6198a220-b7ac-4308-aeb4-fd520a263121", "AdvancedRuleBuilderContext": null, @@ -13308,8 +13361,8 @@ "Mode": "Enforce", "ObjectVersion": "000b9c42-97fe-4529-30e1-08dbcf31cf97", "MaximumBlobRuleLength": 0, - "CreatedBy": "John Doe", - "LastModifiedBy": "John Doe", + "CreatedBy": "John Public", + "LastModifiedBy": "John Public", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration/Restrict sensitive info types", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration/Restrict sensitive info types", "IsValid": true, @@ -13329,7 +13382,8 @@ "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration", "OriginatingServer": "", "ObjectState": "Changed", - "IsObjectUnderSystemOperation": false + "IsObjectUnderSystemOperation": false, + "IsSummarizedPsRule": false } ], "anti_phish_policies": [ @@ -13362,7 +13416,7 @@ "DmarcQuarantineAction": "Quarantine", "PhishThresholdLevel": 4, "TargetedUsersToProtect": [ - "John Doe;jdoe@tqhjy.onmicrosoft.com" + ], "TargetedUserActionRecipients": [ @@ -13380,7 +13434,7 @@ ], "ExcludedSenders": [ - "jdoe@tqhjy.onmicrosoft.com" + "johnpublic@tqhjy.onmicrosoft.com" ], "ExcludedSubDomains": [ @@ -13400,15 +13454,15 @@ "top", "msExchHostedContentFilterConfig" ], - "WhenChanged": "Date(1712119219000)", + "WhenChanged": "Date(1717562328000)", "WhenCreated": "Date(1681329956000)", - "WhenChangedUTC": "Date(1712119219000)", + "WhenChangedUTC": "Date(1717562328000)", "WhenCreatedUTC": "Date(1681329956000)", "ExchangeObjectId": "dd855979-da0e-4109-b218-cebf593d1771", "OrganizationalUnitRoot": "tqhjy.onmicrosoft.com", "OrganizationId": "NAMPR09A006.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - NAMPR09A006.PROD.OUTLOOK.COM/ConfigurationUnits/tqhjy.onmicrosoft.com/Configuration", "Guid": "dd855979-da0e-4109-b218-cebf593d1771", - "OriginatingServer": "DM5PR09A006DC10.NAMPR09A006.PROD.OUTLOOK.COM", + "OriginatingServer": "MWHPR09A006DC08.NAMPR09A006.PROD.OUTLOOK.COM", "ObjectState": "Unchanged" }, { @@ -13440,8 +13494,7 @@ "DmarcQuarantineAction": "Quarantine", "PhishThresholdLevel": 2, "TargetedUsersToProtect": [ - "John Doe;jdoe@tqhjy.onmicrosoft.com", - "John Q. Public;jqpublic@tqhjy.onmicrosoft.com" + "John Public;johnpublic@tqhjy.onmicrosoft.com" ], "TargetedUserActionRecipients": [ @@ -13487,7 +13540,7 @@ "OrganizationalUnitRoot": "tqhjy.onmicrosoft.com", "OrganizationId": "NAMPR09A006.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - NAMPR09A006.PROD.OUTLOOK.COM/ConfigurationUnits/tqhjy.onmicrosoft.com/Configuration", "Guid": "1c36a79e-281c-41ac-adf0-441a9ef992c3", - "OriginatingServer": "DM5PR09A006DC10.NAMPR09A006.PROD.OUTLOOK.COM", + "OriginatingServer": "MWHPR09A006DC08.NAMPR09A006.PROD.OUTLOOK.COM", "ObjectState": "Unchanged" }, { @@ -13519,7 +13572,7 @@ "DmarcQuarantineAction": "Quarantine", "PhishThresholdLevel": 3, "TargetedUsersToProtect": [ - "John Doe;jdoe@y2zj1.onmicrosoft.com" + ], "TargetedUserActionRecipients": [ @@ -13557,15 +13610,15 @@ "top", "msExchHostedContentFilterConfig" ], - "WhenChanged": "Date(1712119219000)", + "WhenChanged": "Date(1717562328000)", "WhenCreated": "Date(1659535432000)", - "WhenChangedUTC": "Date(1712119219000)", + "WhenChangedUTC": "Date(1717562328000)", "WhenCreatedUTC": "Date(1659535432000)", "ExchangeObjectId": "c039f211-68f7-43e8-822f-91c1e0e018f7", "OrganizationalUnitRoot": "tqhjy.onmicrosoft.com", "OrganizationId": "NAMPR09A006.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - NAMPR09A006.PROD.OUTLOOK.COM/ConfigurationUnits/tqhjy.onmicrosoft.com/Configuration", "Guid": "c039f211-68f7-43e8-822f-91c1e0e018f7", - "OriginatingServer": "DM5PR09A006DC10.NAMPR09A006.PROD.OUTLOOK.COM", + "OriginatingServer": "MWHPR09A006DC08.NAMPR09A006.PROD.OUTLOOK.COM", "ObjectState": "Unchanged" } ], @@ -13584,6 +13637,7 @@ "Threshold": null, "VolumeThreshold": null, "ExternalScenarioData": { + "DlpRuleMode": "Enable", "DlpRuleId": "2e3f0308-5340-46ac-9f8d-d54f208a8024" }, "TimeWindow": null, @@ -13623,7 +13677,7 @@ "Comment": "", "Disabled": false, "Mode": "Enforce", - "ObjectVersion": "e8dd557d-bb74-4f37-acab-08dbc5cb1f27", + "ObjectVersion": "6a796a7d-d170-433a-266f-08dc7675e3e0", "MaximumBlobRuleLength": 0, "CreatedBy": "", "LastModifiedBy": "", @@ -13638,9 +13692,9 @@ "ObjectClass": [ "msExchUnifiedRule" ], - "WhenChanged": "Date(1696528039000)", + "WhenChanged": "Date(1715952788000)", "WhenCreated": "Date(1651249999000)", - "WhenChangedUTC": "Date(1696528039000)", + "WhenChangedUTC": "Date(1715952788000)", "WhenCreatedUTC": "Date(1651249999000)", "ExchangeObjectId": "b314399f-5d64-4c49-98c3-06deb1be2b6f", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com", @@ -13662,6 +13716,7 @@ "Threshold": null, "VolumeThreshold": null, "ExternalScenarioData": { + "DlpRuleMode": "Disable", "DlpRuleId": "6c63bd2e-3caf-4817-bab8-1794c388b8c8" }, "TimeWindow": null, @@ -13701,7 +13756,7 @@ "Comment": "", "Disabled": false, "Mode": "Enforce", - "ObjectVersion": "4e469c14-ff32-4393-a9b2-08dbfd7ba06e", + "ObjectVersion": "f1bdcd22-6090-46ee-31eb-08dc5b00e60b", "MaximumBlobRuleLength": 0, "CreatedBy": "", "LastModifiedBy": "", @@ -13716,9 +13771,9 @@ "ObjectClass": [ "msExchUnifiedRule" ], - "WhenChanged": "Date(1702651161000)", + "WhenChanged": "Date(1712933859000)", "WhenCreated": "Date(1702651035000)", - "WhenChangedUTC": "Date(1702651161000)", + "WhenChangedUTC": "Date(1712933859000)", "WhenCreatedUTC": "Date(1702651035000)", "ExchangeObjectId": "e95437f3-7b8b-4055-9383-2686e02de873", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com", @@ -13740,8 +13795,9 @@ "Threshold": null, "VolumeThreshold": null, "ExternalScenarioData": { - "DlpRuleId": "07fef34e-65b6-459f-a460-ec6d1ac8edb0", - "EndpointDlpRestrictiveOperations": "FileUploadedToCloud,FileCopiedToClipboard,FileCopiedToRemovableMedia,FileCopiedToNetworkShare,FileAccessedByUnallowedApp,FilePrinted" + "DlpRuleMode": "Disable", + "EndpointDlpRestrictiveOperations": "FileUploadedToCloud,FileCopiedToClipboard,FileCopiedToRemovableMedia,FileCopiedToNetworkShare,FileAccessedByUnallowedApp,FilePrinted", + "DlpRuleId": "07fef34e-65b6-459f-a460-ec6d1ac8edb0" }, "TimeWindow": null, "NotifyUserOnFilterMatch": false, @@ -13780,7 +13836,7 @@ "Comment": "", "Disabled": false, "Mode": "Enforce", - "ObjectVersion": "8500b55a-83aa-49db-1038-08dc4aa0aadf", + "ObjectVersion": "36ba8930-6dea-4556-2acc-08dc5b00ab9a", "MaximumBlobRuleLength": 0, "CreatedBy": "", "LastModifiedBy": "", @@ -13795,9 +13851,9 @@ "ObjectClass": [ "msExchUnifiedRule" ], - "WhenChanged": "Date(1711133310000)", + "WhenChanged": "Date(1712933761000)", "WhenCreated": "Date(1711133310000)", - "WhenChangedUTC": "Date(1711133310000)", + "WhenChangedUTC": "Date(1712933761000)", "WhenCreatedUTC": "Date(1711133310000)", "ExchangeObjectId": "96e8531f-40be-418f-8c4f-341009daf3bb", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com", @@ -13975,6 +14031,7 @@ "Threshold": null, "VolumeThreshold": null, "ExternalScenarioData": { + "DlpRuleMode": "Disable", "DlpRuleId": "af0870b6-6d6d-4bed-95e5-60529f32f325" }, "TimeWindow": null, @@ -14014,7 +14071,7 @@ "Comment": "", "Disabled": false, "Mode": "Enforce", - "ObjectVersion": "aef6370e-9f0d-41b9-a6d9-08dbcf31ce63", + "ObjectVersion": "ebf0c03b-4d8c-43ba-28aa-08dc76747b41", "MaximumBlobRuleLength": 0, "CreatedBy": "", "LastModifiedBy": "", @@ -14029,9 +14086,9 @@ "ObjectClass": [ "msExchUnifiedRule" ], - "WhenChanged": "Date(1697561702000)", + "WhenChanged": "Date(1715952186000)", "WhenCreated": "Date(1696535520000)", - "WhenChangedUTC": "Date(1697561702000)", + "WhenChangedUTC": "Date(1715952186000)", "WhenCreatedUTC": "Date(1696535520000)", "ExchangeObjectId": "44b57ad0-aaf5-4cf5-ab12-db2ff27ea8b6", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com", @@ -14053,8 +14110,9 @@ "Threshold": null, "VolumeThreshold": null, "ExternalScenarioData": { - "DlpRuleId": "37de612f-186b-4069-918f-b4c6f90037a8", - "EndpointDlpRestrictiveOperations": "FileUploadedToCloud,FileCopiedToClipboard,FileCopiedToRemovableMedia,FileCopiedToNetworkShare,FileAccessedByUnallowedApp,FilePrinted" + "DlpRuleMode": "Disable", + "EndpointDlpRestrictiveOperations": "FileUploadedToCloud,FileCopiedToClipboard,FileCopiedToRemovableMedia,FileCopiedToNetworkShare,FileAccessedByUnallowedApp,FilePrinted", + "DlpRuleId": "37de612f-186b-4069-918f-b4c6f90037a8" }, "TimeWindow": null, "NotifyUserOnFilterMatch": false, @@ -14093,7 +14151,7 @@ "Comment": "", "Disabled": false, "Mode": "Enforce", - "ObjectVersion": "2c2fc461-d990-4922-acfe-08dbfd7c0aeb", + "ObjectVersion": "2c2a1a4c-4b60-40b3-319a-08dc5b00c885", "MaximumBlobRuleLength": 0, "CreatedBy": "", "LastModifiedBy": "", @@ -14108,9 +14166,9 @@ "ObjectClass": [ "msExchUnifiedRule" ], - "WhenChanged": "Date(1702651340000)", + "WhenChanged": "Date(1712933810000)", "WhenCreated": "Date(1702651340000)", - "WhenChangedUTC": "Date(1702651340000)", + "WhenChangedUTC": "Date(1712933810000)", "WhenCreatedUTC": "Date(1702651340000)", "ExchangeObjectId": "d46f69a5-6277-49fc-ad26-e0b701c034d0", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com", @@ -14845,7 +14903,7 @@ "Comment": "This alert is triggered when a reply-all storm is detected and at least one reply-all to the mail thread has been blocked. See the Reply-all Storm Protection mail flow report for more information. -V1.0.0.0", "Disabled": false, "Mode": "Enforce", - "ObjectVersion": "073f2143-7626-4989-4373-08dc5376d6f7", + "ObjectVersion": "eeefce15-488d-4e3e-d3dc-08dc855917f2", "MaximumBlobRuleLength": 0, "CreatedBy": "", "LastModifiedBy": "", @@ -14860,10 +14918,10 @@ "ObjectClass": [ "msExchUnifiedRule" ], - "WhenChanged": "Date(1712104905000)", - "WhenCreated": "Date(1712104905000)", - "WhenChangedUTC": "Date(1712104905000)", - "WhenCreatedUTC": "Date(1712104905000)", + "WhenChanged": "Date(1717589688000)", + "WhenCreated": "Date(1717589688000)", + "WhenChangedUTC": "Date(1717589688000)", + "WhenCreatedUTC": "Date(1717589688000)", "ExchangeObjectId": "ce504573-4841-4e45-81e2-21e8a11ba221", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration", @@ -15254,7 +15312,7 @@ "LogicalOperationName": null, "NotificationEnabled": true, "NotifyUser": [ - "cloudsecurity@example.com" + "cloudsecurity@example.net" ], "Severity": "Informational", "Threshold": null, @@ -15330,7 +15388,7 @@ "LogicalOperationName": null, "NotificationEnabled": true, "NotifyUser": [ - "cloudsecurity@example.com" + "cloudsecurity@example.net" ], "Severity": "Informational", "Threshold": null, @@ -15632,7 +15690,7 @@ "LogicalOperationName": null, "NotificationEnabled": true, "NotifyUser": [ - "cloudsecurity@example.com" + "cloudsecurity@example.net" ], "Severity": "Medium", "Threshold": null, @@ -16238,7 +16296,7 @@ "LogicalOperationName": null, "NotificationEnabled": true, "NotifyUser": [ - "cloudsecurity@example.com" + "cloudsecurity@example.net" ], "Severity": "Medium", "Threshold": null, @@ -16466,7 +16524,7 @@ "LogicalOperationName": null, "NotificationEnabled": true, "NotifyUser": [ - "cloudsecurity@example.com" + "cloudsecurity@example.net" ], "Severity": "Informational", "Threshold": null, @@ -16616,7 +16674,7 @@ "LogicalOperationName": null, "NotificationEnabled": true, "NotifyUser": [ - "cloudsecurity@example.com" + "cloudsecurity@example.net" ], "Severity": "High", "Threshold": null, @@ -16764,7 +16822,7 @@ "LogicalOperationName": null, "NotificationEnabled": true, "NotifyUser": [ - "cloudsecurity@cacilabs.net" + "cloudsecurity@example.net" ], "Severity": "High", "Threshold": 2000, @@ -16916,7 +16974,7 @@ "LogicalOperationName": null, "NotificationEnabled": true, "NotifyUser": [ - "cloudsecurity@example.com" + "cloudsecurity@example.net" ], "Severity": "High", "Threshold": null, @@ -17218,7 +17276,7 @@ "LogicalOperationName": null, "NotificationEnabled": true, "NotifyUser": [ - "cloudsecurity@example.com" + "cloudsecurity@example.net" ], "Severity": "Informational", "Threshold": null, @@ -17292,7 +17350,7 @@ "LogicalOperationName": null, "NotificationEnabled": true, "NotifyUser": [ - "cloudsecurity@example.com" + "cloudsecurity@example.net" ], "Severity": "Medium", "Threshold": null, @@ -17772,16 +17830,16 @@ "top", "msExchAdminAuditLogConfig" ], - "WhenChanged": "Date(1712120672000)", + "WhenChanged": "Date(1717564760000)", "WhenCreated": "Date(1619484594000)", - "WhenChangedUTC": "Date(1712120672000)", + "WhenChangedUTC": "Date(1717564760000)", "WhenCreatedUTC": "Date(1619484594000)", "ExchangeObjectId": "35b89a9b-b235-4d67-ba7f-7ddeab032801", "OrganizationalUnitRoot": "tqhjy.onmicrosoft.com", "OrganizationId": "NAMPR09A006.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - NAMPR09A006.PROD.OUTLOOK.COM/ConfigurationUnits/tqhjy.onmicrosoft.com/Configuration", "Id": "Admin Audit Log Settings", "Guid": "97423bd9-ae36-4a1f-a225-5e007478854f", - "OriginatingServer": "DM5PR09A006DC10.NAMPR09A006.PROD.OUTLOOK.COM", + "OriginatingServer": "MWHPR09A006DC08.NAMPR09A006.PROD.OUTLOOK.COM", "IsValid": true, "ObjectState": "Changed" } @@ -17803,19 +17861,20 @@ "top", "msExchHostedContentFilterConfig" ], - "WhenChanged": "Date(1712121120000)", + "WhenChanged": "Date(1717562382000)", "WhenCreated": "Date(1626469503000)", - "WhenChangedUTC": "Date(1712121120000)", + "WhenChangedUTC": "Date(1717562382000)", "WhenCreatedUTC": "Date(1626469503000)", "ExchangeObjectId": "2aaee10f-6955-4976-be8b-ac1952fcb627", "OrganizationalUnitRoot": "tqhjy.onmicrosoft.com", "OrganizationId": "NAMPR09A006.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - NAMPR09A006.PROD.OUTLOOK.COM/ConfigurationUnits/tqhjy.onmicrosoft.com/Configuration", "Guid": "2aaee10f-6955-4976-be8b-ac1952fcb627", - "OriginatingServer": "DM5PR09A006DC10.NAMPR09A006.PROD.OUTLOOK.COM", + "OriginatingServer": "MWHPR09A006DC08.NAMPR09A006.PROD.OUTLOOK.COM", "ObjectState": "Unchanged" } ], "defender_license": true, + "defender_dlp_license": true, "defender_successful_commands": [ "Get-AdminAuditLogConfig", "Get-EOPProtectionPolicyRule", @@ -17864,16 +17923,16 @@ "top", "msExchDomainContentConfig" ], - "WhenChanged": "Date(1712118555000)", + "WhenChanged": "Date(1717562000000)", "WhenCreated": "Date(1619484412000)", - "WhenChangedUTC": "Date(1712118555000)", + "WhenChangedUTC": "Date(1717562000000)", "WhenCreatedUTC": "Date(1619484412000)", "ExchangeObjectId": "2042facf-0e9e-4738-ad60-56d6c5d43b5d", "OrganizationalUnitRoot": "tqhjy.onmicrosoft.com", "OrganizationId": "NAMPR09A006.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - NAMPR09A006.PROD.OUTLOOK.COM/ConfigurationUnits/tqhjy.onmicrosoft.com/Configuration", "Id": "Default", "Guid": "5c597b00-69f6-44cf-b30b-474fb38a1e0a", - "OriginatingServer": "DM5PR09A006DC10.NAMPR09A006.PROD.OUTLOOK.COM", + "OriginatingServer": "MWHPR09A006DC08.NAMPR09A006.PROD.OUTLOOK.COM", "IsValid": true, "ObjectState": "Unchanged" } @@ -17882,8 +17941,8 @@ { "domain": "tqhjy.onmicrosoft.com", "rdata": [ - "mscid=d/1e071KOhkmP8Aanr5sNgUqyTBrvrMx5nKSswPxu5ZsqL0bdAgVo3m7f5VYu+inbKA5YviUPzz/SxNS0ploJQ==", - "v=spf1 include:spf.protection.outlook.com -all" + "v=spf1 include:spf.protection.outlook.com -all", + "mscid=d/1e071KOhkmP8Aanr5sNgUqyTBhaBMx5nKSswPxu5ZsqL0bdAgVo3m7f5VYu+inbKA5YviUPzz/SxNS0ploJQ==" ], "log": [ { @@ -17900,10 +17959,10 @@ "AdminDisplayName": "", "Selector1KeySize": 2048, "Selector1CNAME": "selector1-tqhjy-onmicrosoft-com._domainkey.tqhjy.onmicrosoft.com", - "Selector1PublicKey": "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn/z5b0VYtWAnksnJLIo1HiKP5j0sTa93y6eIe7eRn3EfCMfnw4f0Ew6wmX/2NIsszvF0XG0mkdffCVsUa5WnzDvfhR5fkSMqGI/I4JaR+b8qHdNToVesTbk/kFv+j41TcxWgJw1j4Xeo6URJG6qx1ujh6zshr21/frskm/tq7Qlp7LpQn1uiHDO2g1If9tlvKRxOzxMV8ldzIjU4MKsLlUDLIj/LjezemQXiPsZqrMOe0Kqs3Tusv6IoWKaQpiiooIhsH+0fI2JXyjJu7623jOIAuDtl7YHdR6cC7umMq44tAgEL9Uf8IHv02FoM0B3nSIzs9ier9X4E0/exampleQIDAQAB;", + "Selector1PublicKey": "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAohoPDhGToRO8y7acaWL2w15wsCmwabxgTwODro2c1BeRYXfnUMStICo3w4ZrYDtGZDSA7hm0x7OHujF1CoQnXiBmrQ154wtomPyx3Op/VC6+b9di4z15XBvhXh/fLBUdEJ6wsybMLmQ+WPQA6vsM3UN5Cv5rl2SylFoM//eLmw5R6NmMIj3GQg9b+vQl2cKNXqII2gZrB07P6xt2wW1VA/LPjdRFUEys9YzBgOqM53VaODWDXDIvUH/nPRVAtOEsV19u66jyzZnzcz9a7ATxizix7DnySzI3koVlOGi/+dLx8FYIAZ/75wkH1O/gH8/n4C66uwRm/example+QIDAQAB;", "Selector2KeySize": 2048, "Selector2CNAME": "selector2-tqhjy-onmicrosoft-com._domainkey.tqhjy.onmicrosoft.com", - "Selector2PublicKey": "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyVK8DFIgYjps1Ckt4UjOQiBMqpb9G1WiwIci61Amx0sQzZTD8xb8rRSboEm89e5WRChcpZe7FN7XveJtbWYHmp4+e4niN5wGHaDt7NoCdTQ6dgRdyPa0d4Yf8si1uYYu7iC4LkQMI/zSLAQAQWEEHKqqJPHoAAbyKEuj8vynlWGsCAaprqOjyPqciy4YfcYd5ZISmpY5yJ/FNIrc2FeZjSPb65XzYMtgTbP9xC7lK6kGnBJDKqHaccXhVyvkl39AX4VkMzuVTlZbr120T+zMFDLNCJeNMBabl8JcrL0OYRule+75C3bPO4u/cZ1TmAGknX7apzvavEK2ByexampleQIDAQAB;", + "Selector2PublicKey": "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0N9/MWtBA7REPZSGKz9hfYIgF5jm5uri7RVSkaptlnvK0AI6jmJ4TvZ4beFzrfJDh6cIt5gX0UqnTzF9/0UZeyfRuUQAUew/sXU8FZXEnt+Bxr9k8PkAaqr2ksYhY/n46DxrWu1X/Cz7tye5FBnsTbyI6PnaBCfcgzwFnULaojUtdqSQGF7dt4HcyZGnUX1YLNwhp4Lyi9g1bZF6EdNMYHuKXFIsRo5qmEMagIsi557jGlGNTqTKJ9aZWGiCgjFJ14mTUN/itKXb5RqBAfG9KeZQXk6hWGTe7H9lVOshMZgV4t0FyaisrGg5GselbKZukxcA8xsOndexampleAQIDAQAB;", "Enabled": true, "IsDefault": true, "HeaderCanonicalization": "Relaxed", @@ -17937,7 +17996,7 @@ "OrganizationalUnitRoot": "tqhjy.onmicrosoft.com", "OrganizationId": "NAMPR09A006.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - NAMPR09A006.PROD.OUTLOOK.COM/ConfigurationUnits/tqhjy.onmicrosoft.com/Configuration", "Guid": "476371c0-bf15-4101-84a7-a3a03b4266f1", - "OriginatingServer": "DM5PR09A006DC10.NAMPR09A006.PROD.OUTLOOK.COM", + "OriginatingServer": "MWHPR09A006DC08.NAMPR09A006.PROD.OUTLOOK.COM", "ObjectState": "Unchanged" } ], @@ -17960,13 +18019,8 @@ }, { "query_method": "traditional", - "query_result": "Query returned NXDomain", - "query_name": "selector1-example-mail-onmicrosoft-com._domainkey.tqhjy.onmicrosoft.com" - }, - { - "query_method": "traditional", - "query_result": "Query returned NXDomain", - "query_name": "selector2-example-mail-onmicrosoft-com._domainkey.tqhjy.onmicrosoft.com" + "query_result": "Query returned 2 txt records", + "query_name": "selector1-tqhjy-onmicrosoft-com._domainkey.tqhjy.onmicrosoft.com" } ] } @@ -18106,16 +18160,16 @@ "container", "msExchTransportSettings" ], - "WhenChanged": "Date(1712118761000)", + "WhenChanged": "Date(1717562155000)", "WhenCreated": "Date(1619484398000)", - "WhenChangedUTC": "Date(1712118761000)", + "WhenChangedUTC": "Date(1717562155000)", "WhenCreatedUTC": "Date(1619484398000)", "ExchangeObjectId": "7ef195bd-4f88-46bc-97e6-db6c7665321b", "OrganizationalUnitRoot": "tqhjy.onmicrosoft.com", "OrganizationId": "NAMPR09A006.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - NAMPR09A006.PROD.OUTLOOK.COM/ConfigurationUnits/tqhjy.onmicrosoft.com/Configuration", "Id": "Transport Settings", "Guid": "01d25010-40a8-4d0a-9419-fb1d775b4d16", - "OriginatingServer": "DM5PR09A006DC10.NAMPR09A006.PROD.OUTLOOK.COM", + "OriginatingServer": "MWHPR09A006DC08.NAMPR09A006.PROD.OUTLOOK.COM", "IsValid": true, "ObjectState": "Unchanged" } @@ -18146,7 +18200,7 @@ "OrganizationId": "NAMPR09A006.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - NAMPR09A006.PROD.OUTLOOK.COM/ConfigurationUnits/tqhjy.onmicrosoft.com/Configuration", "Id": "Default Sharing Policy", "Guid": "137df5c0-4fe4-49bb-923c-e2bdfd89f448", - "OriginatingServer": "DM5PR09A006DC10.NAMPR09A006.PROD.OUTLOOK.COM", + "OriginatingServer": "MWHPR09A006DC08.NAMPR09A006.PROD.OUTLOOK.COM", "IsValid": true, "ObjectState": "Changed" } @@ -18157,7 +18211,7 @@ "DlpPolicy": null, "DlpPolicyId": "00000000-0000-0000-0000-000000000000", "Comments": null, - "CreatedBy": "Top Dog", + "CreatedBy": "John Public", "LastModifiedBy": "Microsoft Exchange", "ManuallyModified": false, "ActivationDate": null, @@ -18356,9 +18410,219 @@ "Guid": "d60d0c37-4f9d-4bcb-8b5e-2c91edfd4cbb", "ImmutableId": "d60d0c37-4f9d-4bcb-8b5e-2c91edfd4cbb", "OrganizationId": "NAMPR09A006.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - NAMPR09A006.PROD.OUTLOOK.COM/ConfigurationUnits/tqhjy.onmicrosoft.com/Configuration", - "Name": "Sender is located outside the organization prepend \"[External]\"", + "Name": "Sender is located outside the organization prepend \"[External]\"", + "IsValid": true, + "WhenChanged": "Date(1717562280000)", + "ExchangeVersion": "0.1 (8.0.535.0)", + "ObjectState": "Unchanged" + }, + { + "Priority": 1, + "DlpPolicy": null, + "DlpPolicyId": "00000000-0000-0000-0000-000000000000", + "Comments": null, + "CreatedBy": "John Public", + "LastModifiedBy": "Microsoft Exchange", + "ManuallyModified": false, + "ActivationDate": null, + "ExpiryDate": null, + "Description": "If the message:\r\n\tIs received from \u0027Outside the organization\u0027\r\nTake the following actions:\r\n\tPrepend the subject with \u0027[External]\u0027\r\n", + "RuleVersion": { + "Major": 14, + "Minor": 0, + "Build": 0, + "Revision": 0, + "MajorRevision": 0, + "MinorRevision": 0 + }, + "Size": 327, + "Conditions": [ + "Microsoft.Exchange.MessagingPolicies.Rules.Tasks.FromScopePredicate" + ], + "Exceptions": null, + "Actions": [ + "Microsoft.Exchange.MessagingPolicies.Rules.Tasks.PrependSubjectAction" + ], + "State": "Enabled", + "Mode": "Enforce", + "IsRuleConfigurationSupported": true, + "RuleConfigurationUnsupportedReason": "", + "RuleErrorAction": "Ignore", + "SenderAddressLocation": "Header", + "RecipientAddressType": "Resolved", + "RuleSubType": "None", + "RegexSize": 0, + "UseLegacyRegex": false, + "From": null, + "FromMemberOf": null, + "FromScope": "NotInOrganization", + "SentTo": null, + "SentToMemberOf": null, + "SentToScope": null, + "BetweenMemberOf1": null, + "BetweenMemberOf2": null, + "ManagerAddresses": null, + "ManagerForEvaluatedUser": null, + "SenderManagementRelationship": null, + "ADComparisonAttribute": null, + "ADComparisonOperator": null, + "SenderADAttributeContainsWords": null, + "SenderADAttributeMatchesPatterns": null, + "RecipientADAttributeContainsWords": null, + "RecipientADAttributeMatchesPatterns": null, + "AnyOfToHeader": null, + "AnyOfToHeaderMemberOf": null, + "AnyOfCcHeader": null, + "AnyOfCcHeaderMemberOf": null, + "AnyOfToCcHeader": null, + "AnyOfToCcHeaderMemberOf": null, + "HasClassification": null, + "HasNoClassification": false, + "SubjectContainsWords": null, + "SubjectOrBodyContainsWords": null, + "HeaderContainsMessageHeader": null, + "HeaderContainsWords": null, + "FromAddressContainsWords": null, + "SenderDomainIs": null, + "RecipientDomainIs": null, + "SubjectMatchesPatterns": null, + "SubjectOrBodyMatchesPatterns": null, + "HeaderMatchesMessageHeader": null, + "HeaderMatchesPatterns": null, + "FromAddressMatchesPatterns": null, + "AttachmentNameMatchesPatterns": null, + "AttachmentExtensionMatchesWords": null, + "AttachmentPropertyContainsWords": null, + "ContentCharacterSetContainsWords": null, + "HasSenderOverride": false, + "MessageContainsDataClassifications": null, + "MessageContainsAllDataClassifications": null, + "SenderIpRanges": null, + "SCLOver": null, + "AttachmentSizeOver": null, + "MessageSizeOver": null, + "WithImportance": null, + "MessageTypeMatches": null, + "RecipientAddressContainsWords": null, + "RecipientAddressMatchesPatterns": null, + "SenderInRecipientList": null, + "RecipientInSenderList": null, + "AttachmentContainsWords": null, + "AttachmentMatchesPatterns": null, + "AttachmentIsUnsupported": false, + "AttachmentProcessingLimitExceeded": false, + "AttachmentHasExecutableContent": false, + "AttachmentIsPasswordProtected": false, + "AnyOfRecipientAddressContainsWords": null, + "AnyOfRecipientAddressMatchesPatterns": null, + "ExceptIfFrom": null, + "ExceptIfFromMemberOf": null, + "ExceptIfFromScope": null, + "ExceptIfSentTo": null, + "ExceptIfSentToMemberOf": null, + "ExceptIfSentToScope": null, + "ExceptIfBetweenMemberOf1": null, + "ExceptIfBetweenMemberOf2": null, + "ExceptIfManagerAddresses": null, + "ExceptIfManagerForEvaluatedUser": null, + "ExceptIfSenderManagementRelationship": null, + "ExceptIfADComparisonAttribute": null, + "ExceptIfADComparisonOperator": null, + "ExceptIfSenderADAttributeContainsWords": null, + "ExceptIfSenderADAttributeMatchesPatterns": null, + "ExceptIfRecipientADAttributeContainsWords": null, + "ExceptIfRecipientADAttributeMatchesPatterns": null, + "ExceptIfAnyOfToHeader": null, + "ExceptIfAnyOfToHeaderMemberOf": null, + "ExceptIfAnyOfCcHeader": null, + "ExceptIfAnyOfCcHeaderMemberOf": null, + "ExceptIfAnyOfToCcHeader": null, + "ExceptIfAnyOfToCcHeaderMemberOf": null, + "ExceptIfHasClassification": null, + "ExceptIfHasNoClassification": false, + "ExceptIfSubjectContainsWords": null, + "ExceptIfSubjectOrBodyContainsWords": null, + "ExceptIfHeaderContainsMessageHeader": null, + "ExceptIfHeaderContainsWords": null, + "ExceptIfFromAddressContainsWords": null, + "ExceptIfSenderDomainIs": null, + "ExceptIfRecipientDomainIs": null, + "ExceptIfSubjectMatchesPatterns": null, + "ExceptIfSubjectOrBodyMatchesPatterns": null, + "ExceptIfHeaderMatchesMessageHeader": null, + "ExceptIfHeaderMatchesPatterns": null, + "ExceptIfFromAddressMatchesPatterns": null, + "ExceptIfAttachmentNameMatchesPatterns": null, + "ExceptIfAttachmentExtensionMatchesWords": null, + "ExceptIfAttachmentPropertyContainsWords": null, + "ExceptIfContentCharacterSetContainsWords": null, + "ExceptIfSCLOver": null, + "ExceptIfAttachmentSizeOver": null, + "ExceptIfMessageSizeOver": null, + "ExceptIfWithImportance": null, + "ExceptIfMessageTypeMatches": null, + "ExceptIfRecipientAddressContainsWords": null, + "ExceptIfRecipientAddressMatchesPatterns": null, + "ExceptIfSenderInRecipientList": null, + "ExceptIfRecipientInSenderList": null, + "ExceptIfAttachmentContainsWords": null, + "ExceptIfAttachmentMatchesPatterns": null, + "ExceptIfAttachmentIsUnsupported": false, + "ExceptIfAttachmentProcessingLimitExceeded": false, + "ExceptIfAttachmentHasExecutableContent": false, + "ExceptIfAttachmentIsPasswordProtected": false, + "ExceptIfAnyOfRecipientAddressContainsWords": null, + "ExceptIfAnyOfRecipientAddressMatchesPatterns": null, + "ExceptIfHasSenderOverride": false, + "ExceptIfMessageContainsDataClassifications": null, + "ExceptIfMessageContainsAllDataClassifications": null, + "ExceptIfSenderIpRanges": null, + "PrependSubject": "[External]", + "SetAuditSeverity": null, + "ApplyClassification": null, + "ApplyHtmlDisclaimerLocation": null, + "ApplyHtmlDisclaimerText": null, + "ApplyHtmlDisclaimerFallbackAction": null, + "ApplyRightsProtectionTemplate": null, + "ApplyRightsProtectionCustomizationTemplate": null, + "SetSCL": null, + "SetHeaderName": null, + "SetHeaderValue": null, + "RemoveHeader": null, + "AddToRecipients": null, + "CopyTo": null, + "BlindCopyTo": null, + "AddManagerAsRecipientType": null, + "ModerateMessageByUser": null, + "ModerateMessageByManager": false, + "RedirectMessageTo": null, + "RejectMessageEnhancedStatusCode": null, + "RejectMessageReasonText": null, + "DeleteMessage": false, + "Disconnect": false, + "Quarantine": false, + "SmtpRejectMessageRejectText": null, + "SmtpRejectMessageRejectStatusCode": null, + "LogEventText": null, + "StopRuleProcessing": false, + "SenderNotificationType": null, + "GenerateIncidentReport": null, + "IncidentReportContent": null, + "RouteMessageOutboundConnector": null, + "RouteMessageOutboundRequireTls": false, + "ApplyOME": false, + "RemoveOME": false, + "RemoveOMEv2": false, + "RemoveRMSAttachmentEncryption": false, + "GenerateNotification": null, + "Identity": "Sender Warning", + "DistinguishedName": "CN=Sender Warning,CN=TransportVersioned,CN=Rules,CN=Transport Settings,CN=Configuration,CN=tqhjy.onmicrosoft.com,CN=ConfigurationUnits,DC=NAMPR09A006,DC=PROD,DC=OUTLOOK,DC=COM", + "Guid": "dbc63ee9-ad16-4faf-81c9-55ae2881e3ed", + "ImmutableId": "dbc63ee9-ad16-4faf-81c9-55ae2881e3ed", + "OrganizationId": "NAMPR09A006.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - NAMPR09A006.PROD.OUTLOOK.COM/ConfigurationUnits/tqhjy.onmicrosoft.com/Configuration", + "Name": "Sender Warning", "IsValid": true, - "WhenChanged": "Date(1712118891000)", + "WhenChanged": "Date(1717562298000)", "ExchangeVersion": "0.1 (8.0.535.0)", "ObjectState": "Unchanged" } @@ -18386,15 +18650,15 @@ "top", "msExchHostedConnectionFilterPolicy" ], - "WhenChanged": "Date(1712119159000)", + "WhenChanged": "Date(1717562554000)", "WhenCreated": "Date(1619484586000)", - "WhenChangedUTC": "Date(1712119159000)", + "WhenChangedUTC": "Date(1717562554000)", "WhenCreatedUTC": "Date(1619484586000)", "ExchangeObjectId": "7021b7cf-b9fa-4280-94ff-fba468dbb0ab", "OrganizationalUnitRoot": "tqhjy.onmicrosoft.com", "OrganizationId": "NAMPR09A006.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - NAMPR09A006.PROD.OUTLOOK.COM/ConfigurationUnits/tqhjy.onmicrosoft.com/Configuration", "Guid": "ddb99cb3-211b-47ee-bc9c-86e6c8d0e692", - "OriginatingServer": "DM5PR09A006DC10.NAMPR09A006.PROD.OUTLOOK.COM", + "OriginatingServer": "MWHPR09A006DC08.NAMPR09A006.PROD.OUTLOOK.COM", "ObjectState": "Unchanged" } ], @@ -18441,9 +18705,9 @@ "environments": "@{disablePreferredDataLocationForTeamsEnvironment=False}", "governance": "@{disableAdminDigest=False; disableDeveloperEnvironmentCreationByNonAdminUsers=False; enableDefaultEnvironmentRouting=False; policy=; environmentRoutingAllMakers=False}", "licensing": "@{disableBillingPolicyCreationByNonAdminUsers=False; enableTenantCapacityReportForEnvironmentAdmins=False; storageCapacityConsumptionWarningThreshold=85; enableTenantLicensingReportForEnvironmentAdmins=False; disableUseOfUnassignedAIBuilderCredits=False}", - "powerPages": "", + "powerPages": "@{enableGenerativeAIFeaturesForSiteUsers=All}", "champions": "@{disableChampionsInvitationReachout=False; disableSkillsMatchInvitationReachout=False}", - "intelligence": "@{disableCopilot=False; enableOpenAiBotPublishing=True; disableCopilotFeedback=True; disableCopilotFeedbackMetadata=False}", + "intelligence": "@{disableCopilot=False; enableOpenAiBotPublishing=False; disableCopilotFeedback=True; disableCopilotFeedbackMetadata=False}", "modelExperimentation": "@{enableModelDataSharing=False; disableDataLogging=False}", "catalogSettings": "@{powerCatalogAudienceSetting=All}", "userManagementSettings": "@{enableDeleteDisabledUserinAllEnvironments=False}", @@ -18456,7 +18720,7 @@ { "value": [ { - "name": "dc769829-e705-4c1e-a19b-4961102d236e", + "name": "05f3cae7-fdf3-41d7-af81-6d7982810e8d", "displayName": "DLP functional test", "defaultConnectorsClassification": "General", "connectorGroups": [ @@ -18490,12 +18754,12 @@ "createdBy": { "displayName": "Service Principal (754baa5d-03d8-401a-a3d4-c2178cac1adc)" }, - "createdTime": "2024-04-03T04:30:26.7862702Z", + "createdTime": "2024-06-05T04:31:32.9182239Z", "lastModifiedBy": { "displayName": "Service Principal (754baa5d-03d8-401a-a3d4-c2178cac1adc)" }, - "lastModifiedTime": "2024-04-03T04:30:26.7862702Z", - "etag": "84b5f54a-6e84-4aec-8450-45d14653103d", + "lastModifiedTime": "2024-06-05T04:31:32.9182239Z", + "etag": "84ac9b77-d76d-48d9-93d5-42787e5d1689", "isLegacySchemaVersion": true } ] @@ -18511,9 +18775,42 @@ } ], "environment_list": [ + { + "EnvironmentName": "407cbeff-b477-e3b4-9ca7-097888a9ec4e", + "DisplayName": "Test-NonDefault (orgffbba88c)", + "Description": "Testing MS.POWERPLATFORM.2.2", + "IsDefault": false, + "Location": "usgov", + "CreatedTime": "2023-12-06T20:18:16.9766324Z", + "CreatedBy": { + "id": "c8975770-8c3d-43ef-8466-678584a32de5", + "displayName": "John Doe", + "email": "johndoe@tqhjy.onmicrosoft.com", + "type": "User", + "tenantId": "ca08493a-c9c8-4db0-a9e8-d3b4bafac269", + "userPrincipalName": "johndoe@tqhjy.onmicrosoft.com" + }, + "LastModifiedTime": "2023-12-06T20:18:27.5107576Z", + "LastModifiedBy": null, + "CreationType": "User", + "EnvironmentType": "Sandbox", + "CommonDataServiceDatabaseProvisioningState": "Succeeded", + "CommonDataServiceDatabaseType": "Common Data Service for Apps", + "Internal": { + "id": "/providers/Microsoft.BusinessAppPlatform/scopes/admin/environments/407cbeff-b477-e3b4-9ca7-097888a9ec4e", + "type": "Microsoft.BusinessAppPlatform/scopes/environments", + "location": "usgov", + "name": "407cbeff-b477-e3b4-9ca7-097888a9ec4e", + "properties": "@{tenantId=ca08493a-c9c8-4db0-a9e8-d3b4bafac269; azureRegionHint=usgovtexas; displayName=Test-NonDefault (orgffbba88c); description=Testing MS.POWERPLATFORM.2.2; createdTime=2023-12-06T20:18:16.9766324Z; createdBy=; lastModifiedTime=2023-12-06T20:18:27.5107576Z; provisioningState=Succeeded; creationType=User; environmentSku=Sandbox; environmentType=Production; isDefault=False; permissions=; runtimeEndpoints=; linkedEnvironmentMetadata=; trialScenarioType=None; notificationMetadata=; retentionPeriod=P7D; states=; updateCadence=; retentionDetails=; protectionStatus=; cluster=; connectedGroups=System.Object[]; lifecycleOperationsEnforcement=; governanceConfiguration=; bingChatEnabled=False}" + }, + "InternalCds": null, + "OrganizationId": "af751393-6f94-ee11-8175-001dd804a214", + "SecurityGroupId": "f13e38d1-c8bb-486e-aa73-f0383d04050d", + "RetentionPeriod": 7 + }, { "EnvironmentName": "Default-ca08493a-c9c8-4db0-a9e8-d3b4bafac269", - "DisplayName": "tqhjy (default) (org8537b7dc)", + "DisplayName": "tqhjy (default) (org1234abcd)", "Description": null, "IsDefault": true, "Location": "usgov", @@ -18534,7 +18831,7 @@ "type": "Microsoft.BusinessAppPlatform/scopes/environments", "location": "usgov", "name": "Default-ca08493a-c9c8-4db0-a9e8-d3b4bafac269", - "properties": "@{tenantId=ca08493a-c9c8-4db0-a9e8-d3b4bafac269; azureRegionHint=usgovtexas; displayName=tqhjy (default) (org8537b7dc); createdTime=2021-12-13T20:40:14.1749137Z; createdBy=; provisioningState=Succeeded; creationType=DefaultTenant; environmentSku=Default; environmentType=Production; isDefault=True; permissions=; runtimeEndpoints=; linkedEnvironmentMetadata=; trialScenarioType=None; retentionPeriod=P7D; states=; updateCadence=; retentionDetails=; protectionStatus=; cluster=; connectedGroups=System.Object[]; lifecycleOperationsEnforcement=; governanceConfiguration=; bingChatEnabled=False}" + "properties": "@{tenantId=ca08493a-c9c8-4db0-a9e8-d3b4bafac269; azureRegionHint=usgovtexas; displayName=tqhjy (default) (org1234abcd); createdTime=2021-12-13T20:40:14.1749137Z; createdBy=; provisioningState=Succeeded; creationType=DefaultTenant; environmentSku=Default; environmentType=Production; isDefault=True; permissions=; runtimeEndpoints=; linkedEnvironmentMetadata=; trialScenarioType=None; retentionPeriod=P7D; states=; updateCadence=; retentionDetails=; protectionStatus=; cluster=; connectedGroups=System.Object[]; lifecycleOperationsEnforcement=; governanceConfiguration=; bingChatEnabled=False}" }, "InternalCds": null, "OrganizationId": "ff4adc41-8f11-42a1-9e5a-d208f91a6db4", @@ -18552,8 +18849,8 @@ ], "SPO_tenant": [ { - "HideDefaultThemes": false, "StorageQuota": 1355776, + "BonusStorageQuotaMB": 0, "StorageQuotaAllocated": 0, "ResourceQuota": 0, "ResourceQuotaAllocated": 0, @@ -18561,6 +18858,7 @@ "CompatibilityRange": "15,15", "ExternalServicesEnabled": true, "NoAccessRedirectUrl": null, + "ArchiveRedirectUrl": null, "SharingCapability": 0, "DisplayStartASiteOption": true, "StartASiteFormUrl": null, @@ -18568,13 +18866,20 @@ "ShowAllUsersClaim": false, "OfficeClientADALDisabled": false, "LegacyAuthProtocolsEnabled": false, + "DisableCustomAppAuthentication": true, + "IsSharePointAddInsDisabled": false, + "SiteOwnerManageLegacyServicePrincipalEnabled": false, "ShowEveryoneExceptExternalUsersClaim": true, + "AllowEveryoneExceptExternalUsersClaimInPrivateSite": true, "SearchResolveExactEmailOrUPN": false, - "RequireAcceptingAccountMatchInvitedAccount": true, + "RequireAcceptingAccountMatchInvitedAccount": false, "ProvisionSharedWithEveryoneFolder": false, "SignInAccelerationDomain": "", "EnableGuestSignInAcceleration": false, "UsePersistentCookiesForExplorerView": false, + "ContentTypeSyncSiteTemplatesList": [ + + ], "BccExternalSharingInvitations": false, "BccExternalSharingInvitationsList": null, "UserVoiceForFeedbackEnabled": true, @@ -18584,21 +18889,25 @@ ], "RequireAnonymousLinksExpireInDays": 30, - "SharingAllowedDomainList": "admirable.example.org good.example.com", - "SharingBlockedDomainList": "evil.example.net nefarious.example.info", - "SharingDomainRestrictionMode": 0, + "SharingAllowedDomainList": "admirable.us good.org", + "SharingBlockedDomainList": "evil.is.us nefarious.com", + "SharingDomainRestrictionMode": 1, "OneDriveForGuestsEnabled": false, "IPAddressEnforcement": false, "IPAddressAllowList": "", "IPAddressWACTokenLifetime": 15, + "EnableTenantRestrictionsInsights": false, + "EnablePromotedFileHandlers": true, "UseFindPeopleInPeoplePicker": false, - "DefaultSharingLinkType": 3, + "DefaultSharingLinkType": 1, "ODBMembersCanShare": 0, "ODBAccessRequests": 0, "PreventExternalUsersFromResharing": true, "ShowPeoplePickerSuggestionsForGuestUsers": false, + "AppOnlyBypassPeoplePickerPolicies": false, + "EnableDiscoverableByOrganizationForVideos": true, "FileAnonymousLinkType": 1, - "FolderAnonymousLinkType": 1, + "FolderAnonymousLinkType": 2, "NotifyOwnersWhenItemsReshared": true, "NotifyOwnersWhenInvitationsAccepted": true, "NotificationsInOneDriveForBusinessEnabled": true, @@ -18606,110 +18915,234 @@ "SpecialCharactersStateInFileFolderNames": 1, "OwnerAnonymousNotification": true, "CommentsOnSitePagesDisabled": false, + "CommentsOnFilesDisabled": false, + "CommentsOnListItemsDisabled": false, + "ViewersCanCommentOnMediaDisabled": false, "SocialBarOnSitePagesDisabled": false, "OrphanedPersonalSitesRetentionPeriod": 90, "PermissiveBrowserFileHandlingOverride": false, "DisallowInfectedFileDownload": false, "DefaultLinkPermission": 1, + "CustomizedExternalSharingServiceUrl": "", "ConditionalAccessPolicy": 0, "AllowDownloadingNonWebViewableFiles": true, + "LimitedAccessFileType": 1, "AllowEditing": true, "ApplyAppEnforcedRestrictionsToAdHocRecipients": true, "FilePickerExternalImageSearchEnabled": true, "EmailAttestationRequired": true, - "EmailAttestationReAuthDays": 30, + "EmailAttestationReAuthDays": 29, "DisabledWebPartIds": null, - "DisableCustomAppAuthentication": true, + "EnableMinimumVersionRequirement": true, "MarkNewFilesSensitiveByDefault": 0, - "StopNew2013Workflows": false, - "ViewInFileExplorerEnabled": false, - "DisableSpacesActivation": false, - "AllowFilesWithKeepLabelToBeDeletedSPO": true, - "AllowFilesWithKeepLabelToBeDeletedODB": true, - "DisableAddToOneDrive": false, - "IsFluidEnabled": true, - "DisablePersonalListCreation": false, + "EnableAIPIntegration": false, + "AllowCommentsTextOnEmailEnabled": true, + "ConditionalAccessPolicyErrorHelpLink": "", + "EnableAzureADB2BIntegration": false, + "IncludeAtAGlanceInShareEmails": true, "ExternalUserExpirationRequired": true, "ExternalUserExpireInDays": 100, - "DisplayNamesOfFileViewers": true, - "DisplayNamesOfFileViewersInSpo": true, + "BlockDownloadLinksFileType": 1, + "AnyoneLinkTrackUsers": false, + "OneDriveLoopDefaultSharingLinkScope": -1, + "OneDriveLoopDefaultSharingLinkRole": 0, + "OneDriveRequestFilesLinkEnabled": false, + "OneDriveRequestFilesLinkExpirationInDays": 1, + "OneDriveSharingCapability": 0, + "OneDriveDefaultShareLinkScope": -1, + "OneDriveDefaultShareLinkRole": 0, + "OneDriveDefaultLinkToExistingAccess": false, + "OneDriveBlockGuestsAsSiteAdmin": 0, + "CoreLoopDefaultSharingLinkScope": -1, + "CoreLoopDefaultSharingLinkRole": 0, + "CoreSharingCapability": 0, + "CoreRequestFilesLinkEnabled": false, + "CoreRequestFilesLinkExpirationInDays": 10, + "CoreDefaultShareLinkScope": -1, + "CoreDefaultShareLinkRole": 0, + "CoreDefaultLinkToExistingAccess": false, + "CoreBlockGuestsAsSiteAdmin": 0, + "BlockAppAccessWithAuthenticationContext": false, + "AllowAnonymousMeetingParticipantsToAccessWhiteboards": 0, + "Workflows2013State": 2, + "IsFluidEnabled": true, + "IsWBFluidEnabled": true, + "IsCollabMeetingNotesFluidEnabled": true, "IsLoopEnabled": true, + "DisableDocumentLibraryDefaultLabeling": false, + "EnableSensitivityLabelForPDF": false, + "BlockSendLabelMismatchEmail": false, + "LabelMismatchEmailHelpLink": null, + "DisableAddShortcutsToOneDrive": false, + "EnableAutoNewsDigest": true, + "Workflow2010Disabled": true, + "StopNew2010Workflows": false, + "StopNew2013Workflows": false, + "DisableBackToClassic": false, + "BlockUserInfoVisibility": "ExternalPeopleInOD", + "BlockUserInfoVisibilityInOneDrive": 1, + "BlockUserInfoVisibilityInSharePoint": 0, + "AllowOverrideForBlockUserInfoVisibility": false, + "InformationBarriersSuspension": true, + "IBImplicitGroupBased": false, + "AppBypassInformationBarriers": false, + "DefaultOneDriveInformationBarrierMode": "Explicit", + "AllOrganizationSecurityGroupId": null, + "DisablePersonalListCreation": false, "DisabledModernListTemplateIds": [ ], - "RestrictedAccessControl": false + "DisableSpacesActivation": false, + "DisableVivaConnectionsAnalytics": false, + "HideSyncButtonOnTeamSite": false, + "AllowGuestUserShareToUsersNotInSiteCollection": false, + "DisableOutlookPSTVersionTrimming": false, + "EnableVersionExpirationSetting": false, + "EnableAutoExpirationVersionTrim": false, + "ExpireVersionsAfterDays": 0, + "MajorVersionLimit": 500, + "StreamLaunchConfig": 0, + "MediaTranscription": 0, + "MediaTranscriptionAutomaticFeatures": 0, + "ViewInFileExplorerEnabled": false, + "AuthContextResilienceMode": 0, + "ReduceTempTokenLifetimeEnabled": false, + "ReduceTempTokenLifetimeValue": 15, + "ShowOpenInDesktopOptionForSyncedFiles": false, + "ShowPeoplePickerGroupSuggestionsForIB": false, + "EnableRestrictedAccessControl": false, + "BlockDownloadFileTypePolicy": false, + "BlockDownloadFileTypeIds": [ + + ], + "ExcludedBlockDownloadGroupIds": [ + + ], + "TlsTokenBindingPolicyValue": 0, + "LegacyBrowserAuthProtocolsEnabled": true, + "RecycleBinRetentionPeriod": 93, + "IsEnableAppAuthPopUpEnabled": false, + "IsDataAccessInCardDesignerEnabled": false, + "MassDeleteNotificationDisabled": false, + "BusinessConnectivityServiceDisabled": false, + "RansomwareProtectionEnabled": false, + "AllowSensitivityLabelOnRecords": false, + "DelayDenyAddAndCustomizePagesEnforcement": false, + "EsignatureEnabled": false, + "ESignatureSiteList": [ + + ], + "ESignatureThirdPartyProviderInfoList": [ + "\"{\\\"ProviderName\\\":\\\"DocuSign\\\",\\\"IsEnabled\\\":false}\"", + "\"{\\\"ProviderName\\\":\\\"AdobeSign\\\",\\\"IsEnabled\\\":false}\"" + ] } ], "SPO_site": [ { - "AllowDownloadingNonWebViewableFiles": false, - "AllowEditing": true, - "AllowSelfServiceUpgrade": true, - "AnonymousLinkExpirationInDays": 30, - "BlockDownloadLinksFileType": 1, - "CommentsOnSitePagesDisabled": false, + "LastContentModifiedDate": "Date(1714422719717)", + "Status": "Active", + "ArchiveStatus": "NotArchived", + "BonusDiskQuota": 0, + "ResourceUsageCurrent": 0, + "ResourceUsageAverage": 0, + "StorageUsageCurrent": 1, + "LockIssue": null, + "WebsCount": 1, "CompatibilityLevel": 15, - "ConditionalAccessPolicy": 0, - "DefaultLinkPermission": 0, - "DefaultLinkToExistingAccess": false, - "DefaultSharingLinkType": 0, - "DenyAddAndCustomizePages": 2, - "Description": "", - "DisableAppViews": 2, - "DisableCompanyWideSharingLinks": 2, - "DisableFlows": 2, "DisableSharingForNonOwnersStatus": null, - "ExternalUserExpirationInDays": 0, - "GroupId": "00000000-0000-0000-0000-000000000000", "HubSiteId": "00000000-0000-0000-0000-000000000000", - "InformationSegment": null, "IsHubSite": false, - "LastContentModifiedDate": "Date(1711475812767)", - "LimitedAccessFileType": 1, + "RelatedGroupId": "00000000-0000-0000-0000-000000000000", + "GroupId": "00000000-0000-0000-0000-000000000000", + "Url": "https://tqhjy.sharepoint.com/", "LocaleId": 1033, - "LockIssue": null, "LockState": "Unlock", - "OverrideTenantAnonymousLinkExpirationPolicy": true, - "OverrideTenantExternalUserExpirationPolicy": false, "Owner": "c64580cf-5b99-4c0a-b15b-db035c63e177", - "OwnerEmail": null, - "OwnerLoginName": "c:0t.c|tenant|c64580cf-5b99-4c0a-b15b-db035c63e177", - "OwnerName": "Global Administrator", - "ProtectionLevelName": null, - "PWAEnabled": 1, - "RelatedGroupId": "00000000-0000-0000-0000-000000000000", + "StorageQuota": 26214400, + "StorageQuotaWarningLevel": 25574400, "ResourceQuota": 300, "ResourceQuotaWarningLevel": 255, - "ResourceUsageAverage": 0, - "ResourceUsageCurrent": 0, - "RestrictedToGeo": 3, + "Template": "SITEPAGEPUBLISHING#0", + "Title": "Communication site", + "AllowSelfServiceUpgrade": true, + "DenyAddAndCustomizePages": 2, + "PWAEnabled": 1, + "SharingCapability": 0, + "SiteDefinedSharingCapability": 2, "SandboxedCodeActivationCapability": 2, - "SensitivityLabel": null, + "DisableCompanyWideSharingLinks": 2, + "DisableAppViews": 2, + "DisableFlows": 2, + "AuthenticationContextName": null, + "StorageQuotaType": null, + "RestrictedToGeo": 3, + "ShowPeoplePickerSuggestionsForGuestUsers": false, + "SharingDomainRestrictionMode": 0, "SharingAllowedDomainList": "", "SharingBlockedDomainList": "", - "SharingCapability": 0, - "SharingDomainRestrictionMode": 0, - "ShowPeoplePickerSuggestionsForGuestUsers": false, - "SiteDefinedSharingCapability": 2, + "ConditionalAccessPolicy": 0, + "AllowDownloadingNonWebViewableFiles": false, + "LimitedAccessFileType": 1, + "AllowEditing": true, + "SensitivityLabel": null, + "CommentsOnSitePagesDisabled": false, "SocialBarOnSitePagesDisabled": false, - "Status": "Active", - "StorageQuota": 26214400, - "StorageQuotaType": null, - "StorageQuotaWarningLevel": 25574400, - "StorageUsageCurrent": 1, - "Template": "SITEPAGEPUBLISHING#0", - "Title": "Communication site", - "Url": "https://tqhjy.sharepoint.com/", - "WebsCount": 1 + "DefaultSharingLinkType": 0, + "DefaultLinkPermission": 0, + "DefaultLinkToExistingAccess": false, + "AnonymousLinkExpirationInDays": 30, + "OverrideTenantAnonymousLinkExpirationPolicy": true, + "ExternalUserExpirationInDays": 0, + "OverrideTenantExternalUserExpirationPolicy": false, + "SharingLockDownEnabled": false, + "SharingLockDownCanBeCleared": true, + "InformationSegment": [ + + ], + "InformationBarriersMode": "", + "BlockDownloadLinksFileType": 1, + "OverrideBlockUserInfoVisibility": 0, + "IsTeamsConnected": false, + "IsTeamsChannelConnected": false, + "TeamsChannelType": 0, + "MediaTranscription": 0, + "ExcludedBlockDownloadGroupIds": [ + + ], + "ExcludeBlockDownloadPolicySiteOwners": false, + "ReadOnlyForBlockDownloadPolicy": false, + "ExcludeBlockDownloadSharePointGroups": [ + + ], + "BlockDownloadPolicy": false, + "LoopDefaultSharingLinkScope": -1, + "LoopDefaultSharingLinkRole": 0, + "RequestFilesLinkEnabled": false, + "RequestFilesLinkExpirationInDays": -1, + "OverrideSharingCapability": false, + "DefaultShareLinkScope": -1, + "DefaultShareLinkRole": 0, + "BlockGuestsAsSiteAdmin": 0, + "ReadOnlyForUnmanagedDevices": false, + "RestrictedAccessControl": false, + "AuthenticationContextLimitedAccess": false, + "RestrictedAccessControlGroups": [ + + ], + "ListsShowHeaderAndNavigation": false, + "EnableAutoExpirationVersionTrim": false, + "ExpireVersionsAfterDays": 0, + "MajorVersionLimit": 0 } ], - "OneDrive_PnP_Flag": true, + "OneDrive_PnP_Flag": false, "SharePoint_successful_commands": [ "Get-MgBetaOrganization", - "Get-PnPTenant", - "Get-PnPTenantSite", "Get-SPOTenant", - "Get-SPOSite" + "Get-SPOSite", + "Get-PnPTenant", + "Get-PnPTenantSite" ], "SharePoint_unsuccessful_commands": [ @@ -18726,60 +19159,56 @@ "CompanyPartnership": [ "Microsoft.Teams.ConfigAPI.Cmdlets.Generated.Models.CompanyPartnership" ], - "CompanyTags": [ - "servicescope.microsoft.com/ServiceScope=GCC", - "o365.microsoft.com/startdate=637492760673881089", - "o365.microsoft.com/version=15" - ], + "CompanyTags": null, "Country": null, "CountryAbbreviation": "US", "DefaultPoolFqdn": null, "DirSyncEnabled": true, "DisplayName": "tqhjy", - "LastSyncTimeStamp": "Date(1707351996744)", + "LastSyncTimeStamp": "Date(1714421480081)", "NameRecordingDisabled": null, "Pools": null, "PostalCode": "20528-0380", "PreferredLanguage": "en", "ProvisionedPlan": [ - "exchange", - "exchange", - "RMSOnline", - "RMSOnline", - "RMSOnline", - "Adallom", - "RMSOnline", - "RMSOnline", - "exchange", - "exchange", - "exchange", - "exchange", - "SCO", - "SharePoint", - "SharePoint", - "exchange", - "exchange", - "exchange", - "exchange", - "exchange", - "exchange", - "exchange", - "exchange", - "exchange", - "exchange", - "exchange", - "exchange", - "exchange", - "exchange", - "exchange", - "exchange", "MicrosoftCommunicationsOnline", "MicrosoftCommunicationsOnline", "MicrosoftCommunicationsOnline", - "ProjectWorkManagement", - "Adallom", - "RMSOnline", - "SCO" + "MicrosoftCommunicationsOnline", + "MicrosoftCommunicationsOnline", + "MicrosoftCommunicationsOnline", + "MicrosoftCommunicationsOnline", + "MicrosoftCommunicationsOnline", + "MicrosoftCommunicationsOnline", + "MicrosoftCommunicationsOnline", + "MicrosoftCommunicationsOnline", + "MicrosoftCommunicationsOnline", + "MicrosoftCommunicationsOnline", + "MicrosoftCommunicationsOnline", + "MicrosoftCommunicationsOnline", + "MicrosoftCommunicationsOnline", + "MicrosoftCommunicationsOnline", + "MicrosoftCommunicationsOnline", + "MicrosoftCommunicationsOnline", + "MicrosoftCommunicationsOnline", + "MicrosoftCommunicationsOnline", + "MicrosoftCommunicationsOnline", + "MicrosoftCommunicationsOnline", + "MicrosoftCommunicationsOnline", + "MicrosoftCommunicationsOnline", + "MicrosoftCommunicationsOnline", + "MicrosoftCommunicationsOnline", + "MicrosoftCommunicationsOnline", + "MicrosoftCommunicationsOnline", + "MicrosoftCommunicationsOnline", + "MicrosoftCommunicationsOnline", + "MicrosoftCommunicationsOnline", + "MicrosoftCommunicationsOnline", + "MicrosoftCommunicationsOnline", + "MicrosoftCommunicationsOnline", + "MicrosoftCommunicationsOnline", + "MicrosoftCommunicationsOnline", + "MicrosoftCommunicationsOnline" ], "ServiceInfo": "[{}]", "ServiceInstance": "MicrosoftCommunicationsOnline/GOV-1B-G6", @@ -18800,7 +19229,7 @@ }, "TeamsUpgradeEffectiveMode": "TeamsOnly", "TeamsUpgradeNotificationsEnabled": false, - "TeamsUpgradeOverridePolicy": "ProvisionedAsTeams", + "TeamsUpgradeOverridePolicy": "UpgradeToTeams", "TeamsUpgradePolicyIsReadOnly": "ModeAndNotifications", "TenantId": "ca08493a-c9c8-4db0-a9e8-d3b4bafac269", "TnmAccountId": null, @@ -18810,7 +19239,7 @@ "Microsoft.Teams.ConfigAPI.Cmdlets.Generated.Models.TenantVerifiedSipDomain", "Microsoft.Teams.ConfigAPI.Cmdlets.Generated.Models.TenantVerifiedSipDomain" ], - "WhenChanged": "Date(1692188532143)", + "WhenChanged": null, "WhenCreated": "Date(-62135596800000)", "LastProvisionTimeStamps": { "TenantSipDomains": "2023-08-16T12:21:39.4275558+00:00", @@ -18908,6 +19337,7 @@ "WatermarkForScreenSharingOpacity": 30, "WatermarkForScreenSharingPattern": "Tiled", "WatermarkForAnonymousUsers": "JoinWithAudioOnly", + "DetectSensitiveContentDuringScreenSharing": false, "AudibleRecordingNotification": "PstnOnly", "ConnectToMeetingControls": "Enabled", "Copilot": "EnabledWithTranscript", @@ -18915,7 +19345,8 @@ "VoiceIsolation": "Enabled", "ExternalMeetingJoin": "EnabledForAnyone", "ContentSharingInExternalMeetings": "EnabledForAnyone", - "AllowedUsersForMeetingContext": "InvitedUsers" + "AllowedUsersForMeetingContext": "InvitedUsers", + "SmsNotifications": "OnAllowOrganizerOverride" }, { "Identity": "Tag:Custom Policy 1", @@ -18999,6 +19430,7 @@ "WatermarkForScreenSharingOpacity": 30, "WatermarkForScreenSharingPattern": "Tiled", "WatermarkForAnonymousUsers": "JoinWithAudioOnly", + "DetectSensitiveContentDuringScreenSharing": false, "AudibleRecordingNotification": "PstnOnly", "ConnectToMeetingControls": "Enabled", "Copilot": "EnabledWithTranscript", @@ -19006,98 +19438,8 @@ "VoiceIsolation": "Enabled", "ExternalMeetingJoin": "EnabledForAnyone", "ContentSharingInExternalMeetings": "EnabledForAnyone", - "AllowedUsersForMeetingContext": "InvitedUsers" - }, - { - "Identity": "Tag:NKK-Temp", - "Description": null, - "AllowChannelMeetingScheduling": true, - "AllowMeetNow": true, - "AllowPrivateMeetNow": true, - "MeetingChatEnabledType": "Enabled", - "AllowExternalNonTrustedMeetingChat": true, - "CopyRestriction": true, - "LiveCaptionsEnabledType": "DisabledUserOverride", - "DesignatedPresenterRoleMode": "EveryoneUserOverride", - "AllowIPAudio": true, - "AllowIPVideo": true, - "AllowEngagementReport": "Enabled", - "AllowTrackingInReport": "EnabledUserOverride", - "IPAudioMode": "EnabledOutgoingIncoming", - "IPVideoMode": "EnabledOutgoingIncoming", - "AllowAnonymousUsersToDialOut": false, - "AllowAnonymousUsersToStartMeeting": false, - "AllowAnonymousUsersToJoinMeeting": true, - "BlockedAnonymousJoinClientTypes": null, - "AllowedStreamingMediaInput": null, - "ExplicitRecordingConsent": "Disabled", - "AllowLocalRecording": false, - "AutoRecording": "Enabled", - "ParticipantNameChange": "Disabled", - "AllowPrivateMeetingScheduling": true, - "AutoAdmittedUsers": "EveryoneInCompanyExcludingGuests", - "AllowCloudRecording": true, - "AllowRecordingStorageOutsideRegion": false, - "RecordingStorageMode": "OneDriveForBusiness", - "AllowOutlookAddIn": true, - "AllowPowerPointSharing": true, - "AllowParticipantGiveRequestControl": true, - "AllowExternalParticipantGiveRequestControl": false, - "AllowSharedNotes": true, - "AllowWhiteboard": true, - "AllowTranscription": false, - "AllowNetworkConfigurationSettingsLookup": false, - "MediaBitRateKb": 50000, - "ScreenSharingMode": "EntireScreen", - "VideoFiltersMode": "AllFilters", - "AllowPSTNUsersToBypassLobby": false, - "AllowOrganizersToOverrideLobbySettings": false, - "PreferredMeetingProviderForIslandsMode": "TeamsAndSfb", - "AllowNDIStreaming": false, - "SpeakerAttributionMode": "EnabledUserOverride", - "EnrollUserOverride": "Disabled", - "RoomAttributeUserOverride": "Off", - "StreamingAttendeeMode": "Disabled", - "AttendeeIdentityMasking": "DisabledUserOverride", - "AllowBreakoutRooms": true, - "TeamsCameraFarEndPTZMode": "Disabled", - "AllowMeetingReactions": true, - "AllowMeetingRegistration": true, - "WhoCanRegister": "Everyone", - "AllowScreenContentDigitization": "Enabled", - "AllowCarbonSummary": true, - "RoomPeopleNameUserOverride": "Off", - "AllowMeetingCoach": true, - "NewMeetingRecordingExpirationDays": 120, - "LiveStreamingMode": "Disabled", - "MeetingInviteLanguages": null, - "ChannelRecordingDownload": "Allow", - "AllowCartCaptionsScheduling": "DisabledUserOverride", - "AllowTasksFromTranscript": "Enabled", - "InfoShownInReportMode": "FullInformation", - "LiveInterpretationEnabledType": "DisabledUserOverride", - "QnAEngagementMode": "Enabled", - "AllowImmersiveView": true, - "AllowAvatarsInGallery": true, - "AllowAnnotations": true, - "AllowDocumentCollaboration": "Enabled", - "AllowWatermarkForScreenSharing": false, - "AllowWatermarkForCameraVideo": false, - "AllowWatermarkCustomizationForCameraVideo": true, - "WatermarkForCameraVideoOpacity": 30, - "WatermarkForCameraVideoPattern": "Tiled", - "AllowWatermarkCustomizationForScreenSharing": true, - "WatermarkForScreenSharingOpacity": 30, - "WatermarkForScreenSharingPattern": "Tiled", - "WatermarkForAnonymousUsers": "JoinWithAudioOnly", - "AudibleRecordingNotification": "PstnOnly", - "ConnectToMeetingControls": "Enabled", - "Copilot": "EnabledWithTranscript", - "AutomaticallyStartCopilot": "Disabled", - "VoiceIsolation": "Enabled", - "ExternalMeetingJoin": "EnabledForAnyone", - "ContentSharingInExternalMeetings": "EnabledForAnyone", - "AllowedUsersForMeetingContext": "InvitedUsers" + "AllowedUsersForMeetingContext": "InvitedUsers", + "SmsNotifications": "OnAllowOrganizerOverride" }, { "Identity": "Tag:AllOn", @@ -19180,7 +19522,8 @@ "AllowWatermarkCustomizationForScreenSharing": true, "WatermarkForScreenSharingOpacity": 30, "WatermarkForScreenSharingPattern": "Tiled", - "WatermarkForAnonymousUsers": "JoinWithAudioOnly", + "WatermarkForAnonymousUsers": "WatermarkWithDisplayName", + "DetectSensitiveContentDuringScreenSharing": true, "AudibleRecordingNotification": "PstnOnly", "ConnectToMeetingControls": "Enabled", "Copilot": "EnabledWithTranscript", @@ -19188,7 +19531,8 @@ "VoiceIsolation": "Enabled", "ExternalMeetingJoin": "EnabledForAnyone", "ContentSharingInExternalMeetings": "EnabledForAnyone", - "AllowedUsersForMeetingContext": "InvitedUsers" + "AllowedUsersForMeetingContext": "InvitedUsers", + "SmsNotifications": "OnAllowOrganizerOverride" }, { "Identity": "Tag:RestrictedAnonymousAccess", @@ -19271,7 +19615,8 @@ "AllowWatermarkCustomizationForScreenSharing": true, "WatermarkForScreenSharingOpacity": 30, "WatermarkForScreenSharingPattern": "Tiled", - "WatermarkForAnonymousUsers": "JoinWithAudioOnly", + "WatermarkForAnonymousUsers": "WatermarkWithDisplayName", + "DetectSensitiveContentDuringScreenSharing": true, "AudibleRecordingNotification": "PstnOnly", "ConnectToMeetingControls": "Enabled", "Copilot": "EnabledWithTranscript", @@ -19279,7 +19624,8 @@ "VoiceIsolation": "Enabled", "ExternalMeetingJoin": "EnabledForAnyone", "ContentSharingInExternalMeetings": "EnabledForAnyone", - "AllowedUsersForMeetingContext": "InvitedUsers" + "AllowedUsersForMeetingContext": "InvitedUsers", + "SmsNotifications": "OnAllowOrganizerOverride" }, { "Identity": "Tag:AllOff", @@ -19362,7 +19708,8 @@ "AllowWatermarkCustomizationForScreenSharing": true, "WatermarkForScreenSharingOpacity": 30, "WatermarkForScreenSharingPattern": "Tiled", - "WatermarkForAnonymousUsers": "JoinWithAudioOnly", + "WatermarkForAnonymousUsers": "WatermarkWithDisplayName", + "DetectSensitiveContentDuringScreenSharing": true, "AudibleRecordingNotification": "PstnOnly", "ConnectToMeetingControls": "Enabled", "Copilot": "EnabledWithTranscript", @@ -19370,7 +19717,8 @@ "VoiceIsolation": "Enabled", "ExternalMeetingJoin": "EnabledForAnyone", "ContentSharingInExternalMeetings": "EnabledForAnyone", - "AllowedUsersForMeetingContext": "InvitedUsers" + "AllowedUsersForMeetingContext": "InvitedUsers", + "SmsNotifications": "OnAllowOrganizerOverride" }, { "Identity": "Tag:RestrictedAnonymousNoRecording", @@ -19453,7 +19801,8 @@ "AllowWatermarkCustomizationForScreenSharing": true, "WatermarkForScreenSharingOpacity": 30, "WatermarkForScreenSharingPattern": "Tiled", - "WatermarkForAnonymousUsers": "JoinWithAudioOnly", + "WatermarkForAnonymousUsers": "WatermarkWithDisplayName", + "DetectSensitiveContentDuringScreenSharing": true, "AudibleRecordingNotification": "PstnOnly", "ConnectToMeetingControls": "Enabled", "Copilot": "EnabledWithTranscript", @@ -19461,7 +19810,8 @@ "VoiceIsolation": "Enabled", "ExternalMeetingJoin": "EnabledForAnyone", "ContentSharingInExternalMeetings": "EnabledForAnyone", - "AllowedUsersForMeetingContext": "InvitedUsers" + "AllowedUsersForMeetingContext": "InvitedUsers", + "SmsNotifications": "OnAllowOrganizerOverride" }, { "Identity": "Tag:Default", @@ -19544,7 +19894,8 @@ "AllowWatermarkCustomizationForScreenSharing": true, "WatermarkForScreenSharingOpacity": 30, "WatermarkForScreenSharingPattern": "Tiled", - "WatermarkForAnonymousUsers": "JoinWithAudioOnly", + "WatermarkForAnonymousUsers": "WatermarkWithDisplayName", + "DetectSensitiveContentDuringScreenSharing": true, "AudibleRecordingNotification": "PstnOnly", "ConnectToMeetingControls": "Enabled", "Copilot": "EnabledWithTranscript", @@ -19552,7 +19903,8 @@ "VoiceIsolation": "Enabled", "ExternalMeetingJoin": "EnabledForAnyone", "ContentSharingInExternalMeetings": "EnabledForAnyone", - "AllowedUsersForMeetingContext": "InvitedUsers" + "AllowedUsersForMeetingContext": "InvitedUsers", + "SmsNotifications": "OnAllowOrganizerOverride" }, { "Identity": "Tag:Kiosk", @@ -19635,7 +19987,8 @@ "AllowWatermarkCustomizationForScreenSharing": true, "WatermarkForScreenSharingOpacity": 30, "WatermarkForScreenSharingPattern": "Tiled", - "WatermarkForAnonymousUsers": "JoinWithAudioOnly", + "WatermarkForAnonymousUsers": "WatermarkWithDisplayName", + "DetectSensitiveContentDuringScreenSharing": true, "AudibleRecordingNotification": "PstnOnly", "ConnectToMeetingControls": "Enabled", "Copilot": "EnabledWithTranscript", @@ -19643,13 +19996,14 @@ "VoiceIsolation": "Enabled", "ExternalMeetingJoin": "EnabledForAnyone", "ContentSharingInExternalMeetings": "EnabledForAnyone", - "AllowedUsersForMeetingContext": "InvitedUsers" + "AllowedUsersForMeetingContext": "InvitedUsers", + "SmsNotifications": "OnAllowOrganizerOverride" } ], "federation_configuration": [ { "AllowedDomains": { - "AllowedDomain": "Domain=domains.example.com" + "AllowedDomain": "Domain=domains.r.us" }, "BlockedDomains": [ @@ -19663,6 +20017,7 @@ "SharedSipAddressSpace": false, "RestrictTeamsConsumerToExternalUserProfiles": false, "BlockAllSubdomains": false, + "ExternalAccessWithTrialTenants": "Blocked", "DataSource": null, "Key": { "ScopeClass": "Global", diff --git a/PowerShell/ScubaGear/Sample-Reports/TestResults.csv b/PowerShell/ScubaGear/Sample-Reports/TestResults.csv index ebe535de0..f3878b594 100644 --- a/PowerShell/ScubaGear/Sample-Reports/TestResults.csv +++ b/PowerShell/ScubaGear/Sample-Reports/TestResults.csv @@ -1,16 +1,17 @@ "ActualValue","Commandlet","Criticality","PolicyId","ReportDetails","RequirementMet" """""","Get-MgBetaSubscribedSku, Get-PrivilegedUser","Shall","MS.AAD.7.3v1","0 admin(s) that are not cloud-only found","True" -,"","Shall/Not-Implemented","MS.AAD.3.3v1","This product does not currently have the capability to check compliance for this policy. See Secure Configuration Baseline policy for instructions on manual check","False" -,"","Shall/Not-Implemented","MS.AAD.4.1v1","This product does not currently have the capability to check compliance for this policy. See Secure Configuration Baseline policy for instructions on manual check","False" -,"","Should/Not-Implemented","MS.AAD.2.2v1","This product does not currently have the capability to check compliance for this policy. See Secure Configuration Baseline policy for instructions on manual check","False" -,"","Should/Not-Implemented","MS.AAD.8.3v1","This product does not currently have the capability to check compliance for this policy. See Secure Configuration Baseline policy for instructions on manual check","False" -,"Get-MgBetaPolicyAuthenticationMethodPolicy","Shall","MS.AAD.3.5v1","This policy is only applicable if the tenant has their Manage Migration feature set to Migration Complete. See Secure Configuration Baseline policy for more info","False" +,"","Shall/Not-Implemented","MS.AAD.4.1v1","This product does not currently have the capability to check compliance for this policy. See Secure Configuration Baseline policy for instructions on manual check","False" +,"","Should/Not-Implemented","MS.AAD.2.2v1","This product does not currently have the capability to check compliance for this policy. See Secure Configuration Baseline policy for instructions on manual check","False" +,"","Should/Not-Implemented","MS.AAD.8.3v1","This product does not currently have the capability to check compliance for this policy. See Secure Configuration Baseline policy for instructions on manual check","False" +,"Get-MgBetaPolicyAuthenticationMethodPolicy","Shall/Not-Implemented","MS.AAD.3.5v1","This policy is only applicable if the tenant has their Manage Migration feature set to Migration Complete. See Secure Configuration Baseline policy for more info","False" """preMigration""","Get-MgBetaPolicyAuthenticationMethodPolicy","Shall","MS.AAD.3.4v1","Requirement not met","False" +"{""AdditionalProperties"":{""@odata.type"":""#microsoft.graph.microsoftAuthenticatorAuthenticationMethodConfiguration"",""featureSettings"":{""companionAppAllowedState"":{""excludeTarget"":""@{id=00000000-0000-0000-0000-000000000000; targetType=group}"",""includeTarget"":""@{id=all_users; targetType=group}"",""state"":""default""},""displayAppInformationRequiredState"":{""excludeTarget"":""@{id=00000000-0000-0000-0000-000000000000; targetType=group}"",""includeTarget"":""@{id=all_users; targetType=group}"",""state"":""enabled""},""displayLocationInformationRequiredState"":{""excludeTarget"":""@{id=00000000-0000-0000-0000-000000000000; targetType=group}"",""includeTarget"":""@{id=all_users; targetType=group}"",""state"":""enabled""},""numberMatchingRequiredState"":{""excludeTarget"":""@{id=00000000-0000-0000-0000-000000000000; targetType=group}"",""includeTarget"":""@{id=all_users; targetType=group}"",""state"":""enabled""}},""includeTargets"":[{""authenticationMode"":""any"",""id"":""all_users"",""isRegistrationRequired"":false,""targetType"":""group""}],""includeTargets@odata.context"":""https://graph.microsoft.com/beta/$metadata#policies/authenticationMethodsPolicy/authenticationMethodConfigurations(\u0027MicrosoftAuthenticator\u0027)/microsoft.graph.microsoftAuthenticatorAuthenticationMethodConfiguration/includeTargets"",""isSoftwareOathEnabled"":false},""ExcludeTargets"":[],""Id"":""MicrosoftAuthenticator"",""State"":""enabled""}","Get-MgBetaPolicyAuthenticationMethodPolicy","Shall","MS.AAD.3.3v1","Requirement met","True" "{""all_admin_consent_policies"":[{""Name"":""EnableAdminConsentRequests"",""SettingsGroup"":""Consent Policy Settings"",""Value"":""false""}]}","Get-MgBetaDirectorySetting","Shall","MS.AAD.5.3v1","Requirement not met","False" "{""all_allow_invite_values"":[{""AllowInvitesFromValue"":""adminsAndGuestInviters"",""PolicyId"":""authorizationPolicy""}]}","Get-MgBetaPolicyAuthorizationPolicy","Should","MS.AAD.8.2v1","Permission level set to ""adminsAndGuestInviters"" (authorizationPolicy)","True" "{""all_allowed_create_values"":[{""DefaultUser_AllowedToCreateApps"":false,""PolicyId"":""authorizationPolicy""}]}","Get-MgBetaPolicyAuthorizationPolicy","Shall","MS.AAD.5.1v1","0 authorization policies found that allow non-admin users to register third-party applications","True" "{""all_grant_policy_values"":[{""DefaultUser_DefaultGrantPolicy"":[""ManagePermissionGrantsForOwnedResource.microsoft-dynamically-managed-permissions-for-chat"",""ManagePermissionGrantsForOwnedResource.microsoft-dynamically-managed-permissions-for-team"",""ManagePermissionGrantsForSelf.microsoft-user-default-legacy""],""PolicyId"":""authorizationPolicy""}]}","Get-MgBetaPolicyAuthorizationPolicy","Shall","MS.AAD.5.2v1","1 authorization policies found that allow non-admin users to consent to third-party applications:
authorizationPolicy","False" "{""all_roleid_values"":[{""GuestUserRoleId"":""10dae51f-b6af-4016-8d66-8c2a99b929b3"",""GuestUserRoleIdString"":""Limited access"",""Id"":""authorizationPolicy""}]}","Get-MgBetaPolicyAuthorizationPolicy","Should","MS.AAD.8.1v1","Permission level set to ""Limited access"" (authorizationPolicy)","True" +,"Get-MgBetaDirectorySetting","Shall","MS.AAD.5.4v1","Requirement not met","False" ,"Get-MgBetaIdentityConditionalAccessPolicy","Shall","MS.AAD.3.1v1","0 conditional access policy(s) found that meet(s) all requirements. View all CA policies.","False" ,"Get-MgBetaIdentityConditionalAccessPolicy","Shall","MS.AAD.3.6v1","0 conditional access policy(s) found that meet(s) all requirements. View all CA policies.","False" ,"Get-MgBetaIdentityConditionalAccessPolicy","Should","MS.AAD.3.7v1","0 conditional access policy(s) found that meet(s) all requirements. View all CA policies.","False" @@ -18,8 +19,8 @@ ,"Get-MgBetaSubscribedSku, Get-PrivilegedRole","Shall","MS.AAD.7.8v1","0 role(s) or group(s) without notification e-mail configured for Global Administrator activations found","True" "[""Application Administrator"",""Exchange Administrator"",""Global Administrator"",""Privileged Role Administrator"",""SharePoint Administrator"",""User Administrator""]","Get-MgBetaSubscribedSku, Get-PrivilegedRole","Shall","MS.AAD.7.4v1","6 role(s) that contain users with permanent active assignment:
Application Administrator, Exchange Administrator, Global Administrator, Privileged Role Administrator, SharePoint Administrator, User Administrator","False" "[""Application Administrator"",""Global Administrator"",""Privileged Role Administrator"",""User Administrator""]","Get-MgBetaSubscribedSku, Get-PrivilegedRole","Shall","MS.AAD.7.5v1","4 role(s) assigned to users outside of PIM:
Application Administrator, Global Administrator, Privileged Role Administrator, User Administrator","False" -"[""Cloud Application Administrator(Directory Role)"",""Exchange Administrator(Directory Role)"",""Global Administrator(Directory Role)"",""Hybrid Identity Administrator(Directory Role)"",""PIM Test Group(PIM Group)"",""Privileged Role Administrator(Directory Role)"",""SharePoint Administrator(Directory Role)""]","Get-MgBetaSubscribedSku, Get-PrivilegedRole","Shall","MS.AAD.7.7v1","7 role(s) or group(s) without notification e-mail configured for role assignments found:
Cloud Application Administrator(Directory Role), Exchange Administrator(Directory Role), Global Administrator(Directory Role), Hybrid Identity Administrator(Directory Role), PIM Test Group(PIM Group), Privileged Role Administrator(Directory Role), SharePoint Administrator(Directory Role)","False" -"[""Cloud Application Administrator(Directory Role)"",""Exchange Administrator(Directory Role)"",""Hybrid Identity Administrator(Directory Role)"",""PIM Test Group(PIM Group)"",""Privileged Role Administrator(Directory Role)"",""SharePoint Administrator(Directory Role)""]","Get-MgBetaSubscribedSku, Get-PrivilegedRole","Should","MS.AAD.7.9v1","6 role(s) or group(s) without notification e-mail configured for role activations found:
Cloud Application Administrator(Directory Role), Exchange Administrator(Directory Role), Hybrid Identity Administrator(Directory Role), PIM Test Group(PIM Group), Privileged Role Administrator(Directory Role), SharePoint Administrator(Directory Role)","False" +"[""Cloud Application Administrator(Directory Role)"",""Exchange Administrator(Directory Role)"",""Global Administrator(Directory Role)"",""Hybrid Identity Administrator(Directory Role)"",""Privileged Role Administrator(Directory Role)"",""SharePoint Administrator(Directory Role)""]","Get-MgBetaSubscribedSku, Get-PrivilegedRole","Shall","MS.AAD.7.7v1","6 role(s) or group(s) without notification e-mail configured for role assignments found:
Cloud Application Administrator(Directory Role), Exchange Administrator(Directory Role), Global Administrator(Directory Role), Hybrid Identity Administrator(Directory Role), Privileged Role Administrator(Directory Role), SharePoint Administrator(Directory Role)","False" +"[""Cloud Application Administrator(Directory Role)"",""Exchange Administrator(Directory Role)"",""Hybrid Identity Administrator(Directory Role)"",""Privileged Role Administrator(Directory Role)"",""SharePoint Administrator(Directory Role)""]","Get-MgBetaSubscribedSku, Get-PrivilegedRole","Should","MS.AAD.7.9v1","5 role(s) or group(s) without notification e-mail configured for role activations found:
Cloud Application Administrator(Directory Role), Exchange Administrator(Directory Role), Hybrid Identity Administrator(Directory Role), Privileged Role Administrator(Directory Role), SharePoint Administrator(Directory Role)","False" """Global Administrator(Directory Role)""","Get-MgBetaSubscribedSku, Get-PrivilegedRole","Shall","MS.AAD.7.6v1","1 role(s) or group(s) allowing activation without approval found:
Global Administrator(Directory Role)","False" "[""Jane Doe"",""John Public""]","Get-MgBetaSubscribedSku, Get-PrivilegedUser","Shall","MS.AAD.7.1v1","2 global admin(s) found:
Jane Doe, John Public","True" "[""Jane Doe"",""John Public""]","Get-MgBetaSubscribedSku, Get-PrivilegedUser","Shall","MS.AAD.7.2v1","Requirement not met: Least Privilege Score = 2 (should be 1 or less)","False" @@ -27,19 +28,18 @@ """MS.AAD.2.1v1 Users detected as high risk SHALL be blocked""","Get-MgBetaIdentityConditionalAccessPolicy","Shall","MS.AAD.2.1v1","1 conditional access policy(s) found that meet(s) all requirements:
MS.AAD.2.1v1 Users detected as high risk SHALL be blocked. View all CA policies.","True" """MS.AAD.2.3v1 Sign-ins detected as high risk SHALL be blocked""","Get-MgBetaIdentityConditionalAccessPolicy","Shall","MS.AAD.2.3v1","1 conditional access policy(s) found that meet(s) all requirements:
MS.AAD.2.3v1 Sign-ins detected as high risk SHALL be blocked. View all CA policies.","True" """MS.AAD.3.2v1 If phishing-resistant MFA has not been enforced, an alternative MFA method SHALL be enforced for all users""","Get-MgBetaIdentityConditionalAccessPolicy","Shall","MS.AAD.3.2v1","1 conditional access policy(s) found that meet(s) all requirements:
MS.AAD.3.2v1 If phishing-resistant MFA has not been enforced, an alternative MFA method SHALL be enforced for all users. View all CA policies.","True" -"{""Name"":""EnableGroupSpecificConsent"",""SettingsGroup"":""Consent Policy Settings"",""Value"":""false""}","Get-MgBetaDirectorySetting","Shall","MS.AAD.5.4v1","Requirement met","True" "[{""value"":[],""Count"":0},{""value"":[""tqhjy.onmicrosoft.com""],""Count"":1}]","Get-MgBetaDomain","Shall","MS.AAD.6.1v1","Requirement met","True" -,"","Shall/Not-Implemented","MS.DEFENDER.6.2v1","This product does not currently have the capability to check compliance for this policy. See Secure Configuration Baseline policy for instructions on manual check","False" -,"","Shall/Not-Implemented","MS.DEFENDER.6.3v1","This product does not currently have the capability to check compliance for this policy. See Secure Configuration Baseline policy for instructions on manual check","False" -,"","Should/Not-Implemented","MS.DEFENDER.4.5v1","This product does not currently have the capability to check compliance for this policy. See Secure Configuration Baseline policy for instructions on manual check","False" -,"","Should/Not-Implemented","MS.DEFENDER.4.6v1","This product does not currently have the capability to check compliance for this policy. See Secure Configuration Baseline policy for instructions on manual check","False" -,"","Should/Not-Implemented","MS.DEFENDER.5.2v1","This product does not currently have the capability to check compliance for this policy. See Secure Configuration Baseline policy for instructions on manual check","False" -"[{""Accounts"":[],""Action"":"""",""Name"":""Strict Preset Security Policy""},{""Accounts"":[],""Action"":"""",""Name"":""Standard Preset Security Policy""}]","Get-AntiPhishPolicy","Should","MS.DEFENDER.2.1v1","Not all sensitive users are included for targeted protection in Strict or Standard policy.","False" +,"","Shall/Not-Implemented","MS.DEFENDER.6.2v1","This product does not currently have the capability to check compliance for this policy. See Secure Configuration Baseline policy for instructions on manual check","False" +,"","Shall/Not-Implemented","MS.DEFENDER.6.3v1","This product does not currently have the capability to check compliance for this policy. See Secure Configuration Baseline policy for instructions on manual check","False" +,"","Should/Not-Implemented","MS.DEFENDER.4.5v1","This product does not currently have the capability to check compliance for this policy. See Secure Configuration Baseline policy for instructions on manual check","False" +,"","Should/Not-Implemented","MS.DEFENDER.4.6v1","This product does not currently have the capability to check compliance for this policy. See Secure Configuration Baseline policy for instructions on manual check","False" +,"","Should/Not-Implemented","MS.DEFENDER.5.2v1","This product does not currently have the capability to check compliance for this policy. See Secure Configuration Baseline policy for instructions on manual check","False" "[{""Accounts"":[],""Action"":"""",""Name"":""Strict Preset Security Policy""},{""Accounts"":[],""Action"":"""",""Name"":""Standard Preset Security Policy""}]","Get-AntiPhishPolicy","Should","MS.DEFENDER.2.2v1","Not all agency domains are included for targeted protection in Strict or Standard policy.","False" "[{""Accounts"":[],""Action"":"""",""Name"":""Strict Preset Security Policy""},{""Accounts"":[],""Action"":"""",""Name"":""Standard Preset Security Policy""}]","Get-AntiPhishPolicy","Should","MS.DEFENDER.2.3v1","Not all partner domains are included for targeted protection in Strict or Standard policy.","False" +"[{""Accounts"":[],""Action"":""Quarantine"",""Name"":""Strict Preset Security Policy1681329955447""},{""Accounts"":[],""Action"":""Quarantine"",""Name"":""Standard Preset Security Policy1659535429826""}]","Get-AntiPhishPolicy","Should","MS.DEFENDER.2.1v1","Requirement met","True" "{""ATPProtectionPolicies"":false}","Get-ATPProtectionPolicyRule","Shall","MS.DEFENDER.1.5v1","Requirement not met","False" -"{""Credit_Card"":[""CreditCardsOnly"",""Baseline Rule"",""Missing_ITIN_Has_UKPassports""],""ITIN"":[""Baseline Rule""],""SSN"":[""Baseline Rule"",""Missing_ITIN_Has_UKPassports""]}","Get-DlpComplianceRule","Shall","MS.DEFENDER.4.1v1","Requirement met","True" -"{""Devices"":[],""Exchange"":[{""Locations"":[""All""],""Name"":""Default Office 365 DLP policy"",""Workload"":""Exchange, SharePoint, OneDriveForBusiness, Teams, OnPremisesScanner""}],""OneDrive"":[{""Locations"":[""All""],""Name"":""Default Office 365 DLP policy"",""Workload"":""Exchange, SharePoint, OneDriveForBusiness, Teams, OnPremisesScanner""}],""SharePoint"":[{""Locations"":[""All""],""Name"":""Default Office 365 DLP policy"",""Workload"":""Exchange, SharePoint, OneDriveForBusiness, Teams, OnPremisesScanner""}],""Teams"":[{""Locations"":[""All""],""Name"":""Default Office 365 DLP policy"",""Workload"":""Exchange, SharePoint, OneDriveForBusiness, Teams, OnPremisesScanner""}]}","Get-DLPCompliancePolicy","Should","MS.DEFENDER.4.2v1","No enabled policy found that applies to: Devices","False" +"{""Credit_Card"":[""Baseline Rule""],""ITIN"":[""Baseline Rule""],""SSN"":[""Baseline Rule""]}","Get-DlpComplianceRule","Shall","MS.DEFENDER.4.1v1","Requirement met","True" +"{""Devices"":[],""Exchange"":[{""Locations"":[""All""],""Name"":""Default Office 365 DLP policy"",""Workload"":""Exchange, SharePoint, OneDriveForBusiness, Teams, OnPremisesScanner""}],""OneDrive"":[{""Locations"":[""All""],""Name"":""Default Office 365 DLP policy"",""Workload"":""Exchange, SharePoint, OneDriveForBusiness, Teams, OnPremisesScanner""}],""SharePoint"":[{""Locations"":[""All""],""Name"":""Default Office 365 DLP policy"",""Workload"":""Exchange, SharePoint, OneDriveForBusiness, Teams, OnPremisesScanner""}],""Teams"":[{""Locations"":[""All""],""Name"":""Default Office 365 DLP policy"",""Workload"":""Exchange, SharePoint, OneDriveForBusiness, Teams, OnPremisesScanner""}]}","Get-DLPCompliancePolicy","Should","MS.DEFENDER.4.2v1","DLP custom policy applied to the following locations: Exchange, OneDrive, SharePoint, Teams. Custom policy protecting sensitive info types NOT applied to: Devices. Devices location requires DLP for Endpoint licensing and at least one registered device. For full policy details, see the ActualValue field in the results file: ./TestResults.json","False" "{""EOPProtectionPolicies"":false}","Get-EOPProtectionPolicyRule","Shall","MS.DEFENDER.1.4v1","Requirement not met","False" "{""StandardPresetState"":true,""StrictPresetState"":true}","Get-EOPProtectionPolicyRule, Get-ATPProtectionPolicyRule","Shall","MS.DEFENDER.1.1v1","Requirement met","True" "{""StandardSetToAll"":true,""StrictSetToAll"":false}","Get-ATPProtectionPolicyRule","Shall","MS.DEFENDER.1.3v1","Requirement met","True" @@ -49,36 +49,36 @@ ,"Get-DlpComplianceRule","Should","MS.DEFENDER.4.4v1","Requirement met","True" ,"Get-ProtectionAlert","Shall","MS.DEFENDER.5.1v1","Requirement met","True" "{""EnableATPForSPOTeamsODB"":true,""Identity"":""Default""}","Get-AtpPolicyForO365","Should","MS.DEFENDER.3.1v1","Requirement met","True" -,"","Shall/3rd Party","MS.EXO.10.1v1","A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See Secure Configuration Baseline policy for instructions on manual check.","False" -,"","Shall/3rd Party","MS.EXO.10.2v1","A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See Secure Configuration Baseline policy for instructions on manual check.","False" -,"","Shall/3rd Party","MS.EXO.14.1v1","A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See Secure Configuration Baseline policy for instructions on manual check.","False" -,"","Shall/3rd Party","MS.EXO.14.2v1","A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See Secure Configuration Baseline policy for instructions on manual check.","False" -,"","Shall/3rd Party","MS.EXO.14.3v1","A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See Secure Configuration Baseline policy for instructions on manual check.","False" -,"","Shall/3rd Party","MS.EXO.16.1v1","A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See Secure Configuration Baseline policy for instructions on manual check.","False" -,"","Shall/3rd Party","MS.EXO.17.1v1","A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See Secure Configuration Baseline policy for instructions on manual check.","False" -,"","Shall/3rd Party","MS.EXO.17.2v1","A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See Secure Configuration Baseline policy for instructions on manual check.","False" -,"","Shall/3rd Party","MS.EXO.17.3v1","A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See Secure Configuration Baseline policy for instructions on manual check.","False" -,"","Shall/3rd Party","MS.EXO.8.1v1","A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See Secure Configuration Baseline policy for instructions on manual check.","False" -,"","Shall/3rd Party","MS.EXO.8.2v1","A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See Secure Configuration Baseline policy for instructions on manual check.","False" -,"","Shall/3rd Party","MS.EXO.9.1v1","A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See Secure Configuration Baseline policy for instructions on manual check.","False" -,"","Shall/3rd Party","MS.EXO.9.3v1","A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See Secure Configuration Baseline policy for instructions on manual check.","False" -,"","Shall/Not-Implemented","MS.EXO.2.1v1","This product does not currently have the capability to check compliance for this policy. See Secure Configuration Baseline policy for instructions on manual check","False" -,"","Should/3rd Party","MS.EXO.10.3v1","A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See Secure Configuration Baseline policy for instructions on manual check.","False" -,"","Should/3rd Party","MS.EXO.11.1v1","A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See Secure Configuration Baseline policy for instructions on manual check.","False" -,"","Should/3rd Party","MS.EXO.11.2v1","A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See Secure Configuration Baseline policy for instructions on manual check.","False" -,"","Should/3rd Party","MS.EXO.11.3v1","A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See Secure Configuration Baseline policy for instructions on manual check.","False" -,"","Should/3rd Party","MS.EXO.15.1v1","A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See Secure Configuration Baseline policy for instructions on manual check.","False" -,"","Should/3rd Party","MS.EXO.15.2v1","A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See Secure Configuration Baseline policy for instructions on manual check.","False" -,"","Should/3rd Party","MS.EXO.15.3v1","A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See Secure Configuration Baseline policy for instructions on manual check.","False" -,"","Should/3rd Party","MS.EXO.16.2v1","A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See Secure Configuration Baseline policy for instructions on manual check.","False" -,"","Should/3rd Party","MS.EXO.9.2v1","A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See Secure Configuration Baseline policy for instructions on manual check.","False" -"""NotInOrganization""","Get-TransportRule","Shall","MS.EXO.7.1v1","Requirement met","True" -"[{""value"":[{""domain"":""tqhjy.onmicrosoft.com"",""log"":[""@{query_method=traditional; query_name=selector1._domainkey.tqhjy.onmicrosoft.com; query_result=Query returned NXDomain}"",""@{query_method=traditional; query_name=selector2._domainkey.tqhjy.onmicrosoft.com; query_result=Query returned NXDomain}"",""@{query_method=traditional; query_name=selector1-example-mail-onmicrosoft-com._domainkey.tqhjy.onmicrosoft.com; query_result=Query returned NXDomain}"",""@{query_method=traditional; query_name=selector2-example-mail-onmicrosoft-com._domainkey.tqhjy.onmicrosoft.com; query_result=Query returned NXDomain}""],""rdata"":[]}],""Count"":1},{""value"":[{""AdminDisplayName"":"""",""Algorithm"":""RsaSHA256"",""BodyCanonicalization"":""Relaxed"",""DistinguishedName"":""CN=tqhjy.onmicrosoft.com,CN=Dkim Signing config,CN=Transport Settings,CN=Configuration,CN=tqhjy.onmicrosoft.com,CN=ConfigurationUnits,DC=NAMPR09A006,DC=PROD,DC=OUTLOOK,DC=COM"",""Domain"":""tqhjy.onmicrosoft.com"",""Enabled"":true,""ExchangeObjectId"":""ea1866b3-b7fa-4dbe-b9c9-48087391a536"",""ExchangeVersion"":""0.20 (15.0.0.0)"",""Guid"":""476371c0-bf15-4101-84a7-a3a03b4266f1"",""HeaderCanonicalization"":""Relaxed"",""Id"":""tqhjy.onmicrosoft.com"",""Identity"":""tqhjy.onmicrosoft.com"",""IncludeKeyExpiration"":false,""IncludeSignatureCreationTime"":true,""IsDefault"":true,""IsValid"":true,""KeyCreationTime"":""Date(1653603718610)"",""LastChecked"":""Date(1653603718610)"",""Name"":""tqhjy.onmicrosoft.com"",""NumberOfBytesToSign"":""All"",""ObjectCategory"":""NAMPR09A006.PROD.OUTLOOK.COM/Configuration/Schema/ms-Exch-Hosted-Content-Filter-Config"",""ObjectClass"":[""top"",""msExchHostedContentFilterConfig""],""ObjectState"":""Unchanged"",""OrganizationId"":""NAMPR09A006.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - NAMPR09A006.PROD.OUTLOOK.COM/ConfigurationUnits/tqhjy.onmicrosoft.com/Configuration"",""OrganizationalUnitRoot"":""tqhjy.onmicrosoft.com"",""OriginatingServer"":""DM5PR09A006DC10.NAMPR09A006.PROD.OUTLOOK.COM"",""RotateOnDate"":""Date(1653949318610)"",""Selector1CNAME"":""selector1-tqhjy-onmicrosoft-com._domainkey.tqhjy.onmicrosoft.com"",""Selector1KeySize"":2048,""Selector1PublicKey"":""v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn/z5b0VYtWAnksnJLIo1HiKP5j0sTa93y6eIe7eRn3EfCMfnw4f0Ew6wmX/2NIsszvF0XG0mkdffCVsUa5WnzDvfhR5fkSMqGI/I4JaR+b8qHdNToVesTbk/kFv+j41TcxWgJw1j4Xeo6URJG6qx1ujh6zshr21/frskm/tq7Qlp7LpQn1uiHDO2g1If9tlvKRxOzxMV8ldzIjU4MKsLlUDLIj/LjezemQXiPsZqrMOe0Kqs3Tusv6IoWKaQpiiooIhsH+0fI2JXyjJu7623jOIAuDtl7YHdR6cC7umMq44tAgEL9Uf8IHv02FoM0B3nSIzs9ier9X4E0/exampleQIDAQAB;"",""Selector2CNAME"":""selector2-tqhjy-onmicrosoft-com._domainkey.tqhjy.onmicrosoft.com"",""Selector2KeySize"":2048,""Selector2PublicKey"":""v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyVK8DFIgYjps1Ckt4UjOQiBMqpb9G1WiwIci61Amx0sQzZTD8xb8rRSboEm89e5WRChcpZe7FN7XveJtbWYHmp4+e4niN5wGHaDt7NoCdTQ6dgRdyPa0d4Yf8si1uYYu7iC4LkQMI/zSLAQAQWEEHKqqJPHoAAbyKEuj8vynlWGsCAaprqOjyPqciy4YfcYd5ZISmpY5yJ/FNIrc2FeZjSPb65XzYMtgTbP9xC7lK6kGnBJDKqHaccXhVyvkl39AX4VkMzuVTlZbr120T+zMFDLNCJeNMBabl8JcrL0OYRule+75C3bPO4u/cZ1TmAGknX7apzvavEK2ByexampleQIDAQAB;"",""SelectorAfterRotateOnDate"":""selector2"",""SelectorBeforeRotateOnDate"":""selector1"",""Status"":""Valid"",""WhenChanged"":""Date(1653603732000)"",""WhenChangedUTC"":""Date(1653603732000)"",""WhenCreated"":""Date(1619484596000)"",""WhenCreatedUTC"":""Date(1619484596000)""}],""Count"":1}]","Get-DkimSigningConfig, Get-ScubaDkimRecord, Get-AcceptedDomain","Should","MS.EXO.3.1v1","1 agency domain(s) found in violation: tqhjy.onmicrosoft.com","False" -"{""AddressBookPolicyRoutingEnabled"":false,""AdminDisplayName"":"""",""AgentGeneratedMessageLoopDetectionInSmtpEnabled"":true,""AgentGeneratedMessageLoopDetectionInSubmissionEnabled"":true,""AllowLegacyTLSClients"":null,""AnonymousSenderToRecipientRatePerHour"":1800,""AttributionRejectBeforeMServRequest"":false,""AttributionRejectConsumerMessages"":false,""ClearCategories"":true,""ConvertDisclaimerWrapperToEml"":false,""ConvertReportToMessage"":false,""DSNConversionMode"":""PreserveDSNBody"",""DiagnosticsAggregationServicePort"":9710,""DistinguishedName"":""CN=Transport Settings,CN=Configuration,CN=tqhjy.onmicrosoft.com,CN=ConfigurationUnits,DC=NAMPR09A006,DC=PROD,DC=OUTLOOK,DC=COM"",""EnableExternalHTTPMailDelivery"":false,""ExchangeObjectId"":""7ef195bd-4f88-46bc-97e6-db6c7665321b"",""ExchangeVersion"":""0.1 (8.0.535.0)"",""ExternalDelayDsnEnabled"":true,""ExternalDsnDefaultLanguage"":null,""ExternalDsnLanguageDetectionEnabled"":true,""ExternalDsnMaxMessageAttachSize"":""10 MB (10,485,760 bytes)"",""ExternalDsnReportingAuthority"":null,""ExternalDsnSendHtml"":true,""ExternalPostmasterAddress"":null,""GenerateCopyOfDSNFor"":[],""Guid"":""01d25010-40a8-4d0a-9419-fb1d775b4d16"",""HeaderPromotionModeSetting"":""NoCreate"",""HygieneSuite"":""Premium"",""Id"":""Transport Settings"",""Identity"":""Transport Settings"",""InternalDelayDsnEnabled"":true,""InternalDsnDefaultLanguage"":null,""InternalDsnLanguageDetectionEnabled"":true,""InternalDsnMaxMessageAttachSize"":""10 MB (10,485,760 bytes)"",""InternalDsnReportingAuthority"":null,""InternalDsnSendHtml"":true,""InternalSMTPServers"":[],""IsValid"":true,""JournalArchivingEnabled"":false,""JournalMessageExpirationDays"":0,""JournalReportDLMemberSubstitutionEnabled"":false,""JournalingReportNdrTo"":""\u003c\u003e"",""LegacyArchiveJournalingEnabled"":false,""LegacyArchiveLiveJournalingEnabled"":false,""LegacyJournalingMigrationEnabled"":false,""MaxAllowedAgentGeneratedMessageDepth"":3,""MaxAllowedAgentGeneratedMessageDepthPerAgent"":2,""MaxDumpsterSizePerDatabase"":""18 MB (18,874,368 bytes)"",""MaxDumpsterTime"":""7.00:00:00"",""MaxReceiveSize"":""Unlimited"",""MaxRecipientEnvelopeLimit"":""Unlimited"",""MaxSendSize"":""Unlimited"",""MessageExpiration"":""1.00:00:00"",""MigrationEnabled"":true,""Name"":""Transport Settings"",""ObjectCategory"":""NAMPR09A006.PROD.OUTLOOK.COM/Configuration/Schema/ms-Exch-Transport-Settings"",""ObjectClass"":[""top"",""container"",""msExchTransportSettings""],""ObjectState"":""Unchanged"",""OpenDomainRoutingEnabled"":false,""OrganizationFederatedMailbox"":""FederatedEmail.4c1f4d8b-8179-4148-93bf-00a95fa1e042@tqhjy.onmicrosoft.com"",""OrganizationId"":""NAMPR09A006.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - NAMPR09A006.PROD.OUTLOOK.COM/ConfigurationUnits/tqhjy.onmicrosoft.com/Configuration"",""OrganizationalUnitRoot"":""tqhjy.onmicrosoft.com"",""OriginatingServer"":""DM5PR09A006DC10.NAMPR09A006.PROD.OUTLOOK.COM"",""OtherWellKnownObjects"":[],""PreserveReportBodypart"":true,""QueueDiagnosticsAggregationInterval"":""00:01:00"",""RedirectDLMessagesForLegacyArchiveJournaling"":false,""RedirectUnprovisionedUserMessagesForLegacyArchiveJournaling"":false,""ReplyAllStormBlockDurationHours"":6,""ReplyAllStormDetectionMinimumRecipients"":2500,""ReplyAllStormDetectionMinimumReplies"":10,""ReplyAllStormProtectionEnabled"":true,""Rfc2231EncodingEnabled"":false,""SafetyNetHoldTime"":""7.00:00:00"",""SmtpClientAuthenticationDisabled"":true,""SupervisionTags"":[""Reject"",""Allow""],""TLSReceiveDomainSecureList"":[],""TLSSendDomainSecureList"":[],""TransportRuleAttachmentTextScanLimit"":""1 MB (1,048,576 bytes)"",""TransportRuleCollectionAddedRecipientsLimit"":100,""TransportRuleCollectionRegexCharsLimit"":""20 KB (20,480 bytes)"",""TransportRuleConfig"":[""TransportRuleMinProductVersion:14.0.0.0"",""TransportRuleRegexValidationTimeout:00:00:00.3000000"",""TransportRuleAttachmentTextScanLimit:1 MB (1,048,576 bytes)"",""TransportRuleSizeLimit:8 KB (8,192 bytes)"",""TransportRuleCollectionRegexCharsLimit:20 KB (20,480 bytes)"",""TransportRuleLimit:300"",""TransportRuleCollectionAddedRecipientsLimit:100""],""TransportRuleLimit"":300,""TransportRuleMinProductVersion"":{""Build"":0,""Major"":14,""MajorRevision"":0,""Minor"":0,""MinorRevision"":0,""Revision"":0},""TransportRuleRegexValidationTimeout"":""00:00:00.3000000"",""TransportRuleSizeLimit"":""8 KB (8,192 bytes)"",""VerifySecureSubmitEnabled"":false,""VoicemailJournalingEnabled"":true,""WhenChanged"":""Date(1712118761000)"",""WhenChangedUTC"":""Date(1712118761000)"",""WhenCreated"":""Date(1619484398000)"",""WhenCreatedUTC"":""Date(1619484398000)"",""Xexch50Enabled"":true}","Get-TransportConfig","Shall","MS.EXO.5.1v1","Requirement met","True" -"{""AdminDisplayName"":"""",""Default"":true,""DistinguishedName"":""CN=Default Sharing Policy,CN=Federation,CN=Configuration,CN=tqhjy.onmicrosoft.com,CN=ConfigurationUnits,DC=NAMPR09A006,DC=PROD,DC=OUTLOOK,DC=COM"",""Domains"":[""Anonymous:0""],""Enabled"":false,""ExchangeObjectId"":""2d52a1ae-4c17-42e0-925e-919b2bf68a18"",""ExchangeVersion"":""0.10 (14.0.100.0)"",""Guid"":""137df5c0-4fe4-49bb-923c-e2bdfd89f448"",""Id"":""Default Sharing Policy"",""Identity"":""Default Sharing Policy"",""IsValid"":true,""Name"":""Default Sharing Policy"",""ObjectCategory"":""NAMPR09A006.PROD.OUTLOOK.COM/Configuration/Schema/ms-Exch-Sharing-Policy"",""ObjectClass"":[""top"",""msExchSharingPolicy""],""ObjectState"":""Changed"",""OrganizationId"":""NAMPR09A006.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - NAMPR09A006.PROD.OUTLOOK.COM/ConfigurationUnits/tqhjy.onmicrosoft.com/Configuration"",""OrganizationalUnitRoot"":""tqhjy.onmicrosoft.com"",""OriginatingServer"":""DM5PR09A006DC10.NAMPR09A006.PROD.OUTLOOK.COM"",""WhenChanged"":""Date(1691164284000)"",""WhenChangedUTC"":""Date(1691164284000)"",""WhenCreated"":""Date(1619484547000)"",""WhenCreatedUTC"":""Date(1619484547000)""}","Get-SharingPolicy","Shall","MS.EXO.6.1v1","Requirement met","True" -"{""AdminDisplayName"":"""",""Default"":true,""DistinguishedName"":""CN=Default Sharing Policy,CN=Federation,CN=Configuration,CN=tqhjy.onmicrosoft.com,CN=ConfigurationUnits,DC=NAMPR09A006,DC=PROD,DC=OUTLOOK,DC=COM"",""Domains"":[""Anonymous:0""],""Enabled"":false,""ExchangeObjectId"":""2d52a1ae-4c17-42e0-925e-919b2bf68a18"",""ExchangeVersion"":""0.10 (14.0.100.0)"",""Guid"":""137df5c0-4fe4-49bb-923c-e2bdfd89f448"",""Id"":""Default Sharing Policy"",""Identity"":""Default Sharing Policy"",""IsValid"":true,""Name"":""Default Sharing Policy"",""ObjectCategory"":""NAMPR09A006.PROD.OUTLOOK.COM/Configuration/Schema/ms-Exch-Sharing-Policy"",""ObjectClass"":[""top"",""msExchSharingPolicy""],""ObjectState"":""Changed"",""OrganizationId"":""NAMPR09A006.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - NAMPR09A006.PROD.OUTLOOK.COM/ConfigurationUnits/tqhjy.onmicrosoft.com/Configuration"",""OrganizationalUnitRoot"":""tqhjy.onmicrosoft.com"",""OriginatingServer"":""DM5PR09A006DC10.NAMPR09A006.PROD.OUTLOOK.COM"",""WhenChanged"":""Date(1691164284000)"",""WhenChangedUTC"":""Date(1691164284000)"",""WhenCreated"":""Date(1619484547000)"",""WhenCreatedUTC"":""Date(1619484547000)""}","Get-SharingPolicy","Shall","MS.EXO.6.2v1","Requirement met","True" -"{""AdminDisplayName"":"""",""DirectoryBasedEdgeBlockMode"":""Default"",""DistinguishedName"":""CN=Default,CN=Hosted Connection Filter,CN=Transport Settings,CN=Configuration,CN=tqhjy.onmicrosoft.com,CN=ConfigurationUnits,DC=NAMPR09A006,DC=PROD,DC=OUTLOOK,DC=COM"",""EnableSafeList"":false,""ExchangeObjectId"":""7021b7cf-b9fa-4280-94ff-fba468dbb0ab"",""ExchangeVersion"":""0.20 (15.0.0.0)"",""Guid"":""ddb99cb3-211b-47ee-bc9c-86e6c8d0e692"",""IPAllowList"":[],""IPBlockList"":[],""Id"":""Default"",""Identity"":""Default"",""IsDefault"":true,""IsValid"":true,""Name"":""Default"",""ObjectCategory"":""NAMPR09A006.PROD.OUTLOOK.COM/Configuration/Schema/ms-Exch-Hosted-Connection-Filter-Policy"",""ObjectClass"":[""top"",""msExchHostedConnectionFilterPolicy""],""ObjectState"":""Unchanged"",""OrganizationId"":""NAMPR09A006.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - NAMPR09A006.PROD.OUTLOOK.COM/ConfigurationUnits/tqhjy.onmicrosoft.com/Configuration"",""OrganizationalUnitRoot"":""tqhjy.onmicrosoft.com"",""OriginatingServer"":""DM5PR09A006DC10.NAMPR09A006.PROD.OUTLOOK.COM"",""WhenChanged"":""Date(1712119159000)"",""WhenChangedUTC"":""Date(1712119159000)"",""WhenCreated"":""Date(1619484586000)"",""WhenCreatedUTC"":""Date(1619484586000)""}","Get-HostedConnectionFilterPolicy","Should","MS.EXO.12.1v1","Requirement met","True" -"{""AdminDisplayName"":"""",""DirectoryBasedEdgeBlockMode"":""Default"",""DistinguishedName"":""CN=Default,CN=Hosted Connection Filter,CN=Transport Settings,CN=Configuration,CN=tqhjy.onmicrosoft.com,CN=ConfigurationUnits,DC=NAMPR09A006,DC=PROD,DC=OUTLOOK,DC=COM"",""EnableSafeList"":false,""ExchangeObjectId"":""7021b7cf-b9fa-4280-94ff-fba468dbb0ab"",""ExchangeVersion"":""0.20 (15.0.0.0)"",""Guid"":""ddb99cb3-211b-47ee-bc9c-86e6c8d0e692"",""IPAllowList"":[],""IPBlockList"":[],""Id"":""Default"",""Identity"":""Default"",""IsDefault"":true,""IsValid"":true,""Name"":""Default"",""ObjectCategory"":""NAMPR09A006.PROD.OUTLOOK.COM/Configuration/Schema/ms-Exch-Hosted-Connection-Filter-Policy"",""ObjectClass"":[""top"",""msExchHostedConnectionFilterPolicy""],""ObjectState"":""Unchanged"",""OrganizationId"":""NAMPR09A006.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - NAMPR09A006.PROD.OUTLOOK.COM/ConfigurationUnits/tqhjy.onmicrosoft.com/Configuration"",""OrganizationalUnitRoot"":""tqhjy.onmicrosoft.com"",""OriginatingServer"":""DM5PR09A006DC10.NAMPR09A006.PROD.OUTLOOK.COM"",""WhenChanged"":""Date(1712119159000)"",""WhenChangedUTC"":""Date(1712119159000)"",""WhenCreated"":""Date(1619484586000)"",""WhenCreatedUTC"":""Date(1619484586000)""}","Get-HostedConnectionFilterPolicy","Should","MS.EXO.12.2v1","Requirement met","True" +,"","Shall/3rd Party","MS.EXO.10.1v1","A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See Secure Configuration Baseline policy for instructions on manual check.","False" +,"","Shall/3rd Party","MS.EXO.10.2v1","A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See Secure Configuration Baseline policy for instructions on manual check.","False" +,"","Shall/3rd Party","MS.EXO.14.1v1","A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See Secure Configuration Baseline policy for instructions on manual check.","False" +,"","Shall/3rd Party","MS.EXO.14.2v1","A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See Secure Configuration Baseline policy for instructions on manual check.","False" +,"","Shall/3rd Party","MS.EXO.14.3v1","A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See Secure Configuration Baseline policy for instructions on manual check.","False" +,"","Shall/3rd Party","MS.EXO.16.1v1","A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See Secure Configuration Baseline policy for instructions on manual check.","False" +,"","Shall/3rd Party","MS.EXO.17.1v1","A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See Secure Configuration Baseline policy for instructions on manual check.","False" +,"","Shall/3rd Party","MS.EXO.17.2v1","A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See Secure Configuration Baseline policy for instructions on manual check.","False" +,"","Shall/3rd Party","MS.EXO.17.3v1","A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See Secure Configuration Baseline policy for instructions on manual check.","False" +,"","Shall/3rd Party","MS.EXO.8.1v1","A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See Secure Configuration Baseline policy for instructions on manual check.","False" +,"","Shall/3rd Party","MS.EXO.8.2v1","A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See Secure Configuration Baseline policy for instructions on manual check.","False" +,"","Shall/3rd Party","MS.EXO.9.1v1","A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See Secure Configuration Baseline policy for instructions on manual check.","False" +,"","Shall/3rd Party","MS.EXO.9.3v1","A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See Secure Configuration Baseline policy for instructions on manual check.","False" +,"","Shall/Not-Implemented","MS.EXO.2.1v1","This product does not currently have the capability to check compliance for this policy. See Secure Configuration Baseline policy for instructions on manual check","False" +,"","Should/3rd Party","MS.EXO.10.3v1","A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See Secure Configuration Baseline policy for instructions on manual check.","False" +,"","Should/3rd Party","MS.EXO.11.1v1","A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See Secure Configuration Baseline policy for instructions on manual check.","False" +,"","Should/3rd Party","MS.EXO.11.2v1","A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See Secure Configuration Baseline policy for instructions on manual check.","False" +,"","Should/3rd Party","MS.EXO.11.3v1","A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See Secure Configuration Baseline policy for instructions on manual check.","False" +,"","Should/3rd Party","MS.EXO.15.1v1","A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See Secure Configuration Baseline policy for instructions on manual check.","False" +,"","Should/3rd Party","MS.EXO.15.2v1","A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See Secure Configuration Baseline policy for instructions on manual check.","False" +,"","Should/3rd Party","MS.EXO.15.3v1","A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See Secure Configuration Baseline policy for instructions on manual check.","False" +,"","Should/3rd Party","MS.EXO.16.2v1","A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See Secure Configuration Baseline policy for instructions on manual check.","False" +,"","Should/3rd Party","MS.EXO.9.2v1","A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See Secure Configuration Baseline policy for instructions on manual check.","False" +"[""NotInOrganization"",""NotInOrganization""]","Get-TransportRule","Shall","MS.EXO.7.1v1","Requirement met","True" +"[{""value"":[{""domain"":""tqhjy.onmicrosoft.com"",""log"":[""@{query_method=traditional; query_name=selector1._domainkey.tqhjy.onmicrosoft.com; query_result=Query returned NXDomain}"",""@{query_method=traditional; query_name=selector2._domainkey.tqhjy.onmicrosoft.com; query_result=Query returned NXDomain}"",""@{query_method=traditional; query_name=selector1-tqhjy-onmicrosoft-com._domainkey.tqhjy.onmicrosoft.com; query_result=Query returned 2 txt records}""],""rdata"":[]}],""Count"":1},{""value"":[{""AdminDisplayName"":"""",""Algorithm"":""RsaSHA256"",""BodyCanonicalization"":""Relaxed"",""DistinguishedName"":""CN=tqhjy.onmicrosoft.com,CN=Dkim Signing config,CN=Transport Settings,CN=Configuration,CN=tqhjy.onmicrosoft.com,CN=ConfigurationUnits,DC=NAMPR09A006,DC=PROD,DC=OUTLOOK,DC=COM"",""Domain"":""tqhjy.onmicrosoft.com"",""Enabled"":true,""ExchangeObjectId"":""ea1866b3-b7fa-4dbe-b9c9-48087391a536"",""ExchangeVersion"":""0.20 (15.0.0.0)"",""Guid"":""476371c0-bf15-4101-84a7-a3a03b4266f1"",""HeaderCanonicalization"":""Relaxed"",""Id"":""tqhjy.onmicrosoft.com"",""Identity"":""tqhjy.onmicrosoft.com"",""IncludeKeyExpiration"":false,""IncludeSignatureCreationTime"":true,""IsDefault"":true,""IsValid"":true,""KeyCreationTime"":""Date(1653603718610)"",""LastChecked"":""Date(1653603718610)"",""Name"":""tqhjy.onmicrosoft.com"",""NumberOfBytesToSign"":""All"",""ObjectCategory"":""NAMPR09A006.PROD.OUTLOOK.COM/Configuration/Schema/ms-Exch-Hosted-Content-Filter-Config"",""ObjectClass"":[""top"",""msExchHostedContentFilterConfig""],""ObjectState"":""Unchanged"",""OrganizationId"":""NAMPR09A006.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - NAMPR09A006.PROD.OUTLOOK.COM/ConfigurationUnits/tqhjy.onmicrosoft.com/Configuration"",""OrganizationalUnitRoot"":""tqhjy.onmicrosoft.com"",""OriginatingServer"":""MWHPR09A006DC08.NAMPR09A006.PROD.OUTLOOK.COM"",""RotateOnDate"":""Date(1653949318610)"",""Selector1CNAME"":""selector1-tqhjy-onmicrosoft-com._domainkey.tqhjy.onmicrosoft.com"",""Selector1KeySize"":2048,""Selector1PublicKey"":""v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAohoPDhGToRO8y7acaWL2w15wsCmwabxgTwODro2c1BeRYXfnUMStICo3w4ZrYDtGZDSA7hm0x7OHujF1CoQnXiBmrQ154wtomPyx3Op/VC6+b9di4z15XBvhXh/fLBUdEJ6wsybMLmQ+WPQA6vsM3UN5Cv5rl2SylFoM//eLmw5R6NmMIj3GQg9b+vQl2cKNXqII2gZrB07P6xt2wW1VA/LPjdRFUEys9YzBgOqM53VaODWDXDIvUH/nPRVAtOEsV19u66jyzZnzcz9a7ATxizix7DnySzI3koVlOGi/+dLx8FYIAZ/75wkH1O/gH8/n4C66uwRm/example+QIDAQAB;"",""Selector2CNAME"":""selector2-tqhjy-onmicrosoft-com._domainkey.tqhjy.onmicrosoft.com"",""Selector2KeySize"":2048,""Selector2PublicKey"":""v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0N9/MWtBA7REPZSGKz9hfYIgF5jm5uri7RVSkaptlnvK0AI6jmJ4TvZ4beFzrfJDh6cIt5gX0UqnTzF9/0UZeyfRuUQAUew/sXU8FZXEnt+Bxr9k8PkAaqr2ksYhY/n46DxrWu1X/Cz7tye5FBnsTbyI6PnaBCfcgzwFnULaojUtdqSQGF7dt4HcyZGnUX1YLNwhp4Lyi9g1bZF6EdNMYHuKXFIsRo5qmEMagIsi557jGlGNTqTKJ9aZWGiCgjFJ14mTUN/itKXb5RqBAfG9KeZQXk6hWGTe7H9lVOshMZgV4t0FyaisrGg5GselbKZukxcA8xsOndexampleAQIDAQAB;"",""SelectorAfterRotateOnDate"":""selector2"",""SelectorBeforeRotateOnDate"":""selector1"",""Status"":""Valid"",""WhenChanged"":""Date(1653603732000)"",""WhenChangedUTC"":""Date(1653603732000)"",""WhenCreated"":""Date(1619484596000)"",""WhenCreatedUTC"":""Date(1619484596000)""}],""Count"":1}]","Get-DkimSigningConfig, Get-ScubaDkimRecord, Get-AcceptedDomain","Should","MS.EXO.3.1v1","1 agency domain(s) found in violation: tqhjy.onmicrosoft.com","False" +"{""AddressBookPolicyRoutingEnabled"":false,""AdminDisplayName"":"""",""AgentGeneratedMessageLoopDetectionInSmtpEnabled"":true,""AgentGeneratedMessageLoopDetectionInSubmissionEnabled"":true,""AllowLegacyTLSClients"":null,""AnonymousSenderToRecipientRatePerHour"":1800,""AttributionRejectBeforeMServRequest"":false,""AttributionRejectConsumerMessages"":false,""ClearCategories"":true,""ConvertDisclaimerWrapperToEml"":false,""ConvertReportToMessage"":false,""DSNConversionMode"":""PreserveDSNBody"",""DiagnosticsAggregationServicePort"":9710,""DistinguishedName"":""CN=Transport Settings,CN=Configuration,CN=tqhjy.onmicrosoft.com,CN=ConfigurationUnits,DC=NAMPR09A006,DC=PROD,DC=OUTLOOK,DC=COM"",""EnableExternalHTTPMailDelivery"":false,""ExchangeObjectId"":""7ef195bd-4f88-46bc-97e6-db6c7665321b"",""ExchangeVersion"":""0.1 (8.0.535.0)"",""ExternalDelayDsnEnabled"":true,""ExternalDsnDefaultLanguage"":null,""ExternalDsnLanguageDetectionEnabled"":true,""ExternalDsnMaxMessageAttachSize"":""10 MB (10,485,760 bytes)"",""ExternalDsnReportingAuthority"":null,""ExternalDsnSendHtml"":true,""ExternalPostmasterAddress"":null,""GenerateCopyOfDSNFor"":[],""Guid"":""01d25010-40a8-4d0a-9419-fb1d775b4d16"",""HeaderPromotionModeSetting"":""NoCreate"",""HygieneSuite"":""Premium"",""Id"":""Transport Settings"",""Identity"":""Transport Settings"",""InternalDelayDsnEnabled"":true,""InternalDsnDefaultLanguage"":null,""InternalDsnLanguageDetectionEnabled"":true,""InternalDsnMaxMessageAttachSize"":""10 MB (10,485,760 bytes)"",""InternalDsnReportingAuthority"":null,""InternalDsnSendHtml"":true,""InternalSMTPServers"":[],""IsValid"":true,""JournalArchivingEnabled"":false,""JournalMessageExpirationDays"":0,""JournalReportDLMemberSubstitutionEnabled"":false,""JournalingReportNdrTo"":""\u003c\u003e"",""LegacyArchiveJournalingEnabled"":false,""LegacyArchiveLiveJournalingEnabled"":false,""LegacyJournalingMigrationEnabled"":false,""MaxAllowedAgentGeneratedMessageDepth"":3,""MaxAllowedAgentGeneratedMessageDepthPerAgent"":2,""MaxDumpsterSizePerDatabase"":""18 MB (18,874,368 bytes)"",""MaxDumpsterTime"":""7.00:00:00"",""MaxReceiveSize"":""Unlimited"",""MaxRecipientEnvelopeLimit"":""Unlimited"",""MaxSendSize"":""Unlimited"",""MessageExpiration"":""1.00:00:00"",""MigrationEnabled"":true,""Name"":""Transport Settings"",""ObjectCategory"":""NAMPR09A006.PROD.OUTLOOK.COM/Configuration/Schema/ms-Exch-Transport-Settings"",""ObjectClass"":[""top"",""container"",""msExchTransportSettings""],""ObjectState"":""Unchanged"",""OpenDomainRoutingEnabled"":false,""OrganizationFederatedMailbox"":""FederatedEmail.4c1f4d8b-8179-4148-93bf-00a95fa1e042@tqhjy.onmicrosoft.com"",""OrganizationId"":""NAMPR09A006.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - NAMPR09A006.PROD.OUTLOOK.COM/ConfigurationUnits/tqhjy.onmicrosoft.com/Configuration"",""OrganizationalUnitRoot"":""tqhjy.onmicrosoft.com"",""OriginatingServer"":""MWHPR09A006DC08.NAMPR09A006.PROD.OUTLOOK.COM"",""OtherWellKnownObjects"":[],""PreserveReportBodypart"":true,""QueueDiagnosticsAggregationInterval"":""00:01:00"",""RedirectDLMessagesForLegacyArchiveJournaling"":false,""RedirectUnprovisionedUserMessagesForLegacyArchiveJournaling"":false,""ReplyAllStormBlockDurationHours"":6,""ReplyAllStormDetectionMinimumRecipients"":2500,""ReplyAllStormDetectionMinimumReplies"":10,""ReplyAllStormProtectionEnabled"":true,""Rfc2231EncodingEnabled"":false,""SafetyNetHoldTime"":""7.00:00:00"",""SmtpClientAuthenticationDisabled"":true,""SupervisionTags"":[""Reject"",""Allow""],""TLSReceiveDomainSecureList"":[],""TLSSendDomainSecureList"":[],""TransportRuleAttachmentTextScanLimit"":""1 MB (1,048,576 bytes)"",""TransportRuleCollectionAddedRecipientsLimit"":100,""TransportRuleCollectionRegexCharsLimit"":""20 KB (20,480 bytes)"",""TransportRuleConfig"":[""TransportRuleMinProductVersion:14.0.0.0"",""TransportRuleRegexValidationTimeout:00:00:00.3000000"",""TransportRuleAttachmentTextScanLimit:1 MB (1,048,576 bytes)"",""TransportRuleSizeLimit:8 KB (8,192 bytes)"",""TransportRuleCollectionRegexCharsLimit:20 KB (20,480 bytes)"",""TransportRuleLimit:300"",""TransportRuleCollectionAddedRecipientsLimit:100""],""TransportRuleLimit"":300,""TransportRuleMinProductVersion"":{""Build"":0,""Major"":14,""MajorRevision"":0,""Minor"":0,""MinorRevision"":0,""Revision"":0},""TransportRuleRegexValidationTimeout"":""00:00:00.3000000"",""TransportRuleSizeLimit"":""8 KB (8,192 bytes)"",""VerifySecureSubmitEnabled"":false,""VoicemailJournalingEnabled"":true,""WhenChanged"":""Date(1717562155000)"",""WhenChangedUTC"":""Date(1717562155000)"",""WhenCreated"":""Date(1619484398000)"",""WhenCreatedUTC"":""Date(1619484398000)"",""Xexch50Enabled"":true}","Get-TransportConfig","Shall","MS.EXO.5.1v1","Requirement met","True" +"{""AdminDisplayName"":"""",""Default"":true,""DistinguishedName"":""CN=Default Sharing Policy,CN=Federation,CN=Configuration,CN=tqhjy.onmicrosoft.com,CN=ConfigurationUnits,DC=NAMPR09A006,DC=PROD,DC=OUTLOOK,DC=COM"",""Domains"":[""Anonymous:0""],""Enabled"":false,""ExchangeObjectId"":""2d52a1ae-4c17-42e0-925e-919b2bf68a18"",""ExchangeVersion"":""0.10 (14.0.100.0)"",""Guid"":""137df5c0-4fe4-49bb-923c-e2bdfd89f448"",""Id"":""Default Sharing Policy"",""Identity"":""Default Sharing Policy"",""IsValid"":true,""Name"":""Default Sharing Policy"",""ObjectCategory"":""NAMPR09A006.PROD.OUTLOOK.COM/Configuration/Schema/ms-Exch-Sharing-Policy"",""ObjectClass"":[""top"",""msExchSharingPolicy""],""ObjectState"":""Changed"",""OrganizationId"":""NAMPR09A006.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - NAMPR09A006.PROD.OUTLOOK.COM/ConfigurationUnits/tqhjy.onmicrosoft.com/Configuration"",""OrganizationalUnitRoot"":""tqhjy.onmicrosoft.com"",""OriginatingServer"":""MWHPR09A006DC08.NAMPR09A006.PROD.OUTLOOK.COM"",""WhenChanged"":""Date(1691164284000)"",""WhenChangedUTC"":""Date(1691164284000)"",""WhenCreated"":""Date(1619484547000)"",""WhenCreatedUTC"":""Date(1619484547000)""}","Get-SharingPolicy","Shall","MS.EXO.6.1v1","Requirement met","True" +"{""AdminDisplayName"":"""",""Default"":true,""DistinguishedName"":""CN=Default Sharing Policy,CN=Federation,CN=Configuration,CN=tqhjy.onmicrosoft.com,CN=ConfigurationUnits,DC=NAMPR09A006,DC=PROD,DC=OUTLOOK,DC=COM"",""Domains"":[""Anonymous:0""],""Enabled"":false,""ExchangeObjectId"":""2d52a1ae-4c17-42e0-925e-919b2bf68a18"",""ExchangeVersion"":""0.10 (14.0.100.0)"",""Guid"":""137df5c0-4fe4-49bb-923c-e2bdfd89f448"",""Id"":""Default Sharing Policy"",""Identity"":""Default Sharing Policy"",""IsValid"":true,""Name"":""Default Sharing Policy"",""ObjectCategory"":""NAMPR09A006.PROD.OUTLOOK.COM/Configuration/Schema/ms-Exch-Sharing-Policy"",""ObjectClass"":[""top"",""msExchSharingPolicy""],""ObjectState"":""Changed"",""OrganizationId"":""NAMPR09A006.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - NAMPR09A006.PROD.OUTLOOK.COM/ConfigurationUnits/tqhjy.onmicrosoft.com/Configuration"",""OrganizationalUnitRoot"":""tqhjy.onmicrosoft.com"",""OriginatingServer"":""MWHPR09A006DC08.NAMPR09A006.PROD.OUTLOOK.COM"",""WhenChanged"":""Date(1691164284000)"",""WhenChangedUTC"":""Date(1691164284000)"",""WhenCreated"":""Date(1619484547000)"",""WhenCreatedUTC"":""Date(1619484547000)""}","Get-SharingPolicy","Shall","MS.EXO.6.2v1","Requirement met","True" +"{""AdminDisplayName"":"""",""DirectoryBasedEdgeBlockMode"":""Default"",""DistinguishedName"":""CN=Default,CN=Hosted Connection Filter,CN=Transport Settings,CN=Configuration,CN=tqhjy.onmicrosoft.com,CN=ConfigurationUnits,DC=NAMPR09A006,DC=PROD,DC=OUTLOOK,DC=COM"",""EnableSafeList"":false,""ExchangeObjectId"":""7021b7cf-b9fa-4280-94ff-fba468dbb0ab"",""ExchangeVersion"":""0.20 (15.0.0.0)"",""Guid"":""ddb99cb3-211b-47ee-bc9c-86e6c8d0e692"",""IPAllowList"":[],""IPBlockList"":[],""Id"":""Default"",""Identity"":""Default"",""IsDefault"":true,""IsValid"":true,""Name"":""Default"",""ObjectCategory"":""NAMPR09A006.PROD.OUTLOOK.COM/Configuration/Schema/ms-Exch-Hosted-Connection-Filter-Policy"",""ObjectClass"":[""top"",""msExchHostedConnectionFilterPolicy""],""ObjectState"":""Unchanged"",""OrganizationId"":""NAMPR09A006.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - NAMPR09A006.PROD.OUTLOOK.COM/ConfigurationUnits/tqhjy.onmicrosoft.com/Configuration"",""OrganizationalUnitRoot"":""tqhjy.onmicrosoft.com"",""OriginatingServer"":""MWHPR09A006DC08.NAMPR09A006.PROD.OUTLOOK.COM"",""WhenChanged"":""Date(1717562554000)"",""WhenChangedUTC"":""Date(1717562554000)"",""WhenCreated"":""Date(1619484586000)"",""WhenCreatedUTC"":""Date(1619484586000)""}","Get-HostedConnectionFilterPolicy","Should","MS.EXO.12.1v1","Requirement met","True" +"{""AdminDisplayName"":"""",""DirectoryBasedEdgeBlockMode"":""Default"",""DistinguishedName"":""CN=Default,CN=Hosted Connection Filter,CN=Transport Settings,CN=Configuration,CN=tqhjy.onmicrosoft.com,CN=ConfigurationUnits,DC=NAMPR09A006,DC=PROD,DC=OUTLOOK,DC=COM"",""EnableSafeList"":false,""ExchangeObjectId"":""7021b7cf-b9fa-4280-94ff-fba468dbb0ab"",""ExchangeVersion"":""0.20 (15.0.0.0)"",""Guid"":""ddb99cb3-211b-47ee-bc9c-86e6c8d0e692"",""IPAllowList"":[],""IPBlockList"":[],""Id"":""Default"",""Identity"":""Default"",""IsDefault"":true,""IsValid"":true,""Name"":""Default"",""ObjectCategory"":""NAMPR09A006.PROD.OUTLOOK.COM/Configuration/Schema/ms-Exch-Hosted-Connection-Filter-Policy"",""ObjectClass"":[""top"",""msExchHostedConnectionFilterPolicy""],""ObjectState"":""Unchanged"",""OrganizationId"":""NAMPR09A006.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - NAMPR09A006.PROD.OUTLOOK.COM/ConfigurationUnits/tqhjy.onmicrosoft.com/Configuration"",""OrganizationalUnitRoot"":""tqhjy.onmicrosoft.com"",""OriginatingServer"":""MWHPR09A006DC08.NAMPR09A006.PROD.OUTLOOK.COM"",""WhenChanged"":""Date(1717562554000)"",""WhenChangedUTC"":""Date(1717562554000)"",""WhenCreated"":""Date(1619484586000)"",""WhenCreatedUTC"":""Date(1619484586000)""}","Get-HostedConnectionFilterPolicy","Should","MS.EXO.12.2v1","Requirement met","True" "{""AuditDisabled"":false,""DisplayName"":""tqhjy"",""Name"":""tqhjy.onmicrosoft.com""}","Get-OrganizationConfig","Shall","MS.EXO.13.1v1","Requirement met","True" "{""domain"":""tqhjy.onmicrosoft.com"",""log"":[{""query_method"":""traditional"",""query_name"":""_dmarc.tqhjy.onmicrosoft.com"",""query_result"":""Query returned NXDomain""},{""query_method"":""traditional"",""query_name"":""_dmarc.onmicrosoft.com"",""query_result"":""Query returned NXDomain""}],""rdata"":[]}","Get-ScubaDmarcRecord, Get-AcceptedDomain","Shall","MS.EXO.4.1v1","1 agency domain(s) found in violation: tqhjy.onmicrosoft.com","False" "{""domain"":""tqhjy.onmicrosoft.com"",""log"":[{""query_method"":""traditional"",""query_name"":""_dmarc.tqhjy.onmicrosoft.com"",""query_result"":""Query returned NXDomain""},{""query_method"":""traditional"",""query_name"":""_dmarc.onmicrosoft.com"",""query_result"":""Query returned NXDomain""}],""rdata"":[]}","Get-ScubaDmarcRecord, Get-AcceptedDomain","Shall","MS.EXO.4.2v1","1 agency domain(s) found in violation: tqhjy.onmicrosoft.com","False" @@ -90,31 +90,31 @@ "true","Get-TenantSettings","Shall","MS.POWERPLATFORM.1.1v1","Requirement met","True" "true","Get-TenantSettings","Shall","MS.POWERPLATFORM.1.2v1","Requirement met","True" "true","Get-TenantSettings","Should","MS.POWERPLATFORM.5.1v1","Requirement met","True" -,"","Shall/Not-Implemented","MS.POWERPLATFORM.4.1v1","This product does not currently have the capability to check compliance for this policy. See Secure Configuration Baseline policy for instructions on manual check","False" -,"","Should/Not-Implemented","MS.POWERPLATFORM.3.2v1","This product does not currently have the capability to check compliance for this policy. See Secure Configuration Baseline policy for instructions on manual check","False" -,"Get-DlpPolicy","Should","MS.POWERPLATFORM.2.2v1","Requirement met","True" +,"","Shall/Not-Implemented","MS.POWERPLATFORM.4.1v1","This product does not currently have the capability to check compliance for this policy. See Secure Configuration Baseline policy for instructions on manual check","False" +,"","Should/Not-Implemented","MS.POWERPLATFORM.3.2v1","This product does not currently have the capability to check compliance for this policy. See Secure Configuration Baseline policy for instructions on manual check","False" ,"Get-DlpPolicy","Should","MS.POWERPLATFORM.2.3v1","Requirement met","True" +"""407cbeff-b477-e3b4-9ca7-097888a9ec4e""","Get-DlpPolicy","Should","MS.POWERPLATFORM.2.2v1","1 Subsequent environments without DLP policies: 407cbeff-b477-e3b4-9ca7-097888a9ec4e","False" "{""PolicyName"":""DLP functional test""}","Get-DlpPolicy","Shall","MS.POWERPLATFORM.2.1v1","Requirement met","True" -,"","Shall/Not-Implemented","MS.SHAREPOINT.1.2v1","This product does not currently have the capability to check compliance for this policy. See Secure Configuration Baseline policy for instructions on manual check","False" -,"","Shall/Not-Implemented","MS.SHAREPOINT.3.2v1","This product does not currently have the capability to check compliance for this policy. See Secure Configuration Baseline policy for instructions on manual check","False" -,"","Shall/Not-Implemented","MS.SHAREPOINT.4.1v1","This product does not currently have the capability to check compliance for this policy. See Secure Configuration Baseline policy for instructions on manual check","False" -"[true,0]","Get-SPOTenant, Get-PnPTenant","Shall","MS.SHAREPOINT.1.4v1","Requirement met","True" +,"","Shall/Not-Implemented","MS.SHAREPOINT.4.1v1","This product does not currently have the capability to check compliance for this policy. See Secure Configuration Baseline policy for instructions on manual check","False" +,"Get-SPOTenant","Shall/Not-Implemented","MS.SHAREPOINT.3.1v1","This policy is only applicable if External Sharing is set to any value other than Anyone. See Secure Configuration Baseline policy for more info","False" +,"Get-SPOTenant, Get-PnPTenant","Shall/Not-Implemented","MS.SHAREPOINT.1.3v1","This policy is only applicable if External Sharing is set to any value other than Only People In Your Organization. See Secure Configuration Baseline policy for more info","False" +,"Get-SPOTenant, Get-PnPTenant","Shall/Not-Implemented","MS.SHAREPOINT.1.4v1","This policy is only applicable if External Sharing is set to any value other than Only People In Your Organization. See Secure Configuration Baseline policy for more info","False" +,"Get-SPOTenant, Get-PnPTenant","Shall/Not-Implemented","MS.SHAREPOINT.3.2v1","This policy is only applicable if External Sharing is set to any value other than Anyone. See Secure Configuration Baseline policy for more info","False" +,"Get-SPOTenant, Get-PnPTenant","Shall/Not-Implemented","MS.SHAREPOINT.3.3v1","External Sharing is set to Only People In Your Organization. This policy is only applicable if External Sharing is set to any value other than Only People In Your Organization or Existing Guests. See Secure Configuration Baseline policy for more info","False" "0","Get-SPOTenant, Get-PnPTenant","Shall","MS.SHAREPOINT.1.1v1","Requirement met","True" -"[0,true,30]","Get-SPOTenant, Get-PnPTenant","Shall","MS.SHAREPOINT.3.3v1","Requirement met","True" -"[0,0]","Get-SPOTenant, Get-PnPTenant","Shall","MS.SHAREPOINT.1.3v1","Requirement met: external sharing is set to Only People In Organization","True" -"[0,30]","Get-SPOTenant, Get-PnPTenant","Shall","MS.SHAREPOINT.3.1v1","Requirement met","True" +"0","Get-SPOTenant, Get-PnPTenant","Shall","MS.SHAREPOINT.1.2v1","Requirement met","True" +"1","Get-SPOTenant, Get-PnPTenant","Shall","MS.SHAREPOINT.2.1v1","Requirement met","True" "1","Get-SPOTenant, Get-PnPTenant","Shall","MS.SHAREPOINT.2.2v1","Requirement met","True" "2","Get-SPOSite, Get-PnPTenantSite","Shall","MS.SHAREPOINT.4.2v1","Requirement met","True" -"3","Get-SPOTenant, Get-PnPTenant","Shall","MS.SHAREPOINT.2.1v1","Requirement not met","False" "false","Get-CsTeamsMeetingPolicy","Should","MS.TEAMS.1.6v1","Requirement met","True" """EveryoneInCompanyExcludingGuests""","Get-CsTeamsMeetingPolicy","Should","MS.TEAMS.1.4v1","Requirement met","True" """UserOverride""","Get-CsTeamsMeetingBroadcastPolicy","Should","MS.TEAMS.1.7v1","Requirement met","True" -,"","Shall/3rd Party","MS.TEAMS.6.1v1","A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See Secure Configuration Baseline policy for instructions on manual check.","False" -,"","Shall/3rd Party","MS.TEAMS.6.2v1","A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See Secure Configuration Baseline policy for instructions on manual check.","False" -,"","Should/3rd Party","MS.TEAMS.7.1v1","A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See Secure Configuration Baseline policy for instructions on manual check.","False" -,"","Should/3rd Party","MS.TEAMS.7.2v1","A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See Secure Configuration Baseline policy for instructions on manual check.","False" -,"","Should/3rd Party","MS.TEAMS.8.1v1","A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See Secure Configuration Baseline policy for instructions on manual check.","False" -,"","Should/3rd Party","MS.TEAMS.8.2v1","A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See Secure Configuration Baseline policy for instructions on manual check.","False" +,"","Shall/3rd Party","MS.TEAMS.6.1v1","A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See Secure Configuration Baseline policy for instructions on manual check.","False" +,"","Shall/3rd Party","MS.TEAMS.6.2v1","A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See Secure Configuration Baseline policy for instructions on manual check.","False" +,"","Should/3rd Party","MS.TEAMS.7.1v1","A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See Secure Configuration Baseline policy for instructions on manual check.","False" +,"","Should/3rd Party","MS.TEAMS.7.2v1","A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See Secure Configuration Baseline policy for instructions on manual check.","False" +,"","Should/3rd Party","MS.TEAMS.8.1v1","A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See Secure Configuration Baseline policy for instructions on manual check.","False" +,"","Should/3rd Party","MS.TEAMS.8.2v1","A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See Secure Configuration Baseline policy for instructions on manual check.","False" "[""EveryoneInCompanyExcludingGuests"",false]","Get-CsTeamsMeetingPolicy","Should","MS.TEAMS.1.3v1","Requirement met","True" "{""AssignedPlans"":""MCOEV, Teams_GCC, MCOProfessional, MCOMEETADD"",""ClientConfig"":[{""AllowBox"":true,""AllowDropBox"":true,""AllowEgnyte"":true,""AllowEmailIntoChannel"":false,""AllowGoogleDrive"":true,""AllowGuestUser"":true,""AllowOrganizationTab"":true,""AllowResourceAccountSendMessage"":true,""AllowRoleBasedChatPermissions"":false,""AllowScopedPeopleSearchandAccess"":false,""AllowShareFile"":true,""AllowSkypeBusinessInterop"":true,""ConfigMetadata"":{""Authority"":""Tenant""},""ContentPin"":""RequiredOutsideScheduleMeeting"",""DataSource"":null,""Identity"":""Global"",""Key"":{""AuthorityId"":""Class=Tenant;InstanceId=ca08493a-c9c8-4db0-a9e8-d3b4bafac269;XmlRoot="",""DefaultXml"":""SchemaId=;Data=;ConfigObject=;Signature=00000000-0000-0000-0000-000000000000;IsModified=True"",""SchemaId"":""XName="",""ScopeClass"":""Global"",""XmlRoot"":""name={urn:schema:Microsoft.Rtc.Management.ScopeFramework.2008}AnchoredXmlKey""},""ResourceAccountContentAccess"":""NoAccess"",""RestrictedSenderList"":null}]}","Get-CsTeamsClientConfiguration, Get-CsTenant","Shall","MS.TEAMS.4.1v1","N/A: Feature is unavailable in GCC environments","True" ,"Get-CsTeamsAppPermissionPolicy","Should","MS.TEAMS.5.1v1","Requirement met","True" diff --git a/PowerShell/ScubaGear/Sample-Reports/TestResults.json b/PowerShell/ScubaGear/Sample-Reports/TestResults.json index e7ce2fdbc..914074fe4 100644 --- a/PowerShell/ScubaGear/Sample-Reports/TestResults.json +++ b/PowerShell/ScubaGear/Sample-Reports/TestResults.json @@ -10,18 +10,6 @@ "ReportDetails": "0 admin(s) that are not cloud-only found", "RequirementMet": true }, - { - "ActualValue": [ - - ], - "Commandlet": [ - - ], - "Criticality": "Shall/Not-Implemented", - "PolicyId": "MS.AAD.3.3v1", - "ReportDetails": "This product does not currently have the capability to check compliance for this policy. See \u003ca href=\"https://github.com/cisagov/ScubaGear/blob/v1.2.0/PowerShell/ScubaGear/baselines/aad.md#msaad33v1\" target=\"_blank\"\u003eSecure Configuration Baseline policy\u003c/a\u003e for instructions on manual check", - "RequirementMet": false - }, { "ActualValue": [ @@ -31,7 +19,7 @@ ], "Criticality": "Shall/Not-Implemented", "PolicyId": "MS.AAD.4.1v1", - "ReportDetails": "This product does not currently have the capability to check compliance for this policy. See \u003ca href=\"https://github.com/cisagov/ScubaGear/blob/v1.2.0/PowerShell/ScubaGear/baselines/aad.md#msaad41v1\" target=\"_blank\"\u003eSecure Configuration Baseline policy\u003c/a\u003e for instructions on manual check", + "ReportDetails": "This product does not currently have the capability to check compliance for this policy. See \u003ca href=\"https://github.com/cisagov/ScubaGear/blob/v1.3.0/PowerShell/ScubaGear/baselines/aad.md#msaad41v1\" target=\"_blank\"\u003eSecure Configuration Baseline policy\u003c/a\u003e for instructions on manual check", "RequirementMet": false }, { @@ -43,7 +31,7 @@ ], "Criticality": "Should/Not-Implemented", "PolicyId": "MS.AAD.2.2v1", - "ReportDetails": "This product does not currently have the capability to check compliance for this policy. See \u003ca href=\"https://github.com/cisagov/ScubaGear/blob/v1.2.0/PowerShell/ScubaGear/baselines/aad.md#msaad22v1\" target=\"_blank\"\u003eSecure Configuration Baseline policy\u003c/a\u003e for instructions on manual check", + "ReportDetails": "This product does not currently have the capability to check compliance for this policy. See \u003ca href=\"https://github.com/cisagov/ScubaGear/blob/v1.3.0/PowerShell/ScubaGear/baselines/aad.md#msaad22v1\" target=\"_blank\"\u003eSecure Configuration Baseline policy\u003c/a\u003e for instructions on manual check", "RequirementMet": false }, { @@ -55,7 +43,7 @@ ], "Criticality": "Should/Not-Implemented", "PolicyId": "MS.AAD.8.3v1", - "ReportDetails": "This product does not currently have the capability to check compliance for this policy. See \u003ca href=\"https://github.com/cisagov/ScubaGear/blob/v1.2.0/PowerShell/ScubaGear/baselines/aad.md#msaad83v1\" target=\"_blank\"\u003eSecure Configuration Baseline policy\u003c/a\u003e for instructions on manual check", + "ReportDetails": "This product does not currently have the capability to check compliance for this policy. See \u003ca href=\"https://github.com/cisagov/ScubaGear/blob/v1.3.0/PowerShell/ScubaGear/baselines/aad.md#msaad83v1\" target=\"_blank\"\u003eSecure Configuration Baseline policy\u003c/a\u003e for instructions on manual check", "RequirementMet": false }, { @@ -65,9 +53,9 @@ "Commandlet": [ "Get-MgBetaPolicyAuthenticationMethodPolicy" ], - "Criticality": "Shall", + "Criticality": "Shall/Not-Implemented", "PolicyId": "MS.AAD.3.5v1", - "ReportDetails": "This policy is only applicable if the tenant has their Manage Migration feature set to Migration Complete. See \u003ca href=\"https://github.com/cisagov/ScubaGear/blob/v1.2.0/PowerShell/ScubaGear/baselines/aad.md#msaad34v1\" target=\"_blank\"\u003eSecure Configuration Baseline policy\u003c/a\u003e for more info", + "ReportDetails": "This policy is only applicable if the tenant has their Manage Migration feature set to Migration Complete. See \u003ca href=\"https://github.com/cisagov/ScubaGear/blob/v1.3.0/PowerShell/ScubaGear/baselines/aad.md#msaad34v1\" target=\"_blank\"\u003eSecure Configuration Baseline policy\u003c/a\u003e for more info", "RequirementMet": false }, { @@ -82,6 +70,57 @@ "ReportDetails": "Requirement not met", "RequirementMet": false }, + { + "ActualValue": { + "AdditionalProperties": { + "@odata.type": "#microsoft.graph.microsoftAuthenticatorAuthenticationMethodConfiguration", + "featureSettings": { + "companionAppAllowedState": { + "excludeTarget": "@{id=00000000-0000-0000-0000-000000000000; targetType=group}", + "includeTarget": "@{id=all_users; targetType=group}", + "state": "default" + }, + "displayAppInformationRequiredState": { + "excludeTarget": "@{id=00000000-0000-0000-0000-000000000000; targetType=group}", + "includeTarget": "@{id=all_users; targetType=group}", + "state": "enabled" + }, + "displayLocationInformationRequiredState": { + "excludeTarget": "@{id=00000000-0000-0000-0000-000000000000; targetType=group}", + "includeTarget": "@{id=all_users; targetType=group}", + "state": "enabled" + }, + "numberMatchingRequiredState": { + "excludeTarget": "@{id=00000000-0000-0000-0000-000000000000; targetType=group}", + "includeTarget": "@{id=all_users; targetType=group}", + "state": "enabled" + } + }, + "includeTargets": [ + { + "authenticationMode": "any", + "id": "all_users", + "isRegistrationRequired": false, + "targetType": "group" + } + ], + "includeTargets@odata.context": "https://graph.microsoft.com/beta/$metadata#policies/authenticationMethodsPolicy/authenticationMethodConfigurations(\u0027MicrosoftAuthenticator\u0027)/microsoft.graph.microsoftAuthenticatorAuthenticationMethodConfiguration/includeTargets", + "isSoftwareOathEnabled": false + }, + "ExcludeTargets": [ + + ], + "Id": "MicrosoftAuthenticator", + "State": "enabled" + }, + "Commandlet": [ + "Get-MgBetaPolicyAuthenticationMethodPolicy" + ], + "Criticality": "Shall", + "PolicyId": "MS.AAD.3.3v1", + "ReportDetails": "Requirement met", + "RequirementMet": true + }, { "ActualValue": { "all_admin_consent_policies": [ @@ -173,6 +212,18 @@ "ReportDetails": "Permission level set to \"Limited access\" (authorizationPolicy)", "RequirementMet": true }, + { + "ActualValue": [ + + ], + "Commandlet": [ + "Get-MgBetaDirectorySetting" + ], + "Criticality": "Shall", + "PolicyId": "MS.AAD.5.4v1", + "ReportDetails": "Requirement not met", + "RequirementMet": false + }, { "ActualValue": [ @@ -274,7 +325,6 @@ "Exchange Administrator(Directory Role)", "Global Administrator(Directory Role)", "Hybrid Identity Administrator(Directory Role)", - "PIM Test Group(PIM Group)", "Privileged Role Administrator(Directory Role)", "SharePoint Administrator(Directory Role)" ], @@ -284,7 +334,7 @@ ], "Criticality": "Shall", "PolicyId": "MS.AAD.7.7v1", - "ReportDetails": "7 role(s) or group(s) without notification e-mail configured for role assignments found:\u003cbr/\u003eCloud Application Administrator(Directory Role), Exchange Administrator(Directory Role), Global Administrator(Directory Role), Hybrid Identity Administrator(Directory Role), PIM Test Group(PIM Group), Privileged Role Administrator(Directory Role), SharePoint Administrator(Directory Role)", + "ReportDetails": "6 role(s) or group(s) without notification e-mail configured for role assignments found:\u003cbr/\u003eCloud Application Administrator(Directory Role), Exchange Administrator(Directory Role), Global Administrator(Directory Role), Hybrid Identity Administrator(Directory Role), Privileged Role Administrator(Directory Role), SharePoint Administrator(Directory Role)", "RequirementMet": false }, { @@ -292,7 +342,6 @@ "Cloud Application Administrator(Directory Role)", "Exchange Administrator(Directory Role)", "Hybrid Identity Administrator(Directory Role)", - "PIM Test Group(PIM Group)", "Privileged Role Administrator(Directory Role)", "SharePoint Administrator(Directory Role)" ], @@ -302,7 +351,7 @@ ], "Criticality": "Should", "PolicyId": "MS.AAD.7.9v1", - "ReportDetails": "6 role(s) or group(s) without notification e-mail configured for role activations found:\u003cbr/\u003eCloud Application Administrator(Directory Role), Exchange Administrator(Directory Role), Hybrid Identity Administrator(Directory Role), PIM Test Group(PIM Group), Privileged Role Administrator(Directory Role), SharePoint Administrator(Directory Role)", + "ReportDetails": "5 role(s) or group(s) without notification e-mail configured for role activations found:\u003cbr/\u003eCloud Application Administrator(Directory Role), Exchange Administrator(Directory Role), Hybrid Identity Administrator(Directory Role), Privileged Role Administrator(Directory Role), SharePoint Administrator(Directory Role)", "RequirementMet": false }, { @@ -394,22 +443,6 @@ "ReportDetails": "1 conditional access policy(s) found that meet(s) all requirements:\u003cbr/\u003eMS.AAD.3.2v1 If phishing-resistant MFA has not been enforced, an alternative MFA method SHALL be enforced for all users. \u003ca href=\u0027#caps\u0027\u003eView all CA policies\u003c/a\u003e.", "RequirementMet": true }, - { - "ActualValue": [ - { - "Name": "EnableGroupSpecificConsent", - "SettingsGroup": "Consent Policy Settings", - "Value": "false" - } - ], - "Commandlet": [ - "Get-MgBetaDirectorySetting" - ], - "Criticality": "Shall", - "PolicyId": "MS.AAD.5.4v1", - "ReportDetails": "Requirement met", - "RequirementMet": true - }, { "ActualValue": [ [ @@ -436,7 +469,7 @@ ], "Criticality": "Shall/Not-Implemented", "PolicyId": "MS.DEFENDER.6.2v1", - "ReportDetails": "This product does not currently have the capability to check compliance for this policy. See \u003ca href=\"https://github.com/cisagov/ScubaGear/blob/v1.2.0/PowerShell/ScubaGear/baselines/defender.md#msdefender62v1\" target=\"_blank\"\u003eSecure Configuration Baseline policy\u003c/a\u003e for instructions on manual check", + "ReportDetails": "This product does not currently have the capability to check compliance for this policy. See \u003ca href=\"https://github.com/cisagov/ScubaGear/blob/v1.3.0/PowerShell/ScubaGear/baselines/defender.md#msdefender62v1\" target=\"_blank\"\u003eSecure Configuration Baseline policy\u003c/a\u003e for instructions on manual check", "RequirementMet": false }, { @@ -448,7 +481,7 @@ ], "Criticality": "Shall/Not-Implemented", "PolicyId": "MS.DEFENDER.6.3v1", - "ReportDetails": "This product does not currently have the capability to check compliance for this policy. See \u003ca href=\"https://github.com/cisagov/ScubaGear/blob/v1.2.0/PowerShell/ScubaGear/baselines/defender.md#msdefender63v1\" target=\"_blank\"\u003eSecure Configuration Baseline policy\u003c/a\u003e for instructions on manual check", + "ReportDetails": "This product does not currently have the capability to check compliance for this policy. See \u003ca href=\"https://github.com/cisagov/ScubaGear/blob/v1.3.0/PowerShell/ScubaGear/baselines/defender.md#msdefender63v1\" target=\"_blank\"\u003eSecure Configuration Baseline policy\u003c/a\u003e for instructions on manual check", "RequirementMet": false }, { @@ -460,7 +493,7 @@ ], "Criticality": "Should/Not-Implemented", "PolicyId": "MS.DEFENDER.4.5v1", - "ReportDetails": "This product does not currently have the capability to check compliance for this policy. See \u003ca href=\"https://github.com/cisagov/ScubaGear/blob/v1.2.0/PowerShell/ScubaGear/baselines/defender.md#msdefender45v1\" target=\"_blank\"\u003eSecure Configuration Baseline policy\u003c/a\u003e for instructions on manual check", + "ReportDetails": "This product does not currently have the capability to check compliance for this policy. See \u003ca href=\"https://github.com/cisagov/ScubaGear/blob/v1.3.0/PowerShell/ScubaGear/baselines/defender.md#msdefender45v1\" target=\"_blank\"\u003eSecure Configuration Baseline policy\u003c/a\u003e for instructions on manual check", "RequirementMet": false }, { @@ -472,7 +505,7 @@ ], "Criticality": "Should/Not-Implemented", "PolicyId": "MS.DEFENDER.4.6v1", - "ReportDetails": "This product does not currently have the capability to check compliance for this policy. See \u003ca href=\"https://github.com/cisagov/ScubaGear/blob/v1.2.0/PowerShell/ScubaGear/baselines/defender.md#msdefender46v1\" target=\"_blank\"\u003eSecure Configuration Baseline policy\u003c/a\u003e for instructions on manual check", + "ReportDetails": "This product does not currently have the capability to check compliance for this policy. See \u003ca href=\"https://github.com/cisagov/ScubaGear/blob/v1.3.0/PowerShell/ScubaGear/baselines/defender.md#msdefender46v1\" target=\"_blank\"\u003eSecure Configuration Baseline policy\u003c/a\u003e for instructions on manual check", "RequirementMet": false }, { @@ -484,7 +517,7 @@ ], "Criticality": "Should/Not-Implemented", "PolicyId": "MS.DEFENDER.5.2v1", - "ReportDetails": "This product does not currently have the capability to check compliance for this policy. See \u003ca href=\"https://github.com/cisagov/ScubaGear/blob/v1.2.0/PowerShell/ScubaGear/baselines/defender.md#msdefender52v1\" target=\"_blank\"\u003eSecure Configuration Baseline policy\u003c/a\u003e for instructions on manual check", + "ReportDetails": "This product does not currently have the capability to check compliance for this policy. See \u003ca href=\"https://github.com/cisagov/ScubaGear/blob/v1.3.0/PowerShell/ScubaGear/baselines/defender.md#msdefender52v1\" target=\"_blank\"\u003eSecure Configuration Baseline policy\u003c/a\u003e for instructions on manual check", "RequirementMet": false }, { @@ -508,8 +541,8 @@ "Get-AntiPhishPolicy" ], "Criticality": "Should", - "PolicyId": "MS.DEFENDER.2.1v1", - "ReportDetails": "Not all sensitive users are included for targeted protection in Strict or Standard policy.", + "PolicyId": "MS.DEFENDER.2.2v1", + "ReportDetails": "Not all agency domains are included for targeted protection in Strict or Standard policy.", "RequirementMet": false }, { @@ -533,8 +566,8 @@ "Get-AntiPhishPolicy" ], "Criticality": "Should", - "PolicyId": "MS.DEFENDER.2.2v1", - "ReportDetails": "Not all agency domains are included for targeted protection in Strict or Standard policy.", + "PolicyId": "MS.DEFENDER.2.3v1", + "ReportDetails": "Not all partner domains are included for targeted protection in Strict or Standard policy.", "RequirementMet": false }, { @@ -543,24 +576,24 @@ "Accounts": [ ], - "Action": "", - "Name": "Strict Preset Security Policy" + "Action": "Quarantine", + "Name": "Strict Preset Security Policy1681329955447" }, { "Accounts": [ ], - "Action": "", - "Name": "Standard Preset Security Policy" + "Action": "Quarantine", + "Name": "Standard Preset Security Policy1659535429826" } ], "Commandlet": [ "Get-AntiPhishPolicy" ], "Criticality": "Should", - "PolicyId": "MS.DEFENDER.2.3v1", - "ReportDetails": "Not all partner domains are included for targeted protection in Strict or Standard policy.", - "RequirementMet": false + "PolicyId": "MS.DEFENDER.2.1v1", + "ReportDetails": "Requirement met", + "RequirementMet": true }, { "ActualValue": { @@ -577,16 +610,13 @@ { "ActualValue": { "Credit_Card": [ - "CreditCardsOnly", - "Baseline Rule", - "Missing_ITIN_Has_UKPassports" + "Baseline Rule" ], "ITIN": [ "Baseline Rule" ], "SSN": [ - "Baseline Rule", - "Missing_ITIN_Has_UKPassports" + "Baseline Rule" ] }, "Commandlet": [ @@ -644,7 +674,7 @@ ], "Criticality": "Should", "PolicyId": "MS.DEFENDER.4.2v1", - "ReportDetails": "No enabled policy found that applies to: Devices", + "ReportDetails": "DLP custom policy applied to the following locations: Exchange, OneDrive, SharePoint, Teams. Custom policy protecting sensitive info types NOT applied to: Devices. Devices location requires DLP for Endpoint licensing and at least one registered device. For full policy details, see the ActualValue field in the results file: ./TestResults.json", "RequirementMet": false }, { @@ -771,7 +801,7 @@ ], "Criticality": "Shall/3rd Party", "PolicyId": "MS.EXO.10.1v1", - "ReportDetails": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See \u003ca href=\"https://github.com/cisagov/ScubaGear/blob/v1.2.0/PowerShell/ScubaGear/baselines/exo.md#msexo101v1\" target=\"_blank\"\u003eSecure Configuration Baseline policy\u003c/a\u003e for instructions on manual check.", + "ReportDetails": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See \u003ca href=\"https://github.com/cisagov/ScubaGear/blob/v1.3.0/PowerShell/ScubaGear/baselines/exo.md#msexo101v1\" target=\"_blank\"\u003eSecure Configuration Baseline policy\u003c/a\u003e for instructions on manual check.", "RequirementMet": false }, { @@ -783,7 +813,7 @@ ], "Criticality": "Shall/3rd Party", "PolicyId": "MS.EXO.10.2v1", - "ReportDetails": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See \u003ca href=\"https://github.com/cisagov/ScubaGear/blob/v1.2.0/PowerShell/ScubaGear/baselines/exo.md#msexo102v1\" target=\"_blank\"\u003eSecure Configuration Baseline policy\u003c/a\u003e for instructions on manual check.", + "ReportDetails": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See \u003ca href=\"https://github.com/cisagov/ScubaGear/blob/v1.3.0/PowerShell/ScubaGear/baselines/exo.md#msexo102v1\" target=\"_blank\"\u003eSecure Configuration Baseline policy\u003c/a\u003e for instructions on manual check.", "RequirementMet": false }, { @@ -795,7 +825,7 @@ ], "Criticality": "Shall/3rd Party", "PolicyId": "MS.EXO.14.1v1", - "ReportDetails": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See \u003ca href=\"https://github.com/cisagov/ScubaGear/blob/v1.2.0/PowerShell/ScubaGear/baselines/exo.md#msexo141v1\" target=\"_blank\"\u003eSecure Configuration Baseline policy\u003c/a\u003e for instructions on manual check.", + "ReportDetails": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See \u003ca href=\"https://github.com/cisagov/ScubaGear/blob/v1.3.0/PowerShell/ScubaGear/baselines/exo.md#msexo141v1\" target=\"_blank\"\u003eSecure Configuration Baseline policy\u003c/a\u003e for instructions on manual check.", "RequirementMet": false }, { @@ -807,7 +837,7 @@ ], "Criticality": "Shall/3rd Party", "PolicyId": "MS.EXO.14.2v1", - "ReportDetails": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See \u003ca href=\"https://github.com/cisagov/ScubaGear/blob/v1.2.0/PowerShell/ScubaGear/baselines/exo.md#msexo142v1\" target=\"_blank\"\u003eSecure Configuration Baseline policy\u003c/a\u003e for instructions on manual check.", + "ReportDetails": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See \u003ca href=\"https://github.com/cisagov/ScubaGear/blob/v1.3.0/PowerShell/ScubaGear/baselines/exo.md#msexo142v1\" target=\"_blank\"\u003eSecure Configuration Baseline policy\u003c/a\u003e for instructions on manual check.", "RequirementMet": false }, { @@ -819,7 +849,7 @@ ], "Criticality": "Shall/3rd Party", "PolicyId": "MS.EXO.14.3v1", - "ReportDetails": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See \u003ca href=\"https://github.com/cisagov/ScubaGear/blob/v1.2.0/PowerShell/ScubaGear/baselines/exo.md#msexo143v1\" target=\"_blank\"\u003eSecure Configuration Baseline policy\u003c/a\u003e for instructions on manual check.", + "ReportDetails": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See \u003ca href=\"https://github.com/cisagov/ScubaGear/blob/v1.3.0/PowerShell/ScubaGear/baselines/exo.md#msexo143v1\" target=\"_blank\"\u003eSecure Configuration Baseline policy\u003c/a\u003e for instructions on manual check.", "RequirementMet": false }, { @@ -831,7 +861,7 @@ ], "Criticality": "Shall/3rd Party", "PolicyId": "MS.EXO.16.1v1", - "ReportDetails": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See \u003ca href=\"https://github.com/cisagov/ScubaGear/blob/v1.2.0/PowerShell/ScubaGear/baselines/exo.md#msexo161v1\" target=\"_blank\"\u003eSecure Configuration Baseline policy\u003c/a\u003e for instructions on manual check.", + "ReportDetails": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See \u003ca href=\"https://github.com/cisagov/ScubaGear/blob/v1.3.0/PowerShell/ScubaGear/baselines/exo.md#msexo161v1\" target=\"_blank\"\u003eSecure Configuration Baseline policy\u003c/a\u003e for instructions on manual check.", "RequirementMet": false }, { @@ -843,7 +873,7 @@ ], "Criticality": "Shall/3rd Party", "PolicyId": "MS.EXO.17.1v1", - "ReportDetails": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See \u003ca href=\"https://github.com/cisagov/ScubaGear/blob/v1.2.0/PowerShell/ScubaGear/baselines/exo.md#msexo171v1\" target=\"_blank\"\u003eSecure Configuration Baseline policy\u003c/a\u003e for instructions on manual check.", + "ReportDetails": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See \u003ca href=\"https://github.com/cisagov/ScubaGear/blob/v1.3.0/PowerShell/ScubaGear/baselines/exo.md#msexo171v1\" target=\"_blank\"\u003eSecure Configuration Baseline policy\u003c/a\u003e for instructions on manual check.", "RequirementMet": false }, { @@ -855,7 +885,7 @@ ], "Criticality": "Shall/3rd Party", "PolicyId": "MS.EXO.17.2v1", - "ReportDetails": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See \u003ca href=\"https://github.com/cisagov/ScubaGear/blob/v1.2.0/PowerShell/ScubaGear/baselines/exo.md#msexo172v1\" target=\"_blank\"\u003eSecure Configuration Baseline policy\u003c/a\u003e for instructions on manual check.", + "ReportDetails": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See \u003ca href=\"https://github.com/cisagov/ScubaGear/blob/v1.3.0/PowerShell/ScubaGear/baselines/exo.md#msexo172v1\" target=\"_blank\"\u003eSecure Configuration Baseline policy\u003c/a\u003e for instructions on manual check.", "RequirementMet": false }, { @@ -867,7 +897,7 @@ ], "Criticality": "Shall/3rd Party", "PolicyId": "MS.EXO.17.3v1", - "ReportDetails": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See \u003ca href=\"https://github.com/cisagov/ScubaGear/blob/v1.2.0/PowerShell/ScubaGear/baselines/exo.md#msexo173v1\" target=\"_blank\"\u003eSecure Configuration Baseline policy\u003c/a\u003e for instructions on manual check.", + "ReportDetails": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See \u003ca href=\"https://github.com/cisagov/ScubaGear/blob/v1.3.0/PowerShell/ScubaGear/baselines/exo.md#msexo173v1\" target=\"_blank\"\u003eSecure Configuration Baseline policy\u003c/a\u003e for instructions on manual check.", "RequirementMet": false }, { @@ -879,7 +909,7 @@ ], "Criticality": "Shall/3rd Party", "PolicyId": "MS.EXO.8.1v1", - "ReportDetails": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See \u003ca href=\"https://github.com/cisagov/ScubaGear/blob/v1.2.0/PowerShell/ScubaGear/baselines/exo.md#msexo81v1\" target=\"_blank\"\u003eSecure Configuration Baseline policy\u003c/a\u003e for instructions on manual check.", + "ReportDetails": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See \u003ca href=\"https://github.com/cisagov/ScubaGear/blob/v1.3.0/PowerShell/ScubaGear/baselines/exo.md#msexo81v1\" target=\"_blank\"\u003eSecure Configuration Baseline policy\u003c/a\u003e for instructions on manual check.", "RequirementMet": false }, { @@ -891,7 +921,7 @@ ], "Criticality": "Shall/3rd Party", "PolicyId": "MS.EXO.8.2v1", - "ReportDetails": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See \u003ca href=\"https://github.com/cisagov/ScubaGear/blob/v1.2.0/PowerShell/ScubaGear/baselines/exo.md#msexo82v1\" target=\"_blank\"\u003eSecure Configuration Baseline policy\u003c/a\u003e for instructions on manual check.", + "ReportDetails": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See \u003ca href=\"https://github.com/cisagov/ScubaGear/blob/v1.3.0/PowerShell/ScubaGear/baselines/exo.md#msexo82v1\" target=\"_blank\"\u003eSecure Configuration Baseline policy\u003c/a\u003e for instructions on manual check.", "RequirementMet": false }, { @@ -903,7 +933,7 @@ ], "Criticality": "Shall/3rd Party", "PolicyId": "MS.EXO.9.1v1", - "ReportDetails": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See \u003ca href=\"https://github.com/cisagov/ScubaGear/blob/v1.2.0/PowerShell/ScubaGear/baselines/exo.md#msexo91v1\" target=\"_blank\"\u003eSecure Configuration Baseline policy\u003c/a\u003e for instructions on manual check.", + "ReportDetails": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See \u003ca href=\"https://github.com/cisagov/ScubaGear/blob/v1.3.0/PowerShell/ScubaGear/baselines/exo.md#msexo91v1\" target=\"_blank\"\u003eSecure Configuration Baseline policy\u003c/a\u003e for instructions on manual check.", "RequirementMet": false }, { @@ -915,7 +945,7 @@ ], "Criticality": "Shall/3rd Party", "PolicyId": "MS.EXO.9.3v1", - "ReportDetails": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See \u003ca href=\"https://github.com/cisagov/ScubaGear/blob/v1.2.0/PowerShell/ScubaGear/baselines/exo.md#msexo93v1\" target=\"_blank\"\u003eSecure Configuration Baseline policy\u003c/a\u003e for instructions on manual check.", + "ReportDetails": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See \u003ca href=\"https://github.com/cisagov/ScubaGear/blob/v1.3.0/PowerShell/ScubaGear/baselines/exo.md#msexo93v1\" target=\"_blank\"\u003eSecure Configuration Baseline policy\u003c/a\u003e for instructions on manual check.", "RequirementMet": false }, { @@ -927,7 +957,7 @@ ], "Criticality": "Shall/Not-Implemented", "PolicyId": "MS.EXO.2.1v1", - "ReportDetails": "This product does not currently have the capability to check compliance for this policy. See \u003ca href=\"https://github.com/cisagov/ScubaGear/blob/v1.2.0/PowerShell/ScubaGear/baselines/exo.md#msexo21v1\" target=\"_blank\"\u003eSecure Configuration Baseline policy\u003c/a\u003e for instructions on manual check", + "ReportDetails": "This product does not currently have the capability to check compliance for this policy. See \u003ca href=\"https://github.com/cisagov/ScubaGear/blob/v1.3.0/PowerShell/ScubaGear/baselines/exo.md#msexo21v1\" target=\"_blank\"\u003eSecure Configuration Baseline policy\u003c/a\u003e for instructions on manual check", "RequirementMet": false }, { @@ -939,7 +969,7 @@ ], "Criticality": "Should/3rd Party", "PolicyId": "MS.EXO.10.3v1", - "ReportDetails": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See \u003ca href=\"https://github.com/cisagov/ScubaGear/blob/v1.2.0/PowerShell/ScubaGear/baselines/exo.md#msexo103v1\" target=\"_blank\"\u003eSecure Configuration Baseline policy\u003c/a\u003e for instructions on manual check.", + "ReportDetails": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See \u003ca href=\"https://github.com/cisagov/ScubaGear/blob/v1.3.0/PowerShell/ScubaGear/baselines/exo.md#msexo103v1\" target=\"_blank\"\u003eSecure Configuration Baseline policy\u003c/a\u003e for instructions on manual check.", "RequirementMet": false }, { @@ -951,7 +981,7 @@ ], "Criticality": "Should/3rd Party", "PolicyId": "MS.EXO.11.1v1", - "ReportDetails": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See \u003ca href=\"https://github.com/cisagov/ScubaGear/blob/v1.2.0/PowerShell/ScubaGear/baselines/exo.md#msexo111v1\" target=\"_blank\"\u003eSecure Configuration Baseline policy\u003c/a\u003e for instructions on manual check.", + "ReportDetails": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See \u003ca href=\"https://github.com/cisagov/ScubaGear/blob/v1.3.0/PowerShell/ScubaGear/baselines/exo.md#msexo111v1\" target=\"_blank\"\u003eSecure Configuration Baseline policy\u003c/a\u003e for instructions on manual check.", "RequirementMet": false }, { @@ -963,7 +993,7 @@ ], "Criticality": "Should/3rd Party", "PolicyId": "MS.EXO.11.2v1", - "ReportDetails": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See \u003ca href=\"https://github.com/cisagov/ScubaGear/blob/v1.2.0/PowerShell/ScubaGear/baselines/exo.md#msexo112v1\" target=\"_blank\"\u003eSecure Configuration Baseline policy\u003c/a\u003e for instructions on manual check.", + "ReportDetails": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See \u003ca href=\"https://github.com/cisagov/ScubaGear/blob/v1.3.0/PowerShell/ScubaGear/baselines/exo.md#msexo112v1\" target=\"_blank\"\u003eSecure Configuration Baseline policy\u003c/a\u003e for instructions on manual check.", "RequirementMet": false }, { @@ -975,7 +1005,7 @@ ], "Criticality": "Should/3rd Party", "PolicyId": "MS.EXO.11.3v1", - "ReportDetails": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See \u003ca href=\"https://github.com/cisagov/ScubaGear/blob/v1.2.0/PowerShell/ScubaGear/baselines/exo.md#msexo113v1\" target=\"_blank\"\u003eSecure Configuration Baseline policy\u003c/a\u003e for instructions on manual check.", + "ReportDetails": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See \u003ca href=\"https://github.com/cisagov/ScubaGear/blob/v1.3.0/PowerShell/ScubaGear/baselines/exo.md#msexo113v1\" target=\"_blank\"\u003eSecure Configuration Baseline policy\u003c/a\u003e for instructions on manual check.", "RequirementMet": false }, { @@ -987,7 +1017,7 @@ ], "Criticality": "Should/3rd Party", "PolicyId": "MS.EXO.15.1v1", - "ReportDetails": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See \u003ca href=\"https://github.com/cisagov/ScubaGear/blob/v1.2.0/PowerShell/ScubaGear/baselines/exo.md#msexo151v1\" target=\"_blank\"\u003eSecure Configuration Baseline policy\u003c/a\u003e for instructions on manual check.", + "ReportDetails": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See \u003ca href=\"https://github.com/cisagov/ScubaGear/blob/v1.3.0/PowerShell/ScubaGear/baselines/exo.md#msexo151v1\" target=\"_blank\"\u003eSecure Configuration Baseline policy\u003c/a\u003e for instructions on manual check.", "RequirementMet": false }, { @@ -999,7 +1029,7 @@ ], "Criticality": "Should/3rd Party", "PolicyId": "MS.EXO.15.2v1", - "ReportDetails": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See \u003ca href=\"https://github.com/cisagov/ScubaGear/blob/v1.2.0/PowerShell/ScubaGear/baselines/exo.md#msexo152v1\" target=\"_blank\"\u003eSecure Configuration Baseline policy\u003c/a\u003e for instructions on manual check.", + "ReportDetails": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See \u003ca href=\"https://github.com/cisagov/ScubaGear/blob/v1.3.0/PowerShell/ScubaGear/baselines/exo.md#msexo152v1\" target=\"_blank\"\u003eSecure Configuration Baseline policy\u003c/a\u003e for instructions on manual check.", "RequirementMet": false }, { @@ -1011,7 +1041,7 @@ ], "Criticality": "Should/3rd Party", "PolicyId": "MS.EXO.15.3v1", - "ReportDetails": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See \u003ca href=\"https://github.com/cisagov/ScubaGear/blob/v1.2.0/PowerShell/ScubaGear/baselines/exo.md#msexo153v1\" target=\"_blank\"\u003eSecure Configuration Baseline policy\u003c/a\u003e for instructions on manual check.", + "ReportDetails": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See \u003ca href=\"https://github.com/cisagov/ScubaGear/blob/v1.3.0/PowerShell/ScubaGear/baselines/exo.md#msexo153v1\" target=\"_blank\"\u003eSecure Configuration Baseline policy\u003c/a\u003e for instructions on manual check.", "RequirementMet": false }, { @@ -1023,7 +1053,7 @@ ], "Criticality": "Should/3rd Party", "PolicyId": "MS.EXO.16.2v1", - "ReportDetails": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See \u003ca href=\"https://github.com/cisagov/ScubaGear/blob/v1.2.0/PowerShell/ScubaGear/baselines/exo.md#msexo162v1\" target=\"_blank\"\u003eSecure Configuration Baseline policy\u003c/a\u003e for instructions on manual check.", + "ReportDetails": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See \u003ca href=\"https://github.com/cisagov/ScubaGear/blob/v1.3.0/PowerShell/ScubaGear/baselines/exo.md#msexo162v1\" target=\"_blank\"\u003eSecure Configuration Baseline policy\u003c/a\u003e for instructions on manual check.", "RequirementMet": false }, { @@ -1035,11 +1065,12 @@ ], "Criticality": "Should/3rd Party", "PolicyId": "MS.EXO.9.2v1", - "ReportDetails": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See \u003ca href=\"https://github.com/cisagov/ScubaGear/blob/v1.2.0/PowerShell/ScubaGear/baselines/exo.md#msexo92v1\" target=\"_blank\"\u003eSecure Configuration Baseline policy\u003c/a\u003e for instructions on manual check.", + "ReportDetails": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See \u003ca href=\"https://github.com/cisagov/ScubaGear/blob/v1.3.0/PowerShell/ScubaGear/baselines/exo.md#msexo92v1\" target=\"_blank\"\u003eSecure Configuration Baseline policy\u003c/a\u003e for instructions on manual check.", "RequirementMet": false }, { "ActualValue": [ + "NotInOrganization", "NotInOrganization" ], "Commandlet": [ @@ -1058,8 +1089,7 @@ "log": [ "@{query_method=traditional; query_name=selector1._domainkey.tqhjy.onmicrosoft.com; query_result=Query returned NXDomain}", "@{query_method=traditional; query_name=selector2._domainkey.tqhjy.onmicrosoft.com; query_result=Query returned NXDomain}", - "@{query_method=traditional; query_name=selector1-example-mail-onmicrosoft-com._domainkey.tqhjy.onmicrosoft.com; query_result=Query returned NXDomain}", - "@{query_method=traditional; query_name=selector2-example-mail-onmicrosoft-com._domainkey.tqhjy.onmicrosoft.com; query_result=Query returned NXDomain}" + "@{query_method=traditional; query_name=selector1-tqhjy-onmicrosoft-com._domainkey.tqhjy.onmicrosoft.com; query_result=Query returned 2 txt records}" ], "rdata": [ @@ -1096,14 +1126,14 @@ "ObjectState": "Unchanged", "OrganizationId": "NAMPR09A006.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - NAMPR09A006.PROD.OUTLOOK.COM/ConfigurationUnits/tqhjy.onmicrosoft.com/Configuration", "OrganizationalUnitRoot": "tqhjy.onmicrosoft.com", - "OriginatingServer": "DM5PR09A006DC10.NAMPR09A006.PROD.OUTLOOK.COM", + "OriginatingServer": "MWHPR09A006DC08.NAMPR09A006.PROD.OUTLOOK.COM", "RotateOnDate": "Date(1653949318610)", "Selector1CNAME": "selector1-tqhjy-onmicrosoft-com._domainkey.tqhjy.onmicrosoft.com", "Selector1KeySize": 2048, - "Selector1PublicKey": "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn/z5b0VYtWAnksnJLIo1HiKP5j0sTa93y6eIe7eRn3EfCMfnw4f0Ew6wmX/2NIsszvF0XG0mkdffCVsUa5WnzDvfhR5fkSMqGI/I4JaR+b8qHdNToVesTbk/kFv+j41TcxWgJw1j4Xeo6URJG6qx1ujh6zshr21/frskm/tq7Qlp7LpQn1uiHDO2g1If9tlvKRxOzxMV8ldzIjU4MKsLlUDLIj/LjezemQXiPsZqrMOe0Kqs3Tusv6IoWKaQpiiooIhsH+0fI2JXyjJu7623jOIAuDtl7YHdR6cC7umMq44tAgEL9Uf8IHv02FoM0B3nSIzs9ier9X4E0/exampleQIDAQAB;", + "Selector1PublicKey": "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAohoPDhGToRO8y7acaWL2w15wsCmwabxgTwODro2c1BeRYXfnUMStICo3w4ZrYDtGZDSA7hm0x7OHujF1CoQnXiBmrQ154wtomPyx3Op/VC6+b9di4z15XBvhXh/fLBUdEJ6wsybMLmQ+WPQA6vsM3UN5Cv5rl2SylFoM//eLmw5R6NmMIj3GQg9b+vQl2cKNXqII2gZrB07P6xt2wW1VA/LPjdRFUEys9YzBgOqM53VaODWDXDIvUH/nPRVAtOEsV19u66jyzZnzcz9a7ATxizix7DnySzI3koVlOGi/+dLx8FYIAZ/75wkH1O/gH8/n4C66uwRm/example+QIDAQAB;", "Selector2CNAME": "selector2-tqhjy-onmicrosoft-com._domainkey.tqhjy.onmicrosoft.com", "Selector2KeySize": 2048, - "Selector2PublicKey": "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyVK8DFIgYjps1Ckt4UjOQiBMqpb9G1WiwIci61Amx0sQzZTD8xb8rRSboEm89e5WRChcpZe7FN7XveJtbWYHmp4+e4niN5wGHaDt7NoCdTQ6dgRdyPa0d4Yf8si1uYYu7iC4LkQMI/zSLAQAQWEEHKqqJPHoAAbyKEuj8vynlWGsCAaprqOjyPqciy4YfcYd5ZISmpY5yJ/FNIrc2FeZjSPb65XzYMtgTbP9xC7lK6kGnBJDKqHaccXhVyvkl39AX4VkMzuVTlZbr120T+zMFDLNCJeNMBabl8JcrL0OYRule+75C3bPO4u/cZ1TmAGknX7apzvavEK2ByexampleQIDAQAB;", + "Selector2PublicKey": "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0N9/MWtBA7REPZSGKz9hfYIgF5jm5uri7RVSkaptlnvK0AI6jmJ4TvZ4beFzrfJDh6cIt5gX0UqnTzF9/0UZeyfRuUQAUew/sXU8FZXEnt+Bxr9k8PkAaqr2ksYhY/n46DxrWu1X/Cz7tye5FBnsTbyI6PnaBCfcgzwFnULaojUtdqSQGF7dt4HcyZGnUX1YLNwhp4Lyi9g1bZF6EdNMYHuKXFIsRo5qmEMagIsi557jGlGNTqTKJ9aZWGiCgjFJ14mTUN/itKXb5RqBAfG9KeZQXk6hWGTe7H9lVOshMZgV4t0FyaisrGg5GselbKZukxcA8xsOndexampleAQIDAQAB;", "SelectorAfterRotateOnDate": "selector2", "SelectorBeforeRotateOnDate": "selector1", "Status": "Valid", @@ -1197,7 +1227,7 @@ "OrganizationFederatedMailbox": "FederatedEmail.4c1f4d8b-8179-4148-93bf-00a95fa1e042@tqhjy.onmicrosoft.com", "OrganizationId": "NAMPR09A006.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - NAMPR09A006.PROD.OUTLOOK.COM/ConfigurationUnits/tqhjy.onmicrosoft.com/Configuration", "OrganizationalUnitRoot": "tqhjy.onmicrosoft.com", - "OriginatingServer": "DM5PR09A006DC10.NAMPR09A006.PROD.OUTLOOK.COM", + "OriginatingServer": "MWHPR09A006DC08.NAMPR09A006.PROD.OUTLOOK.COM", "OtherWellKnownObjects": [ ], @@ -1247,8 +1277,8 @@ "TransportRuleSizeLimit": "8 KB (8,192 bytes)", "VerifySecureSubmitEnabled": false, "VoicemailJournalingEnabled": true, - "WhenChanged": "Date(1712118761000)", - "WhenChangedUTC": "Date(1712118761000)", + "WhenChanged": "Date(1717562155000)", + "WhenChangedUTC": "Date(1717562155000)", "WhenCreated": "Date(1619484398000)", "WhenCreatedUTC": "Date(1619484398000)", "Xexch50Enabled": true @@ -1287,7 +1317,7 @@ "ObjectState": "Changed", "OrganizationId": "NAMPR09A006.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - NAMPR09A006.PROD.OUTLOOK.COM/ConfigurationUnits/tqhjy.onmicrosoft.com/Configuration", "OrganizationalUnitRoot": "tqhjy.onmicrosoft.com", - "OriginatingServer": "DM5PR09A006DC10.NAMPR09A006.PROD.OUTLOOK.COM", + "OriginatingServer": "MWHPR09A006DC08.NAMPR09A006.PROD.OUTLOOK.COM", "WhenChanged": "Date(1691164284000)", "WhenChangedUTC": "Date(1691164284000)", "WhenCreated": "Date(1619484547000)", @@ -1327,7 +1357,7 @@ "ObjectState": "Changed", "OrganizationId": "NAMPR09A006.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - NAMPR09A006.PROD.OUTLOOK.COM/ConfigurationUnits/tqhjy.onmicrosoft.com/Configuration", "OrganizationalUnitRoot": "tqhjy.onmicrosoft.com", - "OriginatingServer": "DM5PR09A006DC10.NAMPR09A006.PROD.OUTLOOK.COM", + "OriginatingServer": "MWHPR09A006DC08.NAMPR09A006.PROD.OUTLOOK.COM", "WhenChanged": "Date(1691164284000)", "WhenChangedUTC": "Date(1691164284000)", "WhenCreated": "Date(1619484547000)", @@ -1371,9 +1401,9 @@ "ObjectState": "Unchanged", "OrganizationId": "NAMPR09A006.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - NAMPR09A006.PROD.OUTLOOK.COM/ConfigurationUnits/tqhjy.onmicrosoft.com/Configuration", "OrganizationalUnitRoot": "tqhjy.onmicrosoft.com", - "OriginatingServer": "DM5PR09A006DC10.NAMPR09A006.PROD.OUTLOOK.COM", - "WhenChanged": "Date(1712119159000)", - "WhenChangedUTC": "Date(1712119159000)", + "OriginatingServer": "MWHPR09A006DC08.NAMPR09A006.PROD.OUTLOOK.COM", + "WhenChanged": "Date(1717562554000)", + "WhenChangedUTC": "Date(1717562554000)", "WhenCreated": "Date(1619484586000)", "WhenCreatedUTC": "Date(1619484586000)" } @@ -1415,9 +1445,9 @@ "ObjectState": "Unchanged", "OrganizationId": "NAMPR09A006.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - NAMPR09A006.PROD.OUTLOOK.COM/ConfigurationUnits/tqhjy.onmicrosoft.com/Configuration", "OrganizationalUnitRoot": "tqhjy.onmicrosoft.com", - "OriginatingServer": "DM5PR09A006DC10.NAMPR09A006.PROD.OUTLOOK.COM", - "WhenChanged": "Date(1712119159000)", - "WhenChangedUTC": "Date(1712119159000)", + "OriginatingServer": "MWHPR09A006DC08.NAMPR09A006.PROD.OUTLOOK.COM", + "WhenChanged": "Date(1717562554000)", + "WhenChangedUTC": "Date(1717562554000)", "WhenCreated": "Date(1619484586000)", "WhenCreatedUTC": "Date(1619484586000)" } @@ -1640,7 +1670,7 @@ ], "Criticality": "Shall/Not-Implemented", "PolicyId": "MS.POWERPLATFORM.4.1v1", - "ReportDetails": "This product does not currently have the capability to check compliance for this policy. See \u003ca href=\"https://github.com/cisagov/ScubaGear/blob/v1.2.0/PowerShell/ScubaGear/baselines/powerplatform.md#mspowerplatform41v1\" target=\"_blank\"\u003eSecure Configuration Baseline policy\u003c/a\u003e for instructions on manual check", + "ReportDetails": "This product does not currently have the capability to check compliance for this policy. See \u003ca href=\"https://github.com/cisagov/ScubaGear/blob/v1.3.0/PowerShell/ScubaGear/baselines/powerplatform.md#mspowerplatform41v1\" target=\"_blank\"\u003eSecure Configuration Baseline policy\u003c/a\u003e for instructions on manual check", "RequirementMet": false }, { @@ -1652,7 +1682,7 @@ ], "Criticality": "Should/Not-Implemented", "PolicyId": "MS.POWERPLATFORM.3.2v1", - "ReportDetails": "This product does not currently have the capability to check compliance for this policy. See \u003ca href=\"https://github.com/cisagov/ScubaGear/blob/v1.2.0/PowerShell/ScubaGear/baselines/powerplatform.md#mspowerplatform32v1\" target=\"_blank\"\u003eSecure Configuration Baseline policy\u003c/a\u003e for instructions on manual check", + "ReportDetails": "This product does not currently have the capability to check compliance for this policy. See \u003ca href=\"https://github.com/cisagov/ScubaGear/blob/v1.3.0/PowerShell/ScubaGear/baselines/powerplatform.md#mspowerplatform32v1\" target=\"_blank\"\u003eSecure Configuration Baseline policy\u003c/a\u003e for instructions on manual check", "RequirementMet": false }, { @@ -1663,21 +1693,21 @@ "Get-DlpPolicy" ], "Criticality": "Should", - "PolicyId": "MS.POWERPLATFORM.2.2v1", + "PolicyId": "MS.POWERPLATFORM.2.3v1", "ReportDetails": "Requirement met", "RequirementMet": true }, { "ActualValue": [ - + "407cbeff-b477-e3b4-9ca7-097888a9ec4e" ], "Commandlet": [ "Get-DlpPolicy" ], "Criticality": "Should", - "PolicyId": "MS.POWERPLATFORM.2.3v1", - "ReportDetails": "Requirement met", - "RequirementMet": true + "PolicyId": "MS.POWERPLATFORM.2.2v1", + "ReportDetails": "1 Subsequent environments without DLP policies: 407cbeff-b477-e3b4-9ca7-097888a9ec4e", + "RequirementMet": false }, { "ActualValue": [ @@ -1701,8 +1731,8 @@ ], "Criticality": "Shall/Not-Implemented", - "PolicyId": "MS.SHAREPOINT.1.2v1", - "ReportDetails": "This product does not currently have the capability to check compliance for this policy. See \u003ca href=\"https://github.com/cisagov/ScubaGear/blob/v1.2.0/PowerShell/ScubaGear/baselines/sharepoint.md#mssharepoint12v1\" target=\"_blank\"\u003eSecure Configuration Baseline policy\u003c/a\u003e for instructions on manual check", + "PolicyId": "MS.SHAREPOINT.4.1v1", + "ReportDetails": "This product does not currently have the capability to check compliance for this policy. See \u003ca href=\"https://github.com/cisagov/ScubaGear/blob/v1.3.0/PowerShell/ScubaGear/baselines/sharepoint.md#mssharepoint41v1\" target=\"_blank\"\u003eSecure Configuration Baseline policy\u003c/a\u003e for instructions on manual check", "RequirementMet": false }, { @@ -1710,11 +1740,11 @@ ], "Commandlet": [ - + "Get-SPOTenant" ], "Criticality": "Shall/Not-Implemented", - "PolicyId": "MS.SHAREPOINT.3.2v1", - "ReportDetails": "This product does not currently have the capability to check compliance for this policy. See \u003ca href=\"https://github.com/cisagov/ScubaGear/blob/v1.2.0/PowerShell/ScubaGear/baselines/sharepoint.md#mssharepoint32v1\" target=\"_blank\"\u003eSecure Configuration Baseline policy\u003c/a\u003e for instructions on manual check", + "PolicyId": "MS.SHAREPOINT.3.1v1", + "ReportDetails": "This policy is only applicable if External Sharing is set to any value other than Anyone. See \u003ca href=\"https://github.com/cisagov/ScubaGear/blob/v1.3.0/PowerShell/ScubaGear/baselines/sharepoint.md#mssharepoint31v1\" target=\"_blank\"\u003eSecure Configuration Baseline policy\u003c/a\u003e for more info", "RequirementMet": false }, { @@ -1722,58 +1752,55 @@ ], "Commandlet": [ - + "Get-SPOTenant", + "Get-PnPTenant" ], "Criticality": "Shall/Not-Implemented", - "PolicyId": "MS.SHAREPOINT.4.1v1", - "ReportDetails": "This product does not currently have the capability to check compliance for this policy. See \u003ca href=\"https://github.com/cisagov/ScubaGear/blob/v1.2.0/PowerShell/ScubaGear/baselines/sharepoint.md#mssharepoint41v1\" target=\"_blank\"\u003eSecure Configuration Baseline policy\u003c/a\u003e for instructions on manual check", + "PolicyId": "MS.SHAREPOINT.1.3v1", + "ReportDetails": "This policy is only applicable if External Sharing is set to any value other than Only People In Your Organization. See \u003ca href=\"https://github.com/cisagov/ScubaGear/blob/v1.3.0/PowerShell/ScubaGear/baselines/sharepoint.md#mssharepoint13v1\" target=\"_blank\"\u003eSecure Configuration Baseline policy\u003c/a\u003e for more info", "RequirementMet": false }, { "ActualValue": [ - true, - 0 + ], "Commandlet": [ "Get-SPOTenant", "Get-PnPTenant" ], - "Criticality": "Shall", + "Criticality": "Shall/Not-Implemented", "PolicyId": "MS.SHAREPOINT.1.4v1", - "ReportDetails": "Requirement met", - "RequirementMet": true + "ReportDetails": "This policy is only applicable if External Sharing is set to any value other than Only People In Your Organization. See \u003ca href=\"https://github.com/cisagov/ScubaGear/blob/v1.3.0/PowerShell/ScubaGear/baselines/sharepoint.md#mssharepoint14v1\" target=\"_blank\"\u003eSecure Configuration Baseline policy\u003c/a\u003e for more info", + "RequirementMet": false }, { "ActualValue": [ - 0 + ], "Commandlet": [ "Get-SPOTenant", "Get-PnPTenant" ], - "Criticality": "Shall", - "PolicyId": "MS.SHAREPOINT.1.1v1", - "ReportDetails": "Requirement met", - "RequirementMet": true + "Criticality": "Shall/Not-Implemented", + "PolicyId": "MS.SHAREPOINT.3.2v1", + "ReportDetails": "This policy is only applicable if External Sharing is set to any value other than Anyone. See \u003ca href=\"https://github.com/cisagov/ScubaGear/blob/v1.3.0/PowerShell/ScubaGear/baselines/sharepoint.md#mssharepoint32v1\" target=\"_blank\"\u003eSecure Configuration Baseline policy\u003c/a\u003e for more info", + "RequirementMet": false }, { "ActualValue": [ - 0, - true, - 30 + ], "Commandlet": [ "Get-SPOTenant", "Get-PnPTenant" ], - "Criticality": "Shall", + "Criticality": "Shall/Not-Implemented", "PolicyId": "MS.SHAREPOINT.3.3v1", - "ReportDetails": "Requirement met", - "RequirementMet": true + "ReportDetails": "External Sharing is set to Only People In Your Organization. This policy is only applicable if External Sharing is set to any value other than Only People In Your Organization or Existing Guests. See \u003ca href=\"https://github.com/cisagov/ScubaGear/blob/v1.3.0/PowerShell/ScubaGear/baselines/sharepoint.md#mssharepoint33v1\" target=\"_blank\"\u003eSecure Configuration Baseline policy\u003c/a\u003e for more info", + "RequirementMet": false }, { "ActualValue": [ - 0, 0 ], "Commandlet": [ @@ -1781,21 +1808,20 @@ "Get-PnPTenant" ], "Criticality": "Shall", - "PolicyId": "MS.SHAREPOINT.1.3v1", - "ReportDetails": "Requirement met: external sharing is set to Only People In Organization", + "PolicyId": "MS.SHAREPOINT.1.1v1", + "ReportDetails": "Requirement met", "RequirementMet": true }, { "ActualValue": [ - 0, - 30 + 0 ], "Commandlet": [ "Get-SPOTenant", "Get-PnPTenant" ], "Criticality": "Shall", - "PolicyId": "MS.SHAREPOINT.3.1v1", + "PolicyId": "MS.SHAREPOINT.1.2v1", "ReportDetails": "Requirement met", "RequirementMet": true }, @@ -1808,35 +1834,35 @@ "Get-PnPTenant" ], "Criticality": "Shall", - "PolicyId": "MS.SHAREPOINT.2.2v1", + "PolicyId": "MS.SHAREPOINT.2.1v1", "ReportDetails": "Requirement met", "RequirementMet": true }, { "ActualValue": [ - 2 + 1 ], "Commandlet": [ - "Get-SPOSite", - "Get-PnPTenantSite" + "Get-SPOTenant", + "Get-PnPTenant" ], "Criticality": "Shall", - "PolicyId": "MS.SHAREPOINT.4.2v1", + "PolicyId": "MS.SHAREPOINT.2.2v1", "ReportDetails": "Requirement met", "RequirementMet": true }, { "ActualValue": [ - 3 + 2 ], "Commandlet": [ - "Get-SPOTenant", - "Get-PnPTenant" + "Get-SPOSite", + "Get-PnPTenantSite" ], "Criticality": "Shall", - "PolicyId": "MS.SHAREPOINT.2.1v1", - "ReportDetails": "Requirement not met", - "RequirementMet": false + "PolicyId": "MS.SHAREPOINT.4.2v1", + "ReportDetails": "Requirement met", + "RequirementMet": true }, { "ActualValue": false, @@ -1877,7 +1903,7 @@ ], "Criticality": "Shall/3rd Party", "PolicyId": "MS.TEAMS.6.1v1", - "ReportDetails": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See \u003ca href=\"https://github.com/cisagov/ScubaGear/blob/v1.2.0/PowerShell/ScubaGear/baselines/teams.md#msteams61v1\" target=\"_blank\"\u003eSecure Configuration Baseline policy\u003c/a\u003e for instructions on manual check.", + "ReportDetails": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See \u003ca href=\"https://github.com/cisagov/ScubaGear/blob/v1.3.0/PowerShell/ScubaGear/baselines/teams.md#msteams61v1\" target=\"_blank\"\u003eSecure Configuration Baseline policy\u003c/a\u003e for instructions on manual check.", "RequirementMet": false }, { @@ -1889,7 +1915,7 @@ ], "Criticality": "Shall/3rd Party", "PolicyId": "MS.TEAMS.6.2v1", - "ReportDetails": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See \u003ca href=\"https://github.com/cisagov/ScubaGear/blob/v1.2.0/PowerShell/ScubaGear/baselines/teams.md#msteams62v1\" target=\"_blank\"\u003eSecure Configuration Baseline policy\u003c/a\u003e for instructions on manual check.", + "ReportDetails": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See \u003ca href=\"https://github.com/cisagov/ScubaGear/blob/v1.3.0/PowerShell/ScubaGear/baselines/teams.md#msteams62v1\" target=\"_blank\"\u003eSecure Configuration Baseline policy\u003c/a\u003e for instructions on manual check.", "RequirementMet": false }, { @@ -1901,7 +1927,7 @@ ], "Criticality": "Should/3rd Party", "PolicyId": "MS.TEAMS.7.1v1", - "ReportDetails": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See \u003ca href=\"https://github.com/cisagov/ScubaGear/blob/v1.2.0/PowerShell/ScubaGear/baselines/teams.md#msteams71v1\" target=\"_blank\"\u003eSecure Configuration Baseline policy\u003c/a\u003e for instructions on manual check.", + "ReportDetails": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See \u003ca href=\"https://github.com/cisagov/ScubaGear/blob/v1.3.0/PowerShell/ScubaGear/baselines/teams.md#msteams71v1\" target=\"_blank\"\u003eSecure Configuration Baseline policy\u003c/a\u003e for instructions on manual check.", "RequirementMet": false }, { @@ -1913,7 +1939,7 @@ ], "Criticality": "Should/3rd Party", "PolicyId": "MS.TEAMS.7.2v1", - "ReportDetails": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See \u003ca href=\"https://github.com/cisagov/ScubaGear/blob/v1.2.0/PowerShell/ScubaGear/baselines/teams.md#msteams72v1\" target=\"_blank\"\u003eSecure Configuration Baseline policy\u003c/a\u003e for instructions on manual check.", + "ReportDetails": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See \u003ca href=\"https://github.com/cisagov/ScubaGear/blob/v1.3.0/PowerShell/ScubaGear/baselines/teams.md#msteams72v1\" target=\"_blank\"\u003eSecure Configuration Baseline policy\u003c/a\u003e for instructions on manual check.", "RequirementMet": false }, { @@ -1925,7 +1951,7 @@ ], "Criticality": "Should/3rd Party", "PolicyId": "MS.TEAMS.8.1v1", - "ReportDetails": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See \u003ca href=\"https://github.com/cisagov/ScubaGear/blob/v1.2.0/PowerShell/ScubaGear/baselines/teams.md#msteams81v1\" target=\"_blank\"\u003eSecure Configuration Baseline policy\u003c/a\u003e for instructions on manual check.", + "ReportDetails": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See \u003ca href=\"https://github.com/cisagov/ScubaGear/blob/v1.3.0/PowerShell/ScubaGear/baselines/teams.md#msteams81v1\" target=\"_blank\"\u003eSecure Configuration Baseline policy\u003c/a\u003e for instructions on manual check.", "RequirementMet": false }, { @@ -1937,7 +1963,7 @@ ], "Criticality": "Should/3rd Party", "PolicyId": "MS.TEAMS.8.2v1", - "ReportDetails": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See \u003ca href=\"https://github.com/cisagov/ScubaGear/blob/v1.2.0/PowerShell/ScubaGear/baselines/teams.md#msteams82v1\" target=\"_blank\"\u003eSecure Configuration Baseline policy\u003c/a\u003e for instructions on manual check.", + "ReportDetails": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manually review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure that when running ScubaGear defender is in the ProductNames parameter. Then, manually review the corresponding Defender for Office 365 policy that fulfills the requirements of this policy. See \u003ca href=\"https://github.com/cisagov/ScubaGear/blob/v1.3.0/PowerShell/ScubaGear/baselines/teams.md#msteams82v1\" target=\"_blank\"\u003eSecure Configuration Baseline policy\u003c/a\u003e for instructions on manual check.", "RequirementMet": false }, {