You can run policies and benchmarks defined for your SaaS application. The controls are validated and the pass or fail status is displayed. Currently MS O365 CIS Benchmarks is supported.
Simply go to Policies tab to view all the policies provided by Qualys. From here you can also enable or disable the policy for a connector.
Click on the policy to open it in the View Mode and navigate to the Connectors tab. Select a connector and from the Actions menu Enable or Disable the policy for this connector.
The Controls tab lists all controls and their details such as connector type, criticality, etc. Click on any control to view details specific to that control.
Once a policy is enabled for a connector you can view your compliance posture in the Monitor tab.
Note: For the following controls to be evaluated
in SSC accurately, make sure the "Apps that don't use modern authentication"
setting is enabled in Microsoft 365 Admin Center > SharePoint >
Policies > Access Control:
9036, 9037, 9038, 9018, 9012, 9007
Note: You must have a Microsoft 365 E5 license
to evaluate the following 4 controls:
9010, 9011, 9025, 9026