check before: 2023-08-24
Product:
Azure Active Directory, Defender, Defender for Cloud Apps, Defender for Identity, Defender for Office 365, Entra, Entra ID, Exchange, LinkedIn, Microsoft 365 admin center, Microsoft 365 Apps, Microsoft 365 Defender, OneDrive, Outlook, Purview Communication Compliance, Purview Information Protection, SharePoint, Teams
Platform:
Online, Web, World tenant
Status:
Change type:
Admin impact, Feature update, Updated message
Links:
Details:
Updated August 30, 2023: We have updated the content below to show as intended. Thank you for your patience.
We’re updating Microsoft Secure Score improvement actions to ensure a more accurate representation of security posture. The improvement actions listed below will be added to Microsoft Secure Score. Your score will be updated accordingly.
[When this will happen:]
This will begin rollout in mid-August 2023 and is expected to be complete by late August 2023.
Change Category:
XXXXXXX ...
Scope:
XXXXXXX ...
Release Phase:
Created:
2023-08-10
updated:
2023-08-31
the free basic plan is required to see all details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.
changes*
| Date | Property | old | new |
| 2023-08-31 | MC Messages | We’re updating Microsoft Secure Score improvement actions to ensure a more accurate representation of security posture. The improvement actions listed below will be added to Microsoft Secure Score. Your score will be updated accordingly.
[When this will happen:] This will begin rollout in mid-August 2023 and is expected to be complete by late August 2023. | Updated August 30, 2023: We have updated the content below to show as intended. Thank you for your patience.
We’re updating Microsoft Secure Score improvement actions to ensure a more accurate representation of security posture. The improvement actions listed below will be added to Microsoft Secure Score. Your score will be updated accordingly. [When this will happen:] This will begin rollout in mid-August 2023 and is expected to be complete by late August 2023. |
| 2023-08-31 | MC Title | Microsoft Secure Score is Adding New Improvement Actions | (Updated) Microsoft Secure Score is Adding New Improvement Actions |
| 2023-08-31 | MC How Affect | The following new Microsoft Information Protection recommendation will be added as Microsoft Secure Score improvement action:
Ensure Microsoft 365 audit log search is enabled The following new Exchange Online recommendation will be added as Microsoft Secure Score improvement actions: Ensure modern authentication for Exchange Online is enabled Ensure Exchange Online Spam Policies are set to notify administrators Ensure all forms of mail forwarding are blocked and/or disabled Ensure MailTips are enabled for end users Ensure mailbox auditing for all users is enabled Ensure additional storage providers are restricted in Outlook on the web The following new Azure Active Directory recommendations will be added as Microsoft Secure Score improvement actions: Ensure password protection is enabled for on-prem Active Directory Ensure 'LinkedIn account connections' is disabled In order to view those new controls, Office 365 connector in Microsoft Defender for cloud apps must be toggled on via the App connectors settings page. The following SharePoint new recommendations will be added as Microsoft Secure Score improvement actions: Ensure SharePoint external sharing is managed through domain whitelist/blacklists Block OneDrive for Business sync from unmanaged devices In order to view those new controls, Office 365 connector in Microsoft Defender for cloud apps must be toggled on via the App connectors settings page. The following SharePoint new recommendations will be added as Microsoft Secure Score improvement actions: Ensure Safe Links for Office Applications is enabled Ensure Safe Attachments policy is enabled Ensure that an anti-phishing policy has been created We have disabled the Secure Score improvement action for the following Microsoft Defender for Identity recommendation: "Stop legacy protocols communication" (For accuracy reasons) We have updated the names for Secure Score recommendations for the following CIS Benchmark Microsoft Defender for Office 365 recommendation, here are the new names: Ensure Exchange Online Spam Policies are set to notify administrators Ensure all forms of mail forwarding are blocked and/or disabled Ensure Safe Links for Office Applications is enabled Ensure Safe Attachments policy is enabled Ensure that an anti-phishing policy has been created Ensure the Common Attachment Types Filter is enabled Ensure SharePoint Online Information Protection policies are set up and used We have updated the names for Secure Score recommendations for the following CIS Benchmark Microsoft Information Protection recommendation, here are the new names: Ensure Microsoft 365 audit log search is enabled Ensure DLP policies are enabled for Microsoft Teams We have updated the names for Secure Score recommendations for the following CIS Benchmark Microsoft Admin Center recommendation, here are the new names: Ensure the customer lockbox feature is enabled We have updated the names for Secure Score recommendations for the following CIS Benchmark Microsoft Defender for Cloud Apps recommendation, here is the new name: Ensure Microsoft Defender for Cloud Apps is enabled and configured We have updated the names for Secure Score recommendations for the following CIS Benchmark Microsoft Share Point Online recommendation, here is the new name: Ensure SharePoint external sharing is managed through domain whitelist/blacklists Block OneDrive for Business sync from unmanaged devices We have updated the names for Secure Score recommendations for the following CIS Benchmark Microsoft Entra ID (Azure Active Directory), here are the new names: Ensure Security Defaults is disabled on Azure Active Directory Ensure password protection is enabled for on-prem Active Directory Ensure 'LinkedIn account connections' is disabled Ensure Sign-in frequency is enabled and browser sessions are not persistent for Administrative users Ensure multifactor authentication is enabled for all users in administrative roles Ensure multifactor authentication is enabled for all users Ensure 'Privileged Identity Management' is used to manage roles Ensure that only organizationally managed/approved public groups exist Ensure Administrative accounts are separate and cloud-only Ensure the admin consent workflow is enabled Ensure third party integrated applications are not allowed Ensure that between two and four global admins are designated Ensure 'Self service password reset enabled' is set to 'All' Enable Conditional Access policies to block legacy authentication Ensure that password hash sync is enabled for hybrid deployments Enable Azure AD Identity Protection sign-in risk policies Enable Azure AD Identity Protection user risk policies Ensure the 'Password expiration policy' is set to 'Set passwords to never expire Ensure user consent to apps accessing company data on their behalf is not allowed We have updated the names for Secure Score recommendations for the following CIS Benchmark Microsoft Exchange Online recommendation, here are the new names: Ensure modern authentication for Exchange Online is enabled Ensure MailTips are enabled for end users Ensure mailbox auditing for all users is Enabled Ensure additional storage providers are restricted in Outlook on the web Ensure 'External sharing' of calendars is not available Ensure mail transport rules do not whitelist specific domains Ensure that SPF records are published for all Exchange Domains We have updated the names for Secure Score recommendations for the following CIS Benchmark Microsoft Purview recommendation, here are the new names: Ensure DLP policies are enabled | The following new Microsoft Information Protection recommendation will be added as Microsoft Secure Score improvement action:
Ensure Microsoft 365 audit log search is enabled The following new Exchange Online recommendation will be added as Microsoft Secure Score improvement actions: Ensure modern authentication for Exchange Online is enabled Ensure Exchange Online Spam Policies are set to notify administrators Ensure all forms of mail forwarding are blocked and/or disabled Ensure MailTips are enabled for end users Ensure mailbox auditing for all users is enabled Ensure additional storage providers are restricted in Outlook on the web The following new Azure Active Directory recommendations will be added as Microsoft Secure Score improvement actions: Ensure password protection is enabled for on-prem Active Directory Ensure 'LinkedIn account connections' is disabled In order to view those new controls, Office 365 connector in Microsoft Defender for cloud apps must be toggled on via the App connectors settings page. The following SharePoint new recommendations will be added as Microsoft Secure Score improvement actions: Ensure SharePoint external sharing is managed through domain whitelist/blacklists Block OneDrive for Business sync from unmanaged devices In order to view those new controls, Office 365 connector in Microsoft Defender for cloud apps must be toggled on via the App connectors settings page. The following SharePoint new recommendations will be added as Microsoft Secure Score improvement actions: Ensure Safe Links for Office Applications is enabled Ensure Safe Attachments policy is enabled Ensure that an anti-phishing policy has been created We have disabled the Secure Score improvement action for the following Microsoft Defender for Identity recommendation: "Stop legacy protocols communication" (For accuracy reasons) We have updated the names for Secure Score recommendations for the following CIS Benchmark Microsoft Defender for Office 365 recommendation, here are the new names: Ensure Exchange Online Spam Policies are set to notify administrators Ensure all forms of mail forwarding are blocked and/or disabled Ensure Safe Links for Office Applications is enabled Ensure Safe Attachments policy is enabled Ensure that an anti-phishing policy has been created Ensure the Common Attachment Types Filter is enabled Ensure SharePoint Online Information Protection policies are set up and used We have updated the names for Secure Score recommendations for the following CIS Benchmark Microsoft Information Protection recommendation, here are the new names: Ensure Microsoft 365 audit log search is enabled Ensure DLP policies are enabled for Microsoft Teams We have updated the names for Secure Score recommendations for the following CIS Benchmark Microsoft Admin Center recommendation, here are the new names: Ensure the customer lockbox feature is enabled We have updated the names for Secure Score recommendations for the following CIS Benchmark Microsoft Defender for Cloud Apps recommendation, here is the new name: Ensure Microsoft Defender for Cloud Apps is enabled and configured We have updated the names for Secure Score recommendations for the following CIS Benchmark Microsoft Share Point Online recommendation, here is the new name: Ensure SharePoint external sharing is managed through domain whitelist/blacklists Block OneDrive for Business sync from unmanaged devices We have updated the names for Secure Score recommendations for the following CIS Benchmark Microsoft Entra ID (Azure Active Directory), here are the new names: Ensure Security Defaults is disabled on Azure Active Directory Ensure password protection is enabled for on-prem Active Directory Ensure 'LinkedIn account connections' is disabled Ensure Sign-in frequency is enabled and browser sessions are not persistent for Administrative users Ensure multifactor authentication is enabled for all users in administrative roles Ensure multifactor authentication is enabled for all users Ensure 'Privileged Identity Management' is used to manage roles Ensure that only organizationally managed/approved public groups exist Ensure Administrative accounts are separate and cloud-only Ensure the admin consent workflow is enabled Ensure third party integrated applications are not allowed Ensure 'Self service password reset enabled' is set to 'All' Enable Conditional Access policies to block legacy authentication Ensure that password hash sync is enabled for hybrid deployments Enable Azure AD Identity Protection sign-in risk policies Enable Azure AD Identity Protection user risk policies Ensure the 'Password expiration policy' is set to 'Set passwords to never expire Ensure user consent to apps accessing company data on their behalf is not allowed We have updated the names for Secure Score recommendations for the following CIS Benchmark Microsoft Exchange Online recommendation, here are the new names: Ensure modern authentication for Exchange Online is enabled Ensure MailTips are enabled for end users Ensure mailbox auditing for all users is Enabled Ensure additional storage providers are restricted in Outlook on the web Ensure 'External sharing' of calendars is not available Ensure mail transport rules do not whitelist specific domains Ensure that SPF records are published for all Exchange Domains We have updated the names for Secure Score recommendations for the following CIS Benchmark Microsoft Purview recommendation, here are the new names: Ensure DLP policies are enabled |
| 2023-08-31 | MC Last Updated | 08/10/2023 01:21:28 | 2023-08-30T22:59:02Z |
| 2023-08-31 | MC MessageTagNames | Feature update, Admin impact | Updated message, Feature update, Admin impact |
*starting April 2022
Last updated 4 months ago
