GOV-04CriticalMaximum Security

Automate Threat Response with SOAR

Governance & Hygiene control for Microsoft 365 and Entra ID

Why This Control Matters

Manual incident response takes hours. Automated playbooks respond to threats in seconds. Level 3 organizations minimize attacker dwell time by automatically containing compromised accounts.

Expected State

When this control is compliant, your tenant should meet these criteria:

1High-risk detections trigger automated playbooks
2Compromised users have sessions revoked and accounts disabled automatically
3Security Operations Center (SOC) integration with escalation workflows

Enforcement

Default Mode

Strict

Zero-tolerance enforcement with immediate remediation

Auto-Remediation

Manual Only

Requires Microsoft Sentinel or equivalent SOAR platform

Ready to implement this control?

TrueConfig continuously monitors your Microsoft 365 tenant for compliance with this and 50+ other security controls.