rules/findings/EntraID/General/CIS4.0/eid-user-owned-apps-and-services-allowed.json
|
{
"args": [ ], "provider": "EntraID", "serviceType": "General", "serviceName": "Microsoft Entra ID", "displayName": "Ensure \u0027User owned apps and services\u0027 is restricted", "description": "\r\n\t\tBy default, users can install add-ins in their Microsoft Word, Excel, and PowerPoint applications, allowing data access within the application. \r\n\t\tDo not allow users to install add-ins in Word, Excel, or PowerPoint. \r\n ", "rationale": "\r\n\t\tAttackers commonly use vulnerable and custom-built add-ins to access data in user applications. \r\n\t\tWhile allowing users to install add-ins by themselves does allow them to easily acquire useful add-ins that integrate with Microsoft applications, it can represent a risk if not used and monitored carefully. \r\n\t\tDisable future user\u0027s ability to install add-ins in Microsoft Word, Excel, or PowerPoint helps reduce your threat-surface and mitigate this risk.\r\n ", "impact": "Implementation of this change will impact both end users and administrators. End users will not be able to install add-ins that they may want to install.", "remediation": { "text": "\r\n\t\t\tTo prohibit users installing Office Store add-ins and starting 365 trials: \r\n\t\t\t1. Navigate to Microsoft 365 admin center https://admin.microsoft.com. \r\n\t\t\t2. Click to expand Settings Select `Org settings\u0027. \r\n\t\t\t3. Under Services select User owned apps and services. \r\n\t\t\t4. Uncheck Let users access the Office Store and Let users start trials on behalf of your organization. \r\n\t\t\t5. Click Save. \r\n\t", "code": { "powerShell": null, "iac": null, "terraform": null, "other": null } }, "recommendation": null, "references": [ "https://learn.microsoft.com/en-us/microsoft-365/admin/setup/set-up-file-storage-and-sharing?view=o365-worldwide#enable-or-disable-third-party-storage-services" ], "compliance": [ { "name": "CIS Microsoft 365 Foundations Benchmark", "version": "3.1.0", "reference": "1.3.4", "profile": "E3 Level 1" } ], "level": "low", "tags": [ ], "rule": { "path": "aad_app_and_services", "subPath": null, "selectCondition": { }, "query": [ { "filter": [ { "conditions": [ [ "settings.isOfficeStoreEnabled", "ne", "false" ], [ "settings.isAppAndServicesTrialEnabled", "ne", "false" ] ], "operator": "or" } ] } ], "shouldExist": null, "returnObject": null, "removeIfNotExists": null }, "output": { "html": { "data": { "properties": { }, "expandObject": null }, "table": null, "decorate": [ ], "emphasis": [ ], "actions": { "objectData": { "properties": [ "*" ], "expandObject": null, "limit": null }, "showGoToButton": false, "showModalButton": false, "directLink": null } }, "text": { "data": { "properties": { }, "expandObject": null }, "status": { "keyName": [ ], "message": "Ensure \u0027User owned apps and services\u0027 is restricted", "defaultMessage": null }, "properties": { "resourceName": null, "resourceId": null, "resourceType": "EntraAppsAndServices" }, "onlyStatus": false } }, "idSuffix": "eid_user_owned_apps_and_services_allowed", "notes": [ ], "categories": [ ], "immutable_properties": [ ], "id": "entraid_1171" } |