SaaS Security and Compliance (SSC) enables you to understand the compliance posture of you SaaS applications. For Office 365, you can validate your environment against CIS controls using SSC.
The Center for Internet Security (CIS) has published CIS benchmarks for O365 that can be validated using SSC. Several of these controls can only be validated using PowerShell commands executed in the your Azure environment.
To enable this, you need to install the PowerShell Module (PM) in your Azure environment.
1) The instructions involve running a script that uses the Azure CLI. Please make sure you have the Azure CLI installed. If not, please follow the instructions here:
2) For Windows, please ensure you have a bash terminal installed, for example Cygwin. This is used to execute the script to complete the install.
3) From the Create Connector wizard, download the qualys_azure_setup.zip zip file. This file contains the required code for the Azure functions that validate individual controls as well as the script to be executed (qualys_azure_installation.sh)
1 - Unzip the file that yo downloaded from the Create Connector UI
2 - Execute the script qualys_azure_installation.sh
3 - Enter the O365 domain and credentials
4 - Once you are logged in, choose from one of the displayed subscriptions
5 - Choose the region in which the functions need to be installed
6 - This will initiate the upload of the functions. This step will take about 10-15 minutes (depending on the network speed). Please do not stop this upload
7 - Once the functions are uploaded, at the final step, the Function Name and Function Key are displayed at the console.
8 - Test
the connection of the “Test URL” in step 7 either on a browser or from
the terminal (via a curl command)
You will see a successful response (responsecode:200) which implies the setup is successful.
9 - Paste the function name and master key – from Step 7 - in the Create Connector UI and “Test Connection” before you create the connector.