Checks
Assessments that Attic Security performs on a cloud configuration are called "checks." Each check has its own unique number and verifies a specific setting.
Onboarding
- CHK-1000 - Microsoft Exchange Online Access
- CHK-1009 - Organization Customization Enabled
- CHK-1100 - AzureAD Access Check
- CHK-1107 & CHK-1108 - Attic in Named Locations
- CHK-1167 - Consider Conditional Access
- CHK-1338 - SecureScore Overall Statistics
AiTM
- CHK-1600 - Authenticity Seal Validator App
- CHK-1112 - Attic Monthly Report
- CHK-1111 - Log Monitoring
- CHK-1110 - Login Authenticity Seal
- CHK-1103 - Clone Intervention Screen
- CHK-1109 - Clone Detection
Phishing
- CHK-1071 - Mailbox rules baseline check
- CHK-1070 - Mailbox Forwarding Baselinecheck
- CHK-1069 - Anti-Impersonation
- [THEME] Phishing
- CHK-1023 - Label for email from external senders
- CHK-1048 - MailTips Enabled
Malware
Logging
- CHK-1001 - Audit logging coming in
- CHK-1002 - English version
- CHK-1003 - Mailbox auditing settings correct
- CHK-1055 - Mailbox auditing bypass enabled
- CHK-1067 - Mailbox Auditing should be enabled
- CHK-1137 - Admin without MFA
Access
- CHK-1021 - Modern authentication for Exchange Online
- CHK-1056 - Security Group Creation Allowed
- CHK-1150 - Disable AzureAD Sync Softmatch
- CHK-1155 - Gebruikers mogen geen tenants aanmaken
- CHK-1160 - Hidden management roles
- CHK-1320 - Customer Lockbox feature enabled
Strong Passwords
Break Glass Account
Multi Factor Authentication (MFA)
- CHK-1127 - Security Defaults Enabled
- CHK-1139 - MFA Passwordless Login
- CHK-1140 - Push Notifications Microsoft Authenticator
- CHK-1141 - MFA Number Matching
- CHK-1142 - App name in MS Authenticator
- CHK-1153 - Location in MS Authenticator
Email Protection
- CHK-1024 - Internal Spamfilter Enabled
- CHK-1025 - Malware Filter Policy Enabled
- CHK-1026 - Outbound Spam Filter Policy Enabled
- CHK-1028 - Email Content-Filter Policy
- CHK-1031 - Calendar Sharing With External Users Disabled
- CHK-1036 & CHK-1049 - Block Autoforwarding
OAuth Apps
- CHK-1120 - Register applications allowed for users
- CHK-1122 - Check for suspicious app consents
- CHK-1128 - User Consent Policies configured
- CHK-1138 - Check for suspicious admin consents
- CHK-1146 - Admin Consent Flow Enabled
- CHK-1174 - App ownership
Abnormal Behavior
Monitoring
Domain & DNS
Guests
Teams
System
- CHK-1149 - Bitlocker keys unreadable for users
- CHK-1165 - Restrict local administrators
- CHK-1166 - Global administrators not local administrators
- CHK-1169 - Windows LAPS and Entra ID
- CHK-1177 - Vulnerable Dynamic Groups
- CHK-1180 - Role Assignable Group Privilege Escalation