Skip to content

v1.6.0

Latest
Latest

Choose a tag to compare

View all tags
@github-actions github-actions released this 09 Jul 00:48
v1.6.0
48238c2

Major Changes

  • Update MS.EXO.1.1 to support automatic forwarding for domains on allow list #1615 (see baselines section for more details)
  • Add support for dynamic Graph permissions generation for ScubaGear connections #1597
  • Include results for omitted policies in Scuba results JSON #1604
  • Add ScubaGear may not function properly message to ScubaGear dependency warning #1641
  • Add OPA support from v1.1.0 thru v1.3.0 #1550 #1659 #1669
  • Decreased the total number of Microsoft Graph dependencies and improved performance of Entra ID by switching to direct Graph API calls #1660 #1713
  • Added reporting for application and delegated permissions assigned to application/service principal objects #1682
  • Rehaul DNS error handling and add DNS log tables to the Exchange Online HTML report #1685
  • Added the capability to annotate results for individual policies. Annotated policies will be shown in the HTML with the
    annotation appended to the details column #1738
  • See full list of enhancements here

Bugs Fixed

  • Change Teams policy group 5 report details from indicating meeting policies to app permission policies #1601
  • Ignore coexistence domain for the DMARC controls #1563
  • Add fix for invalid JSON primitive issues related to risky service principals #1682
  • Add fix for the PowerPlatform DLP policy bug and remove Get-TenantDetailsFromGraph commandlet due to Azure AD Graph API deprecation #1723
  • See full list of bug fixes here

Baselines

BOD 25-01 required configuration policy changes

This section lists baseline policy changes that affect current BOD 25-01 Required Configurations.

Additions

No new required configuration policies added in this release.

Removals

  • MS.AAD.5.4v1 - Removed as Microsoft deprecated feature that allows group owners to consent to applications #1623
  • MS.DEFENDER.6.2v1 / MS.EXO.17.2v1 - Removed due to Microsoft service updates for auditing that allow remaining Defender and Exchange Online auditing policy group baseline items to adequately cover the auditing requirements that previously required Purview Audit (Premium) #1625

Updates

  • MS.AAD.3.3v2 - Updated version only checks for login context information if Microsoft Authenticator is enabled, phishing-resistant MFA not being enforced is no longer a condition for making the policy applicable/not applicable #1588
  • MS.DEFENDER.6.1v1 / MS.EXO.17.1v1 - Updated audit logging language to better reflect ScubaGear check #1611
  • MS.EXO.1.1v2 - Updated version allows automatic forwarding for specific, agency-approved domains #1615

Other baseline changes

  • Add new SHOULD policy MS.AAD.3.9v1 to block device code authentication #1627
  • Add note to MS.POWERPLATFORM.4.1v1 to highlight dataverse dependency #1608
  • Update MS.TEAMS.1.6v1 and MS.TEAMS.1.7v2 to clarify restrictions on event and meeting recording #1626
  • Update SharePoint policy notes to provide clarity on N/A cases #1616
  • Remove MS.SHAREPOINT.1.4v1 from baseline due to setting deprecation #1593
  • See full list of baseline updates here

Documentation

  • Update ScubaGear logo URL #1576
  • Update sample reports for v1.6.0 #1673
  • See full list of documentation changes here

Full Changelog: v1.5.0...v1.6.0

Assets 3
Loading