Accepted Deviations are tenant configurations that conflict with the “CIS M365 Foundations 5.0.0”, but which you can explicitly choose to accept. This might be because your organization already mitigates any related risk with other safeguards, such as different security configurations or backup strategies.
Accepting deviations increases the Security score of your tenant.
Managing “accepted deviations”
Accepted deviations are managed through the Reconcile page. The process follows the steps below.
Step 1: Reconcile setup
- Access the “Reconcile” page.
- Select your tenant and choose the “CIS M365 Foundations 5.0.0” baseline from the dropdown menu.
- Click “Apply”
Step 2: access the configuration
- Access the configurations listed under “Conflicting” with baseline.
- Expand the configuration type and identify the specific configuration you want to review.
- Click on “View” to open the detailed view.
Step 3: accept deviation(s)
- Use the “Accept Deviation” toggle to mark the entire configuration or individual properties as accepted:
- "Accept all deviations" toggle: marks all deviations as accepted
- Accepted Deviation toggle: marks the single deviation as accepted
Only properties aligned with “CIS M365 Foundations 5.0.0” support the Accept Deviation toggle; tenant-only properties do not.
Status badges
Badges provide a clear visual indication of deviation acceptance within a configuration:
- If all properties within a configuration are accepted, an “Accepted Deviation” badge is displayed.
- If only some properties are accepted, a “Partial Accept Deviation” badge is shown.
The configuration remains visible under the “Conflicting” column, but the badge and status indicate its acceptance.
Only properties that are part of the “CIS M365 Foundations 5.0.0” will present the “Accept Deviation” toggle.
Reverse “Accepted Deviations”
You can always revoke an accepted deviation by following this process:
Step 1: Reconcile setup
- Access the “Reconcile” page.
- Select your tenant and choose the “CIS M365 Foundations 5.0.0” baseline from the dropdown menu.
- Click “Apply”
Step 2: locate the “Accepted deviation” badge
- Locate the configuration that shows “Accepted Deviation” status in the “Conflicting” tab. To do so, you can apply the “By classification” selector and check the "Accepted Deviation" checkbox.
Please note that partially accepted configurations will not be displayed here.
- Click on “View” to open the detailed view.
- Disable the toggle to remove the acceptance for the entire configuration or for specific properties.
After changing the status, the configuration will reappear under the Conflicting column without the “Accept/Partial Accept deviation" badge.