Edit Standards
Apply pre-defined standards to your Microsoft 365 CSP tenants.
Last updated
Apply pre-defined standards to your Microsoft 365 CSP tenants.
Last updated
This guide walks you through the process of setting up and running standards in CIPP. From accessing the standards editing feature to initiating standards runs, you'll learned how to ensure compliance and maintain security in your organization.
Note that by default, Standards aren't applied to any tenants upon setup of CIPP. Applying any standard should only be undertaken with full understanding of the effects of the standard, detailed in the video and walkthrough on this page, and with the following details in mind:
Template standards work by reapplying the template from your database every 3 hours.
Each standard has three options. Report, Alert, and Remediate.
A standard with Remediate applies actual configuration to the selected tenant.
Disabling the Remediate option does not undo a standard if it has already applied. Only prevents it from applying again.
To get started with Standards in CIPP, first navigate to Tenant Administration -> Standards, and then Edit Standards. In our example, we'll add a standard for All Tenants which will apply to every tenant in our CIPP environment.
Each standard has three options. Report, Alert, and Remediate.
Report stores the current value of the standard in a Best Practices Report.
Alert generates a ticket, email, or webhook depending on your notification configuration.
Remediate applies the fix for the specific standard and makes the necessary change on your clients tenant.
Disabling the remediate option does not undo a standard if it has already applied. Only prevents it from applying again.
Each standard has a description explaining what the setting does, and a label on how much end-user impact the standard will have.
Some of the standards have settings, such as input fields to enter custom text, or selections
Standards can be found for each aspect of M365. Inside of CIPP we've made sure to split these out by category so you can easily find the standard you need. There are over 60 standards which each release adding new ones.
Lets check out the Templates Standard Deployment section next, which allows us to deploy our own custom templates to Intune, Exchange, Conditional Access and more.
Template standards work by reapplying the template from your database every 3 hours. That means when we deploy an Intune Template it'll always be exactly in the state we need it to be. If an admin changes a setting it will revert to our template. That also makes it easy to deploy updates to templates, as you only have a single location to change the template before it's applied to all clients.
At the top of the page you'll find the option to run the standards immediately. You can do this for a single tenant, or all tenants in one go.
Click "Enabling this feature excludes this tenant from any top-level "All Tenants" standard. This means that only the standards you explicitly set for this tenant will be applied. Standards previously..."
When selecting a specific tenant you can choose to exclude this tenant from "All Tenant" standards. This means that none of the standards applied to All Tenants will apply to this tenant, allowing you to create a completely custom standard for this client.
