M365FoundationsCISReport

Invoke-M365SecurityAudit

Invokes a security audit for Microsoft 365 environments.

The Invoke-M365SecurityAudit cmdlet performs a comprehensive security audit based on the specified parameters. It allows auditing of various configurations and settings within a Microsoft 365 environment, such as compliance
with CIS benchmarks.

Syntax 

Invoke-M365SecurityAudit -TenantAdminUrl <String> -DomainName <String> [-DoNotConnect] [-DoNotDisconnect] [-NoModuleCheck] [-WhatIf] [-Confirm] [<CommonParameters>]

Invoke-M365SecurityAudit -TenantAdminUrl <String> -DomainName <String> [-ELevel <String>] [-ProfileLevel <String>] [-DoNotConnect] [-DoNotDisconnect] [-NoModuleCheck] [-WhatIf] [-Confirm] [<CommonParameters>]

Invoke-M365SecurityAudit -TenantAdminUrl <String> -DomainName <String> [-IncludeIG1] [-DoNotConnect] [-DoNotDisconnect] [-NoModuleCheck] [-WhatIf] [-Confirm] [<CommonParameters>]

Invoke-M365SecurityAudit -TenantAdminUrl <String> -DomainName <String> [-IncludeIG2] [-DoNotConnect] [-DoNotDisconnect] [-NoModuleCheck] [-WhatIf] [-Confirm] [<CommonParameters>]

Invoke-M365SecurityAudit -TenantAdminUrl <String> -DomainName <String> [-IncludeIG3] [-DoNotConnect] [-DoNotDisconnect] [-NoModuleCheck] [-WhatIf] [-Confirm] [<CommonParameters>]

Invoke-M365SecurityAudit -TenantAdminUrl <String> -DomainName <String> [-IncludeRecommendation <String[]>] [-DoNotConnect] [-DoNotDisconnect] [-NoModuleCheck] [-WhatIf] [-Confirm] [<CommonParameters>]

Invoke-M365SecurityAudit -TenantAdminUrl <String> -DomainName <String> [-SkipRecommendation <String[]>] [-DoNotConnect] [-DoNotDisconnect] [-NoModuleCheck] [-WhatIf] [-Confirm] [<CommonParameters>]

Parameters

Name Alias Description Required? Pipeline Input Default Value
-TenantAdminUrl The URL of the tenant admin. This parameter is mandatory. true false
-DomainName The domain name of the Microsoft 365 environment. This parameter is mandatory. true false
-ELevel Specifies the E-Level (E3 or E5) for the audit. This parameter is optional and can be combined with the ProfileLevel parameter. false false
-ProfileLevel Specifies the profile level (L1 or L2) for the audit. This parameter is optional and can be combined with the ELevel parameter. false false
-IncludeIG1 If specified, includes tests where IG1 is true. false false False
-IncludeIG2 If specified, includes tests where IG2 is true. false false False
-IncludeIG3 If specified, includes tests where IG3 is true. false false False
-IncludeRecommendation Specifies specific recommendations to include in the audit. Accepts an array of recommendation numbers. false false
-SkipRecommendation Specifies specific recommendations to exclude from the audit. Accepts an array of recommendation numbers. false false
-DoNotConnect If specified, the cmdlet will not establish a connection to Microsoft 365 services. false false False
-DoNotDisconnect If specified, the cmdlet will not disconnect from Microsoft 365 services after execution. false false False
-NoModuleCheck If specified, the cmdlet will not check for the presence of required modules. false false False
-WhatIf wi false false
-Confirm cf false false

Inputs

The input type is the type of the objects that you can pipe to the cmdlet.

  • None. You cannot pipe objects to Invoke-M365SecurityAudit.

Outputs

The output type is the type of the objects that the cmdlet emits.

  • CISAuditResult[] The cmdlet returns an array of CISAuditResult objects representing the results of the security audit.

Note

- This module is based on CIS benchmarks. - Governed by the Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License. - Commercial use is not permitted. This module cannot be sold or used for commercial purposes. - Modifications and sharing are allowed under the same license. - For full license details, visit: https://creativecommons.org/licenses/by-nc-sa/4.0/deed.en - Register for CIS Benchmarks at: https://www.cisecurity.org/cis-benchmarks

Examples

EXAMPLE 1 
Invoke-M365SecurityAudit -TenantAdminUrl "https://contoso-admin.sharepoint.com" -DomainName "contoso.com" -ELevel "E5" -ProfileLevel "L1"
Performs a security audit for the E5 level and L1 profile in the specified Microsoft 365 environment.
EXAMPLE 2 
Invoke-M365SecurityAudit -TenantAdminUrl "https://contoso-admin.sharepoint.com" -DomainName "contoso.com" -IncludeIG1
Performs an audit including all tests where IG1 is true.
EXAMPLE 3 
Invoke-M365SecurityAudit -TenantAdminUrl "https://contoso-admin.sharepoint.com" -DomainName "contoso.com" -SkipRecommendation '1.1.3', '2.1.1'
Performs an audit while excluding specific recommendations 1.1.3 and 2.1.1.
EXAMPLE 4 
$auditResults = Invoke-M365SecurityAudit -TenantAdminUrl "https://contoso-admin.sharepoint.com" -DomainName "contoso.com"
PS> $auditResults | Export-Csv -Path "auditResults.csv" -NoTypeInformation Captures the audit results into a variable and exports them to a CSV file.

Top of page

Links