During the Reconcile process, you can select an industry standard baseline as your term of comparison.
You can choose to compare your tenant to:
- CIS baseline
- Essential Eight baseline
CIS M365 Benchmarks
The CIS baseline provides a suite of security configurations that conform with the Center for Internet Security (CIS) Microsoft 365 Foundations Benchmark. Each configuration fulfills specific CIS controls and aligns to a benchmark level (L1 or L2). For more information on this CIS Benchmark, see the CIS website. Please note, some CIS benchmark controls require manual remediation in a tenant and are not covered by this industry standard baseline.
Configuration Manager supports
- the Center for Internet Security (CIS) Microsoft 365 Foundations Benchmark v6.0.0.
- the Center for Internet Security (CIS) Microsoft 365 Foundations Benchmark v3.1.0 (previous version)
Selecting the CIS baseline in Reconcile
To select either CIS baseline version as a term of comparison, in the Reconcile page,
- Firstly, select the tenant you wish to compare to the industry standard baseline from the “Tenant” dropdown menu
- Select the desired tenant's version
- Make sure che “Compare with” checkbox is checked
- From the “Option” menu, select “Industry baseline”
- In the “Baseline name” box, select the “CIS” version to use. You can choose among:
- Microsoft 365 Foundations Benchmark v6.0.0
- Microsoft 365 Foundations Benchmark v3.1.0
- Select “Apply”
- Proceed with the standard Reconcile flow.
CIS baseline tags
On “Reconcile”, by expanding “Configuration Types”, you will find industry benchmark tags associated to specific configurations.
These tags are identifiers that help you easily spot which configurations belong to the CIS baseline. They provide a clear view of which specific CIS configurations are covered, allowing you to understand your compliance status.
By clicking on the CIS tag, a pop-up will appear, informing you of the CIS control that the configuration aligns with:
