Update MS.DEFENDENDER2.1v1, MS.DEFENDENDER2.2v1, and MS.DEFENDENDER2.3v1 implementation steps to require at least a user, group or domain to be configured for impersonation protection #1842
Description
Prerequisites
- This issue has an informative and human-readable title.
💡 Summary
Currently the policy is showing a false positive "PASS" result when run in a tenant without any users, groups, or domains configured for impersonation protection and run without a configuration file. The policy should not pass if no users/groups/domains are targeted.
##Related to #1840
Motivation and context
For policy 2.1 ScubaGear gave an inaccurate assessment because it passed the policy even though in the JSON for the Standard Preset Security Policy the TargetedUsersToProtect array is empty.
The same applies to policy 2.2 and 2.3. It provided a pass even though the TargetedDomainsToProtect array is empty.
A config file was not used.
These false positives introduce risk to users especially of impersonations of users, groups, and domains with access to sensitive or high-value information and resources.
Implementation notes
Update implementation steps for MS.DEFENDENDER2.1v1, MS.DEFENDENDER2.2v1, and MS.DEFENDENDER2.3v1 to include at least one sensitive user, group, or domain for impersonation protection.
Acceptance criteria
- updates above are implemented