Skip to content

Microsoft Compliance Configuration Analyzer

Microsoft Compliance Configuration Analyzer

In this short post, we will look at MCCA (Microsoft Compliance Configuration Analyzer). MCCA is a PowerShell-based tool that exports your current Microsoft 365Complaince configuration and validates them against Microsoft 365’s recommended best practices.
Some of the controls which forms part of the best practices include regulations and standards for data protection and data governance.

Perquisites for MCCA

  1. Exchange Online PowerShell Module (v2.0.3 or higher)

How to Install MCCA:

To get started with the Installation, you will have to launch Windows PowerSell and install the MCCA module.

Text Description automatically generated with medium confidence
Now that you have the tool installed, lets go ahead and run the following to generate the first MCCA report.

You need to accept the terms and read the warning about the tool, if you happy select Yes.
Text Description automatically generated
You will be prompted to enter your username and a popup for Microsoft 365 authentication windows will open.
Text Description automatically generated
Text Description automatically generated
The Report will take between 2-5 minutes to complete, once completed the html file will open in your browser. It will look as follows:
Graphical user interface, application Description automatically generated
This report is stored locally in the directory C: Users  username  AppData Local Microsoft MCCA. A new report will be generated each time you run the tool and previous versions of the report can be found in the same location.

Report Breakdown.
You might notice that in the report you have the following message.

This message indicates that the report was not based on the specific region. To customize the report to be based on your Geo location, you will have to specify that in the PowerShell command when running the command.

Your geolocation selection is used to assess sensitive information types (SITs) which are relevant to that geolocation and generate a report that aligns to your country or region. Choose geolocations based on data you have in your tenant.
Each Geo location is associated with a code, all current codes can be found below.
Graphical user interface, table Description automatically generated with medium confidence
Let’s go ahead and rerun the report based on UK and European standards.

Graphical user interface Description automatically generated with medium confidence

You will notice that the report now has a note in it, indicating the report is based on the geo regions we specified when running the report.Graphical user interface, text, application Description automatically generated

MCCA evaluates your current configurations against the recommended improvement actions in Compliance Manager. Any improvement action identified by the MCCA tool as needing attention will be listed in this section.
Next to each Microsoft solution are color-coded boxes indicating the number of items that correspond to improvement actions in Compliance Manager. The actions are broken down into three status states:

  • OK: the actions that meet recommended conditions and need no attention at this time
  • Improvement: actions that need attention
  • Recommendation: actions that don’t need attention, but for which we recommend best practices

Select a box to view improvements and recommendations.
By selecting Client-side sensitivity labels, we can now see that there are no label policies in place. Part of the recommendation as you can see below is useful links so you can implement what is missing or recommended.
Graphical user interface, text Description automatically generated
For DLP, there’s a Remediation Script button that gives you a pre-generated PowerShell script based on what’s recommended. You can copy and paste it directly in your PowerShell console. It will create a DLP policy in test mode

Here is an example of that PowerShell script:
Graphical user interface, application, Word Description automatically generated
Complete script can be found in the report section.

For more information about the MCCA tool, you can visit the Github page. Here you will find detailed information about the tool.


Sharing is caring!

Published inMicrosoft 365Microsoft 365 ComplianceMicrosoft Compliance Configuration AnalyzerPowerShell

Be First to Comment

Leave a Reply

Your email address will not be published.