About Security Configuration Audit for SaaS
Security Configuration Audit for SaaS is part of Skyhigh CASB's SaaS Security Posture Management (SSPM) solution. This solution provides visibility into any possible misconfigurations in your corporate SaaS services and allows you to remediate them.
Currently, Security Configuration Audit has policies on the following Microsoft 365 apps:
- SharePoint Online
- OneDrive
- Azure Active Directory
- Intune
- Teams
Also, Security Configuration Audit has policies supported for Salesforce.
The Configuration Audit for the SaaS solution follows a workflow similar to the IaaS solution. The workflow is divided into the following parts:
- Policy Templates. Predefined configuration audit policies are provided on the Policy Templates page.
- On-Demand Scans. When the feature is enabled, it starts a Configuration Audit scan that runs once every 24 hours. For more information, see On-Demand Scans for Configuration Audit for SaaS.
- Policies. Policy templates that are imported as part of an On-Demand Scan are displayed on the Security Configuration Audit page. Policies are imported and made Active by default, but you can change their status to Inactive at any time. Inactive policies are not used for the next On-Demand Scan.
- Incidents. Configuration data is imported via Microsoft 365 APIs and validated against the policies. All policy violations are displayed on the Policy Incidents page. The Policy Incidents Cloud Card also provides steps for remediation. Follow these steps to remediate incidents. Once remediated, the incident will not show up on the next scan.
- Resources. Configuration Audit policies are defined at multiple levels of a SaaS service. For example, with SharePoint, policies are defined at Account, User, User Group, Site, and Device levels. Find your Microsoft 365 Resources on the Resources page, which helps you to understand the compliance, risk, and incidents associated with each resource.
For IaaS, see Security Configuration Audit for IaaS.
Enabled by Default
Configuration Audit for SaaS is enabled automatically when a Microsoft O365 instance is configured for a new tenant. For existing customers, the feature is enabled upon release.
You can disable the feature if it is not required. For details, see Enable or Disable Security Configuration Audit for SaaS.
Prerequisites
Configuration Audit processes for OneDrive, SharePoint, and Teams will run with the corresponding SaaS licenses. Certain policies for Azure AD, Intune require Azure Active Directory Premium P2 licenses.
Office 365 Dashboard and Saved View
The Office 365 Dashboard provides a summary of the Microsoft Office 365 data you care about at a glance using cards, which are based on Saved Views, including the Office Config Audit - Unresolved Incidents card.
For details, see About the Office 365 Dashboard.