Irish Information Security Forum

SCuBAGear M365 Secure Configuration Baseline Assessment Tool



SCuBAGear is a CISA-created automation script for comparing Federal Civilian Executive Branch (FCEB) agency tenant configurations against CISA M365 baseline recommendations.


SCuBAGear is part of CISA’s Secure Cloud Business Applications (SCuBA) project, which provides guidance for FCEB agencies securing their cloud business application environments and protecting federal information created, accessed, shared, and stored in those environments. Although tailored to FCEB agencies, the project provides security guidance applicable to all organizations with cloud environments.


scubaGear architecture


CISA created the SCuBA program in response to the SolarWinds Orion software supply chain compromise.


During the SolarWinds Orion supply chain compromise, threat actors changed domain federation trust settings using Azure Active Directory (AAD) administrative permissions; the threat actors configured the domain to accept authorization tokens signed using their own security assertion markup language (SAML) signing certificate. The actors used these tokens to access resources in hosted environments, such as email, for data exfiltration via an authorized application programmable interface (API). As part of SCuBA, CISA developed multiple documents that collectively provide guidance on cloud security and hardening:


The SCuBA Technical Reference Architecture (TRA) – describes essential components of security services and capabilities to secure and harden cloud business applications, including the platforms hosting the applications. These security services and capabilities prevent and mitigate vulnerabilities and threats from affecting the cloud business applications during implementation, configuration, and administration. The scope of the TRA includes cloud business applications, delivered through a Software-as-a-Service (SaaS) model to users, and the security services used to secure and monitor these applications.


The draft Hybrid Identity Solutions Architecture – presents potential approaches for addressing identity management in a hybrid environment.


M365 security configuration baseline (SCB) guides – provide minimum viable secure configuration baselines for Microsoft Defender for Office 365, Azure Active Directory, Exchange Online, OneDrive for Business, Power BI, Power Platform, SharePoint Online, and Teams. The SCuBAGear M365 SCB Assessment Tool verifies an organization’s M365 tenant configuration conforms to the minimum viable security configurations described in the M365 SCB guides. The tool creates an HTML report highlighting policies that deviate from the SCB guides. Network administrators of all organizations with M365 tenant(s) can use the tool to quickly identify and address configuration gaps.


See CISA’s SCuBAGear GitHub page for directions on installing and using the tool


If you are interested in finding out more about the IISF, or would like to attend one of our Chapter Meetings as an invited guest, please contact the
IISF Secretary:

By email:

By post:

David Cahill

Information Security

GPO, 1-117
D01 F5P2

Enhance your Cybersecurity knowledge and learn from those at the coalface of information Security in Ireland



Invitations for Annual Sponsorship of IISF has now reopened.

Sponsorship of IISF Opportunity
(your logo & profile link here)


Sponsors are featured prominently throughout the IISF.IE website, social media channels as well as enjoying other benefits Read more


secured by edgescan digital security radar logo

© iiSf. All rights reserved. CRN: 3400036GH  - Privacy Statement  - Sponsorship  - Cybersecurity News Topics  - Cybersecurity Resources  - Produced by
LinkedIn Twitter