Identifying Public vs. Private Microsoft 365 Groups

Introduction

In the realm of enterprise security, understanding the visibility and access controls of your organization’s resources is paramount. This is especially true for Microsoft 365 Groups, which play a crucial role in collaboration across various Microsoft services. In this post, we’ll explore a PowerShell script I’ve developed to distinguish between public and private Microsoft 365 Groups, and why this distinction is vital in aligning with the CIS (Center for Internet Security) benchmark controls.

The Importance of Group Visibility in Microsoft 365

Microsoft 365 Groups form the backbone of collaboration tools like Microsoft Teams, SharePoint, and Outlook. However, the visibility of these groups – whether they are public or private – can significantly impact your organization’s security posture. Public groups are accessible to all users within your organization, potentially exposing sensitive information. Private groups, on the other hand, restrict access to invited members only, offering better control over who can view and interact with the group’s content.

Understanding the visibility status of each group helps in:

1. Data Protection: Ensuring sensitive information is not inadvertently exposed in public groups.
2. Compliance Management: Aligning with internal policies and external regulations regarding data access and privacy.
3. Security Auditing: Regularly reviewing group settings to maintain optimal security configurations.

Aligning with CIS Benchmark Controls

The CIS Benchmarks are a set of best practices for securing IT systems and data. They emphasize the importance of minimal access principles and rigorous management of access controls. By identifying the visibility status of Microsoft 365 Groups, organizations can:

• Ensure minimal necessary access to information.
• Identify and modify improperly configured groups.
• Maintain compliance with CIS controls regarding data access and privacy.

The PowerShell Script

The PowerShell script provided here simplifies the process of auditing Microsoft 365 Groups. It lists all groups along with their visibility status (public or private), aiding administrators in quickly identifying potential security concerns. It’s designed to support modern authentication, including Multi-Factor Authentication (MFA) enabled accounts, which is crucial in today’s security landscape.

GitHub Link: https://github.com/thatlazyadmin/DeathStarScriptHub/blob/main/Microsoft-365/Get-M365GroupsStatus.ps1

How to Run the Script

To run this script:

1. Ensure you have the AzureAD PowerShell module installed. If not the script will install the needed module for you.
2. Execute the script in a PowerShell window.
3. Authenticate with your credentials (MFA supported).
4. Review the list of groups and their visibility status.

Run: .\Get-M365GroupsStatus.ps1

Conclusion

In conclusion, the visibility of Microsoft 365 Groups is a critical component in your organization’s security framework. This PowerShell script not only aids in quick identification of public vs. private groups but also aligns with the CIS benchmark controls for enhanced security and compliance. Regular audits of group settings should be a part of your organization’s security best practices to ensure data protection, compliance, and overall security health.

Author: Shaun Hardneck (Thatlazyadmin)

Sharing is caring!