About Security Configuration Audit for SaaS
Security Configuration Audit for SaaS is part of Skyhigh CASB's SaaS Security Posture Management (SSPM) solution. This solution provides visibility into any potential misconfigurations in your corporate SaaS services, allowing you to remediate them.
Configuration Audit Policy and Auto Remediation Support Matrix for SaaS
Currently, Security Configuration Audit has policies for the following SaaS applications.
| Sanctioned Applications | Auto Remediation |
|---|---|
| SharePoint | .png?revision=1&size=bestfit&width=25&height=25) |
|
OneDrive |
.png?revision=1&size=bestfit&width=25&height=25) |
| Azure Active Directory | |
| Intune | |
| Teams | |
| Salesforce | |
The Configuration Audit for the SaaS solution follows a workflow similar to the IaaS solution. The workflow is divided into the following parts:
- Policy Templates. Predefined configuration audit policies are provided on the Policy Templates page.
- On-Demand Scans. When the feature is enabled, it starts a Configuration Audit scan that runs once every 24 hours. For more information, see On-Demand Scans for Configuration Audit for SaaS.
- Policies. Policy templates that are imported as part of an On-Demand Scan are displayed on the Security Configuration Audit page. Policies are imported and made Active by default, but you can change their status to Inactive at any time. Inactive policies are not used for the next On-Demand Scan.
- Incidents. Configuration data is imported via Microsoft 365 APIs and validated against the policies. All policy violations are displayed on the Policy Incidents page. The Policy Incidents Cloud Card also provides steps for remediation. Follow these steps to remediate incidents. Once remediated, the incident will no longer appear on subsequent scans.
- Resources. Configuration Audit policies are defined at multiple levels of a SaaS service. For example, with SharePoint, policies are defined at Account, User, User Group, Site, and Device levels. Find your Microsoft 365 Resources on the Resources page, which helps you to understand the compliance, risk, and incidents associated with each resource.
For IaaS, see Security Configuration Audit for IaaS.
Enabled by Default
Configuration Audit for SaaS is enabled automatically when a Microsoft O365 instance is configured for a new tenant. For existing customers, the feature is enabled upon release.
You can disable the feature if it is not required. For details, see Enable or Disable Security Configuration Audit for SaaS.
Prerequisites
Configuration Audit processes for OneDrive, SharePoint, and Teams will run with the corresponding SaaS licenses. Certain policies for Azure AD, Intune require Azure Active Directory Premium P2 licenses.
Office 365 Dashboard and Saved View
The Office 365 Dashboard provides a summary of the Microsoft Office 365 data you care about at a glance using cards, which are based on Saved Views, including the Office Config Audit - Unresolved Incidents card.
For details, see About the Office 365 Dashboard.