PR.PT-4

Communications and control networks are protected

Protect · Protective Technology

Semi-Automated

Compliance Score

75%

Partially Compliant

Documentation Maturity

3/ 5

Target: 2.5

Implementation Maturity

3/ 5

Target: 2.5

Control Description

Email and web security controls are implemented including anti-phishing, anti-spam, anti-malware filters, and safe browsing protections.

Microsoft Graph API Endpoints Used

GET /security/secureScores

Required Permissions

SecurityEvents.Read.All

Findings (1)

15/20 items compliant

Severity	Finding	Recommendation
medium	Improvement needed: Communications and control networks are protected Current implementation does not fully meet the requirements of PR.PT-4.	Enable Exchange Online Protection (EOP) anti-phishing, anti-spam, and anti-malware policies. Configure Safe Links and Safe Attachments if available. Enable external email tagging. Block auto-forwarding to external addresses.

Severity

Finding

medium

Improvement needed: Communications and control networks are protected

Current implementation does not fully meet the requirements of PR.PT-4.

Remediation Guidance

Enable Exchange Online Protection (EOP) anti-phishing, anti-spam, and anti-malware policies. Configure Safe Links and Safe Attachments if available. Enable external email tagging. Block auto-forwarding to external addresses.