67 Purple-team / adversary emulation
A periodic adversary-emulation exercise: the attacks these controls claim to stop are actually run against the tenant, and three questions are answered — was it blocked, was it detected, and did anyone act on the alert. Its output is the evidence that the controls you deployed actually fire; without it, every claim they make is untested.
Caveats
This is a process control — it is carried out offline, so there is no Admin Console walkthrough to show.
Ongoing maintenance
- requires a human Per interval: run the exercise and write findings with owners.
How to verify
Check the most recent exercise report exists, is within the agreed interval, and each finding has an owner and a remediation state.
v0.0.1Assure policy #21 · #12 ↗