Acme Corporations Microsoft 365-sikkerhedsposture er vurderet til 67/100 — en fremgang på 1 point siden seneste scan. 8 kritiske risici kræver handling inden for 7 dage. Scoren er baseret på 135 automatisk verificerede sikkerhedskontroller. NIS2-kontroldækning er estimeret til 84%.
Posture-score
67/ 100
Kritiske fund
8
Åbne fund i alt
45
Tjek udført
135
2
Sikkerhedsposture — Score
Stiplet linje = industri-gennemsnit (58/100)
▲ 1 point siden seneste scan
Organisationen har et moderat sikkerhedsniveau. Kritiske og medium-alvorlige fund bør prioriteres højt.
Benchmark-sammenligning
67
Acme Corporation
vs.
58
Industri-gennemsnit
+9 over avg
3
Risiko-fordeling per sikkerhedsdomæne
ID
Identity
35 fund
8 H18 M9 L
DV
Devices
4 fund
4 M
NW
Network
1 fund
1 L
DA
Data
5 fund
3 M2 L
Søjlerne viser severity-fordeling (kritisk / medium / lav) inden for hvert sikkerhedsdomæne. Farve-intensitet afspejler relativ risiko-koncentration.
4
Top 5 identificerede risici
KRITISKidentity1. Application secrets expiring within 30 days: 5 apps
Forretnings-eksponering
Internal-CRM-Connector (12d), Power-BI-Sync (18d), HR-Onboarding-Webhook (22d), Slack-Bot (26d), Sentinel-Forwarder (28d) have secrets expiring within 30 days.
Anbefalet handling
Rotate all expiring secrets immediately. Replace secrets with certificate authentication where possible.
Deadline: Inden 7 dage
KRITISKidentity2. External guest user assigned to permanent control-plane role
Forretnings-eksponering
1 external guest user (guest3@external.example.com) has a permanent Exchange Administrator role assignment. Guest role assignments should be time-limited via PIM.
Anbefalet handling
Remove permanent Exchange Administrator role from guest3@external.example.com. If needed, assign via PIM eligible role with justification required.
Deadline: Inden 7 dage
KRITISKidentity3. Global Admin count exceeds recommended maximum: 7 admins
Forretnings-eksponering
7 Global Admins active. CIS Controls v8 recommends ≤2 permanent Global Admins. Excess accounts increase blast radius if any one is compromised.
Anbefalet handling
Audit all Global Admin accounts. Remove admin role from accounts not requiring it. Move remaining to PIM eligible assignments.
Deadline: Inden 7 dage
KRITISKidentity4. Global Administrator accounts without dedicated admin account
Forretnings-eksponering
5 of 7 Global Admins use the same account for daily work and admin tasks. No separation of duties.
Anbefalet handling
Create cloud-only admin accounts for all privileged role holders. Disable admin access on daily-use accounts.
Deadline: Inden 7 dage
KRITISKidentity5. Legacy authentication not blocked tenant-wide
Forretnings-eksponering
POP3, IMAP4, and Authenticated SMTP still permitted. 14 sign-ins from legacy clients in past 30 days.
Anbefalet handling
Block legacy authentication via a tenant-wide Conditional Access policy targeting all users.
Deadline: Inden 7 dage
5
Posture-score over tid — 13 scans
Hvert datapunkt repræsenterer ét komplet sikkerhedsscan (Maester + ZeroTrustAssessment). Stigninger indikerer forbedringer via remediation-aktioner.
6
Framework-mapping
Metodik: SimpleEntra mapper automatisk identificerede fund mod gældende frameworks. Tallene angiver andelen af framework-kontroller der er dækket af de afviklede tests — de er ikke en fuld compliance-attest. Nøjagtig framework-mapping kræver en formel revision.
CIS Controls v8(138 / 171 sub-controls)
81%
CISA SCuBA(Microsoft 365 baseline)
79%
NIS2 Art. 21(2)(Art. 21(2)(a-i))
84%
ISO 27001 Annex A(87 / 114 controls)
76%
DORA RTS(54 / 79 RTS)
68%
Tests powered by Maester — MIT-licensed open source security testing for Microsoft 365 · maester.dev
7
Prioriterede aktioner
1
Rotate all expiring secrets immediately. Replace secrets with certificate authentication where possible.
Ansvarlig: IT-sikkerhed / IAM-ansvarlig
Inden 7 dage
2
Remove permanent Exchange Administrator role from guest3@external.example.com. If needed, assign via PIM eligible role with justification required.
Ansvarlig: IT-sikkerhed / IAM-ansvarlig
Inden 7 dage
3
Audit all Global Admin accounts. Remove admin role from accounts not requiring it. Move remaining to PIM eligible assignments.
Ansvarlig: IT-sikkerhed / IAM-ansvarlig
Inden 7 dage
4
Create cloud-only admin accounts for all privileged role holders. Disable admin access on daily-use accounts.
Ansvarlig: IT-sikkerhed / IAM-ansvarlig
Inden 7 dage
5
Block legacy authentication via a tenant-wide Conditional Access policy targeting all users.