Description
- Type: CUSTOMER
- Severity: WARNING
- Protection against: HUMAN ERROR
- CIS: M365 2.2 - (L2) Ensure calendar details sharing with external users is disabled
- FIX Available: YES
This Customer Check verifies if calendar details sharing with external users is disabled.
Why this check?
When calendars are openly accessible, they provide a valuable source of information for attackers. This helps an attacker in preparation and helps to understand how the organization is internally structured or when employees are more vulnerable to an attack, for example, when they are traveling.
CIS Benchmarks
This measure aligns with the following item from the Center for Internet Security (CIS) Microsoft 365 Foundations Benchmark:
- CIS M365 2.2 - (L2) Ensure calendar details sharing with external users is disabled
What are the possible outcomes of the check?
This check has two possible outcomes. In Attic, this is reflected as follows:
- Okay: Calendar details sharing with external users is not enabled.
- Warning: A policy to allow calendar details sharing is enabled
How should this be followed up?
If the output is Warning , we advise disabling the SharingPolicy.
A Fix is available for this check, which we will offer via Attic.
Comments
0 comments
Please sign in to leave a comment.