Open Nav
Sign Up

CISA Releases Microsoft 365 Secure Configuration Baselines and SCuBAGear Tool

Microsoft releases scubagear

Bar Refael

January 9, 2024

The Cybersecurity and Infrastructure Security Agency (CISA) has released the finalized Microsoft 365 Secure Configuration Baselines. This important development is aimed at enhancing the security and resilience of organizations using Microsoft 365 (M365) cloud services. Complementing this release is the updated SCuBAGear tool, designed to help organizations assess their M365 cloud services against CISA’s recommended baselines.

Microsoft 365 Secure Configuration Baselines:

  • Objective: To provide organizations with comprehensive guidelines for securely configuring their M365 environments.
  • Contents: The baselines cover a range of configurations for various M365 services, focusing on best practices in areas like identity and access management, data protection, and threat prevention.

SCuBAGear Tool:

  • Functionality: SCuBAGear is an assessment tool that evaluates the alignment of an organization’s M365 configurations with CISA’s security baselines.
  • Enhancements: The tool now features increased automation, streamlining the assessment process and reducing the effort required by organizations.

Development and Feedback Integration:

  • Stakeholder Input: The final release incorporates feedback gathered during a public comment period and a pilot program with federal agencies.
  • Improvements: Changes based on this feedback have been integrated, enhancing the effectiveness and usability of both the baselines and the SCuBAGear tool.

Recommendations for Organizations:

  • Baseline Review and Implementation: Carefully review the Microsoft 365 Secure Configuration Baselines and implement the recommended configurations for enhanced security.
  • Use of SCuBAGear Tool: Employ the SCuBAGear tool to assess and align your organization’s M365 configurations with CISA’s guidelines.
  • Stay Informed: Follow updates on CISA’s blog and reach out to CISA’s Cybersecurity Shared Services Office for further support and guidance.

The release of the Microsoft 365 Secure Configuration Baselines and the SCuBAGear tool represents a crucial step in supporting organizations to strengthen their M365 cloud service security. Adhering to these guidelines and utilizing the assessment tool can significantly improve an organization’s cybersecurity posture in the cloud.

Resources highlights

‘UMBRELLA STAND’ Malware Targets Fortinet FortiGate Firewalls

‘UMBRELLA STAND’ Malware Targets Fortinet FortiGate Firewalls The UK’s National Cyber Security Centre (NCSC) has issued an alert regarding a sophisticated malware campaign dubbed “UMBRELLA…

Read more >

umbrella stand fortinet

CVE-2025-49144: Privilege Escalation in Notepad++ Installer Enables Full SYSTEM Access

A critical local privilege escalation vulnerability in the Notepad++ v8.8.1 installer allows attackers to escalate to NT AUTHORITY\SYSTEM using binary planting techniques. Tracked as CVE-2025-49144,…

Read more >

CVE-2025-49144

Our Red Team’s Favorite Penetration Testing Tools in 2025 (And How We Use Them)

When it comes to red team operations, the tools you choose can make or break the engagement. From initial reconnaissance to post-exploitation, having a streamlined,…

Read more >

pentesting tools - op

New Linux Vulnerabilities (CVE-2025-6018 & CVE-2025-6019) Enable Full Root Access in Seconds

Security researchers have uncovered a critical privilege escalation chain in major Linux distributions that allows any local user with a session (SSH or GUI) to…

Read more >

CVE-2025-6018, CVE-2025-6019

Zero to Hero: How Our Red Team Turned a Sticky Note Into Full Cloud Compromise

“The weakest link in your security chain might be sitting right on your desk.” At OP Innovate, our CREST-certified red team is trained to think…

Read more >

OP Innovate Red Team

One-Third of All Grafana Instances Vulnerable to XSS (CVE-2025-4123)

Over 46,000 internet-facing Grafana servers (≈36 % of those online) are still running versions susceptible to CVE-2025-4123, a high-severity open-redirect that chains into stored cross-site…

Read more >

CVE-2025-4123
Under Cyber Attack?

Fill out the form and we will contact you immediately.