Applies To: ThreatSync+ SaaS
The ThreatSync+ SaaS Microsoft 365 Defense Goal Report is based on Microsoft 365 security best practices and recommendations from the Cybersecurity and Infrastructure Security Agency (CISA). For more information about CISA, go to Cybersecurity and Infrastructure Security Agency.
The Microsoft 365 Defense Goal Report is available with a ThreatSync+ SaaS license. For more information, go to About ThreatSync+ SaaS Licenses.
The Microsoft 365 Defense Goal Report provides you with a network defense overview and shows whether you are in compliance with the objectives and controls for a specified time period. You can generate this report for up to a six month time period.
To configure objectives and network defense controls for the Microsoft 365 Defense Goal Report, go to Manage Network Defense Goals.
Network Defense Overview
The Network Defense Overview section provides a snapshot of your overall network defense. You can view your user threat score, user threat score history, and how many objectives and controls are compliant or in violation.
Your threat score represents your potential exposure to threats in your network. This threat score is an aggregation of the threat scores for each of the controls presented in the report. The defense goal is a collection of defense objectives, each organized around a specific prevention area. Each defense objective consists of a set of controls that we recommend you enable and monitor to help prevent cyberattacks.
Threat Score
The overall user threat score shows the highest value recorded in the report period.
Threat Score History
The Threat Score History chart shows the defense goal threat score for each day in the report period.
Objectives and Controls
The Objective and Control summary charts show the proportion of objectives and controls that are compliant, not compliant, or with insufficient data available to evaluate.
Top Network Threats
The Top Network Threats section lists the three highest-risk controls covered in this report. This section shows a chart of your top threats with details about the controls, remediation suggestions, alert history, and whether or not your network is compliant.
To view more information about a specific control, click the control name to go to the Objective and Control Detail sections.
Objective and Control Details
The Objective and Control Detail sections show additional detail for each defense objective included in the report. Each section identifies the name of a defense objective, its compliance status, and the controls that the objective is configured to include.
For each control, the report describes the purpose of the control, the threat score associated with violations of the control, a remediation recommendation, and a chart that shows the alert count over time.
Control Violation Detail and Remediation
For controls that were violated within the report period, the report provides a detailed description of the control and remediation recommendations.
In this example, the control violation is Internal Files Made Public.
The report provides these details:
- Control Detail — The removal of access controls from files is a common exfiltration tactic, and the removal of all access permissions is rarely a valid business use case.
- Remediation — We recommend you remove file-sharing permissions from high-value data and documents and follow a policy of least privilege across all user accounts. We also recommend that you investigate the activity to determine if it was legitimate.