Service Principal Security

[schrolla]

💡 Summary

Developing new policies around service principal security will lead to better security posture and outcomes for agencies implementing those policies. Investigate the impact of service principals on M365 service security and determine potential threats that could be addressed through new SCuBA M365 baseline policies. Compare security posture in the face of identified threats for tenants implementing proposed service principal policies to those without those policies.

Motivation and context

Implementation notes

Implementing service principal policy enhancements will include:

• Identification of cyber threats that leverage service principal related vulnerabilities
• Developing M365 configurations that address identified threats and vulnerabilities
• Hands-on prototyping to determine the effects of service and policy changes on tenant security posture against those threats
• Determining baseline changes to align policy with service principal improvements
• Recommending baseline policy changes and updates based on investigation results

Acceptance criteria

• Set of cyber threats considered in scope of this investigation has been defined
• Tabletop or real-world attacks against tenant simulating these threats completed
• Set of tenant configuration changes developed to mitigate vulnerabilities tested
• New or updated baseline policies drafted for wider review
• Decision to include/exclude draft policies in baselines has been made