Comments (5)
Thanks for reporting this. We will look into it how to fix.
from scubagear.
Need to verify if the assumption that all policies are active and the result is the aggregated logical AND of all those policies or not.
from scubagear.
from scubagear.
Reviewed 12/14
@schrolla @buidav Please review and close if this is OBE. If it is still valid, please check to ensure the size and priority labels are accurate.
from scubagear.
While the DLP capability allows for processing and evaluating multiple policies in the specified order, the baseline states that "a custom policy" shall be configured. So the requirement being assessed is that a single custom policy contains one or more rules with ALL sensitive info types present. The bug stated above, as I understand it, and please correct me if I'm wrong, is that the test scenario splits the sensitive info types across two different policies. In the case above, I'd evaluate the assessment result as a fail on MS.DEFENDER.4.1v1 as neither has a set of rules that contain the 3 minimum info types (SSN, PII, TIN).
The Defender code was updated for the upcoming release which improved the evaluation logic. I ran a test by creating two custom policies as described above: 1 targeting Teams with SSN, CC, and Passport and a second targeting Devices with only CC. Neither policy included ITIN and these were the only two policies set to On. I ran the test in a G5 tenant. The result was a fail, as expected since no policy contains the required ITIN (which is identified as the missing type in the fail report details for MS.DEFENDER.4.1v1). Also note, that since no single custom policy meets 4.1 the ancillary baselines for MS.DEFENDER.4.2-4.4 also fail since they check additional settings associated with the required info type rules.
As such, I believe the upcoming release addresses this issue by resolving the false positive and that this item can be closed.
from scubagear.
Related Issues (20)
- Bug with MS.DEFENDER.2.2v1 - "Domain impersonation protection SHOULD be enabled for domains owned by the agency in both the standard and strict preset policies" HOT 1
- Bug with MS.DEFENDER.2.3v1 - "Domain impersonation protection SHOULD be added for important partners in both the standard and strict preset policies." HOT 1
- Defender functional tests fail due to timing/cache issues
- Defender functional test plan tests not configured correctly
- Teams product testing with ScubaGear on a GCCHIGH tenant throws a warning about 'invalid teams environment name for migration api'
- MS.SHAREPOINT.4.2v1 functional test fails in SPO mode for GCC high test tenant HOT 3
- Accessibility improvements to HTML reports
- Sharepoint 1.3 1.4 incorrectly produce Fail even when compliant under a specific condition and does not handle N/A HOT 1
- Enhance Sharepoint policy evaluation outputs for policies that are N/A under certain conditions HOT 1
- Modify Sharepoint so that the policies only execute when applicable and produce a consistent N/A message HOT 2
- MS.EXO.4.3v1 Reporting Failure / No option for config file to use other point of contact. HOT 1
- Update Repository Organization section of the readme
- Clarify that unmanaged user / skype access is not available in GCC
- Baseline Policy Enhancements, Part 1
- M365 Auditing Changes and Enhancements, Part 2 HOT 1
- Service Principal Security
- Refactor Test Cases
- Clean up sample config files
- Change from BITS to WebClient HOT 2
- MS.AAD.6.1 Does not account for federated domains HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from scubagear.