|
Decision
|
Description
|
|
DD-01
|
Enable MFA for all admins
|
|
DD-02
|
Enable MFA for all users
|
|
DD-03
|
Enable mailbox owner auditing
|
|
DD-04
|
Who will review reports?
|
|
DD-05
|
Who will review privileged access?
|
|
DD-06
|
Enable client rules forwarding block?
|
|
DD-07
|
Enable audit data recording?
|
|
DD-08
|
Enable additional mailbox auditing?
|
|
DD-09
|
Disable external sharing?
|
|
DD-10
|
Disable external SIP federation?
|
|
DD-11
|
Enable mobile device management services?
|
|
DD-12
|
Require mobile devices to use a password?
|
|
DD-13
|
Keep Default Policy or create custom policy.
|
|
DD-14
|
Malware Detection Response? YES/NO and STANDARD/CUSTOM
|
|
DD-15
|
Common Attachment Types Filter? ON/OFF
|
|
DD-16
|
Sender Notification? INTERNAL/EXTERNAL/OFF
|
|
DD-17
|
Administrator Notification? YES/NO
|
|
DD-18
|
Custom Notification? YES/NO
|
|
DD-19
|
Enable Standard Settings? YES/NO (overrides Custom Settings)
|
|
DD-20
|
Modify SCL level? – Value ?
|
|
DD-22
|
Use Default ATP Policy? YES/NO
|
|
DD-23
|
Is there need for a specific policy for dedicated recipients? YES/NO
|
|
DD-24
|
Enable ATP Safe attachments for all users? YES/NO
|
|
DD-25
|
Use redirect in Policy? YES/NO
|
|
DD-26
|
Scope by domain? YES/NO
|
|
DD-27
|
Ramp up using Distribution Groups? YES/NO
|
|
DD-28
|
Turn on ATP for SharePoint, OneDrive, and Microsoft Teams? YES/NO
|
|
DD-30
|
Enable check for authentication in ETRs? YES/NO
|
|
DD-31
|
Make use of updated reporting add-in? YES/NO
|
|
DD-32
|
Implement SPF, DKIM and DMARC? YES/NO
|
|
DD-33
|
Implement DMARC with p=reject.
|
|
DD-34
|
Use ETRs to Skip Safe Attachments/Safe Links
|
|
DD-35
|
Create ETRs to skip ATP internally? YES/NO
|