Open Nav
Sign Up

CISA Releases Microsoft 365 Secure Configuration Baselines and SCuBAGear Tool

Microsoft releases scubagear

Bar Refael

January 9, 2024

The Cybersecurity and Infrastructure Security Agency (CISA) has released the finalized Microsoft 365 Secure Configuration Baselines. This important development is aimed at enhancing the security and resilience of organizations using Microsoft 365 (M365) cloud services. Complementing this release is the updated SCuBAGear tool, designed to help organizations assess their M365 cloud services against CISA’s recommended baselines.

Microsoft 365 Secure Configuration Baselines:

  • Objective: To provide organizations with comprehensive guidelines for securely configuring their M365 environments.
  • Contents: The baselines cover a range of configurations for various M365 services, focusing on best practices in areas like identity and access management, data protection, and threat prevention.

SCuBAGear Tool:

  • Functionality: SCuBAGear is an assessment tool that evaluates the alignment of an organization’s M365 configurations with CISA’s security baselines.
  • Enhancements: The tool now features increased automation, streamlining the assessment process and reducing the effort required by organizations.

Development and Feedback Integration:

  • Stakeholder Input: The final release incorporates feedback gathered during a public comment period and a pilot program with federal agencies.
  • Improvements: Changes based on this feedback have been integrated, enhancing the effectiveness and usability of both the baselines and the SCuBAGear tool.

Recommendations for Organizations:

  • Baseline Review and Implementation: Carefully review the Microsoft 365 Secure Configuration Baselines and implement the recommended configurations for enhanced security.
  • Use of SCuBAGear Tool: Employ the SCuBAGear tool to assess and align your organization’s M365 configurations with CISA’s guidelines.
  • Stay Informed: Follow updates on CISA’s blog and reach out to CISA’s Cybersecurity Shared Services Office for further support and guidance.

The release of the Microsoft 365 Secure Configuration Baselines and the SCuBAGear tool represents a crucial step in supporting organizations to strengthen their M365 cloud service security. Adhering to these guidelines and utilizing the assessment tool can significantly improve an organization’s cybersecurity posture in the cloud.

Resources highlights

CVE-2026-21509: Actively Exploited Microsoft Office Security Bypass

CVE-2026-21509 is a zero-day security feature bypass vulnerability in Microsoft Office that has been confirmed as actively exploited in the wild. The flaw allows adversaries…

Read more >

cve-2026-21509

Guidance to Address Ongoing Exploitation of Fortinet SSO Vulnerability (CVE-2026-24858)

CVE-2026-24858 is a critical authentication bypass in FortiCloud Single Sign-On (SSO) that can allow an attacker with a FortiCloud account and a registered device to…

Read more >

cve-2026-24858

CVE-2024-37079: VMware vCenter Server DCERPC Heap Overflow (RCE)

CVE-2024-37079 is a critical remote code execution (RCE) vulnerability in VMware vCenter Server caused by a heap overflow in the DCERPC protocol implementation. On January…

Read more >

cve-2024-37079

CVE-2026-24061: GNU Inetutils telnetd Remote Authentication Bypass

CVE-2026-24061 is a pre-authentication remote authentication bypass in GNU Inetutils telnetd. The flaw carries a Critical CVSS:3.1 severity score of 9.8 and allows an attacker…

Read more >

CVE-2026-24061

CVE-2026-0227: PAN-OS GlobalProtect Denial-of-Service Vulnerability

CVE-2026-0227 is a high-severity denial-of-service vulnerability affecting Palo Alto Networks PAN-OS and Prisma Access deployments where GlobalProtect Gateway or Portal is enabled. The flaw allows…

Read more >

cve-2026-0227

CVE-2026-20805: Windows Desktop Window Manager (DWM) Zero-Day

CVE-2026-20805 is a Windows Desktop Window Manager (DWM) information disclosure vulnerability that has been exploited in the wild as a zero-day.While the CVSS v3.1 base…

Read more >

cve-2026-20805
Under Cyber Attack?

Fill out the form and we will contact you immediately.