Comply
Compliance Benchmarks
CIS Microsoft 365 benchmarks, security baselines, and compliance scoring.
Without a measurable baseline, security is subjective. Twenty-three compliance and governance risks in our register require demonstrable controls — not just policies. The CIS Microsoft 365 Benchmark v6.0.1 provides 170+ prescriptive checks that translate ISO 27001 requirements into verifiable tenant configurations. We measure your current state, remediate gaps, and provide ongoing scoring so that compliance is continuous, not a point-in-time exercise.
Foundation (Plan 1)
- Exchange CIS Fundamentals — CIS Microsoft 365 Foundations benchmark settings for Exchange Online
- SharePoint CIS Fundamentals — CIS Microsoft 365 Foundations benchmark settings for SharePoint Online
- Teams CIS Fundamentals — CIS Microsoft 365 Foundations benchmark settings for Microsoft Teams
- OneDrive CIS Fundamentals — CIS Microsoft 365 Foundations benchmark settings for OneDrive for Business
- Entra ID CIS Hardening (Identity) — CIS M365 v6.0.1 Entra ID hardening: guest access, consent, group creation, app registration, PIM approval, device join
- Entra ID CIS Hardening (Authentication) — CIS M365 v6.0.1 authentication hardening: device code flow, enrollment frequency, authenticator settings, email OTP, session controls
- Intune CIS Hardening — CIS M365 v6.0.1 Intune hardening: SecureByDefault, personal enrollment, Entra join, device quota, LAPS
- Microsoft Physical Access Controls — Microsoft-managed physical access controls for datacentres including monitoring, intrusion detection, and access logging
- Microsoft Environmental Protection — Microsoft-managed fire protection, water damage protection, emergency power, and environmental controls
- Microsoft Media Handling — Microsoft-managed media storage, sanitization, and disposal procedures
- Microsoft Datacentre Infrastructure — Microsoft-managed datacentre security including perimeter protection, cabling, and equipment protection
- Microsoft Equipment Maintenance — Microsoft-managed equipment maintenance and operational procedures
Added in Endpoint (Plan 2)
- Windows CIS L1 Benchmark — CIS Level 1 security baseline for Windows 11 Enterprise
- macOS CIS L1 Benchmark — CIS Level 1 security baseline for macOS
- Chrome CIS L1 Benchmark — CIS Level 1 security baseline for Google Chrome
- Edge CIS L1 Benchmark — CIS Level 1 security baseline for Microsoft Edge
What you receive
| Delivery Package | Duration | Stakeholders | Key Deliverables |
|---|---|---|---|
| CIS M365 Hardening | 5–12 days | IT Admin, Security Analyst | CIS assessment baseline report; Remediation plan (prioritised by risk); Deployed CIS-compliant configurations |
| Passwordless & FIDO2 Strategy | 5–15 days | CISO, IT Admin, End Users | Credential strategy document; Auth method registration policies; FIDO2 key deployment plan |
| CIS Endpoint Hardening | 5–15 days | IT Admin, Security Analyst | CIS L1 profiles per platform; Policy exception documentation; Compliance reporting baseline |
ISO 27001 controls covered
- A.5.1 Policies for Information Security
- A.5.15 Access Control
- A.5.16 Identity Management
- A.5.18 Access Rights
- A.7.1 Physical Security Perimeters
- A.7.10 Storage Media
- A.7.11 Supporting Utilities
- A.7.12 Cabling Security
- A.7.13 Equipment Maintenance
- A.7.14 Secure Disposal or Re-use of Equipment
- A.7.2 Physical Entry
- A.7.3 Securing Offices, Rooms and Facilities
- A.7.4 Physical Security Monitoring
- A.7.5 Protecting Against Physical and Environmental Threats
- A.7.8 Equipment Siting and Protection
- A.7.9 Security of Assets Off-Premises
- A.8.1 User Endpoint Devices
- A.8.15 Logging
- A.8.2 Privileged Access Rights
- A.8.21 Security of Network Services
- A.8.5 Secure Authentication
- A.8.9 Configuration Management