Search

MC666625 – (Updated) Microsoft Secure Score is Adding New Improvement Actions (archived)

Microsoft Exchange Logo

check before: 2023-08-24

Product:

Azure Active Directory, Defender, Defender for Cloud Apps, Defender for Identity, Defender for Office 365, Entra, Entra ID, Exchange, LinkedIn, Microsoft 365 admin center, Microsoft 365 Apps, Microsoft 365 Defender, OneDrive, Outlook, Purview Communication Compliance, Purview Information Protection, SharePoint, Teams

Platform:

Online, Web, World tenant

Status:

Change type:

Admin impact, Feature update, Updated message

Links:

Details:

Updated August 30, 2023: We have updated the content below to show as intended. Thank you for your patience.
We’re updating Microsoft Secure Score improvement actions to ensure a more accurate representation of security posture. The improvement actions listed below will be added to Microsoft Secure Score. Your score will be updated accordingly.
[When this will happen:]

This will begin rollout in mid-August 2023 and is expected to be complete by late August 2023.

Change Category:
XXXXXXX ...

Scope:
XXXXXXX ...

Release Phase:

Created:
2023-08-10

updated:
2023-08-31

the free basic plan is required to see all details. Sign up here


A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.


changes*

DatePropertyoldnew
2023-08-31MC MessagesWe’re updating Microsoft Secure Score improvement actions to ensure a more accurate representation of security posture. The improvement actions listed below will be added to Microsoft Secure Score. Your score will be updated accordingly.
[When this will happen:]

This will begin rollout in mid-August 2023 and is expected to be complete by late August 2023.
Updated August 30, 2023: We have updated the content below to show as intended. Thank you for your patience.
We’re updating Microsoft Secure Score improvement actions to ensure a more accurate representation of security posture. The improvement actions listed below will be added to Microsoft Secure Score. Your score will be updated accordingly.
[When this will happen:]

This will begin rollout in mid-August 2023 and is expected to be complete by late August 2023.
2023-08-31MC TitleMicrosoft Secure Score is Adding New Improvement Actions(Updated) Microsoft Secure Score is Adding New Improvement Actions
2023-08-31MC How AffectThe following new Microsoft Information Protection recommendation will be added as Microsoft Secure Score improvement action:
Ensure Microsoft 365 audit log search is enabled
The following new Exchange Online recommendation will be added as Microsoft Secure Score improvement actions:
Ensure modern authentication for Exchange Online is enabled
Ensure Exchange Online Spam Policies are set to notify administrators
Ensure all forms of mail forwarding are blocked and/or disabled
Ensure MailTips are enabled for end users

Ensure mailbox auditing for all users is enabled

Ensure additional storage providers are restricted in Outlook on the web
The following new Azure Active Directory recommendations will be added as Microsoft Secure Score improvement actions:
Ensure password protection is enabled for on-prem Active Directory

Ensure 'LinkedIn account connections' is disabled

In order to view those new controls, Office 365 connector in Microsoft Defender for cloud apps must be toggled on via the App connectors settings page.
The following SharePoint new recommendations will be added as Microsoft Secure Score improvement actions:
Ensure SharePoint external sharing is managed through domain whitelist/blacklists

Block OneDrive for Business sync from unmanaged devices

In order to view those new controls, Office 365 connector in Microsoft Defender for cloud apps must be toggled on via the App connectors settings page.
The following SharePoint new recommendations will be added as Microsoft Secure Score improvement actions:

Ensure Safe Links for Office Applications is enabled

Ensure Safe Attachments policy is enabled

Ensure that an anti-phishing policy has been created
We have disabled the Secure Score improvement action for the following Microsoft Defender for Identity recommendation:
"Stop legacy protocols communication" (For accuracy reasons)
We have updated the names for Secure Score recommendations for the following CIS Benchmark Microsoft Defender for Office 365 recommendation, here are the new names:
Ensure Exchange Online Spam Policies are set to notify administrators
Ensure all forms of mail forwarding are blocked and/or disabled

Ensure Safe Links for Office Applications is enabled

Ensure Safe Attachments policy is enabled

Ensure that an anti-phishing policy has been created

Ensure the Common Attachment Types Filter is enabled

Ensure SharePoint Online Information Protection policies are set up and used

We have updated the names for Secure Score recommendations for the following CIS Benchmark Microsoft Information Protection recommendation, here are the new names:
Ensure Microsoft 365 audit log search is enabled
Ensure DLP policies are enabled for Microsoft Teams

We have updated the names for Secure Score recommendations for the following CIS Benchmark Microsoft Admin Center recommendation, here are the new names:
Ensure the customer lockbox feature is enabled
We have updated the names for Secure Score recommendations for the following CIS Benchmark Microsoft Defender for Cloud Apps recommendation, here is the new name:
Ensure Microsoft Defender for Cloud Apps is enabled and configured

We have updated the names for Secure Score recommendations for the following CIS Benchmark Microsoft Share Point Online recommendation, here is the new name:
Ensure SharePoint external sharing is managed through domain whitelist/blacklists
Block OneDrive for Business sync from unmanaged devices

We have updated the names for Secure Score recommendations for the following CIS Benchmark Microsoft Entra ID (Azure Active Directory), here are the new names:
Ensure Security Defaults is disabled on Azure Active Directory
Ensure password protection is enabled for on-prem Active Directory
Ensure 'LinkedIn account connections' is disabled
Ensure Sign-in frequency is enabled and browser sessions are not persistent for Administrative users
Ensure multifactor authentication is enabled for all users in administrative roles

Ensure multifactor authentication is enabled for all users

Ensure 'Privileged Identity Management' is used to manage roles

Ensure that only organizationally managed/approved public groups exist

Ensure Administrative accounts are separate and cloud-only

Ensure the admin consent workflow is enabled

Ensure third party integrated applications are not allowed

Ensure that between two and four global admins are designated

Ensure 'Self service password reset enabled' is set to 'All'

Enable Conditional Access policies to block legacy authentication

Ensure that password hash sync is enabled for hybrid deployments

Enable Azure AD Identity Protection sign-in risk policies

Enable Azure AD Identity Protection user risk policies

Ensure the 'Password expiration policy' is set to 'Set passwords to never expire

Ensure user consent to apps accessing company data on their behalf is not allowed

We have updated the names for Secure Score recommendations for the following CIS Benchmark Microsoft Exchange Online recommendation, here are the new names:
Ensure modern authentication for Exchange Online is enabled
Ensure MailTips are enabled for end users
Ensure mailbox auditing for all users is Enabled
Ensure additional storage providers are restricted in Outlook on the web
Ensure 'External sharing' of calendars is not available
Ensure mail transport rules do not whitelist specific domains
Ensure that SPF records are published for all Exchange Domains
We have updated the names for Secure Score recommendations for the following CIS Benchmark Microsoft Purview recommendation, here are the new names:
Ensure DLP policies are enabled
The following new Microsoft Information Protection recommendation will be added as Microsoft Secure Score improvement action:
Ensure Microsoft 365 audit log search is enabled
The following new Exchange Online recommendation will be added as Microsoft Secure Score improvement actions:
Ensure modern authentication for Exchange Online is enabled
Ensure Exchange Online Spam Policies are set to notify administrators
Ensure all forms of mail forwarding are blocked and/or disabled
Ensure MailTips are enabled for end users

Ensure mailbox auditing for all users is enabled

Ensure additional storage providers are restricted in Outlook on the web
The following new Azure Active Directory recommendations will be added as Microsoft Secure Score improvement actions:
Ensure password protection is enabled for on-prem Active Directory

Ensure 'LinkedIn account connections' is disabled

In order to view those new controls, Office 365 connector in Microsoft Defender for cloud apps must be toggled on via the App connectors settings page.
The following SharePoint new recommendations will be added as Microsoft Secure Score improvement actions:
Ensure SharePoint external sharing is managed through domain whitelist/blacklists

Block OneDrive for Business sync from unmanaged devices

In order to view those new controls, Office 365 connector in Microsoft Defender for cloud apps must be toggled on via the App connectors settings page.
The following SharePoint new recommendations will be added as Microsoft Secure Score improvement actions:

Ensure Safe Links for Office Applications is enabled

Ensure Safe Attachments policy is enabled

Ensure that an anti-phishing policy has been created
We have disabled the Secure Score improvement action for the following Microsoft Defender for Identity recommendation:
"Stop legacy protocols communication" (For accuracy reasons)
We have updated the names for Secure Score recommendations for the following CIS Benchmark Microsoft Defender for Office 365 recommendation, here are the new names:
Ensure Exchange Online Spam Policies are set to notify administrators
Ensure all forms of mail forwarding are blocked and/or disabled

Ensure Safe Links for Office Applications is enabled

Ensure Safe Attachments policy is enabled

Ensure that an anti-phishing policy has been created

Ensure the Common Attachment Types Filter is enabled

Ensure SharePoint Online Information Protection policies are set up and used

We have updated the names for Secure Score recommendations for the following CIS Benchmark Microsoft Information Protection recommendation, here are the new names:
Ensure Microsoft 365 audit log search is enabled
Ensure DLP policies are enabled for Microsoft Teams

We have updated the names for Secure Score recommendations for the following CIS Benchmark Microsoft Admin Center recommendation, here are the new names:
Ensure the customer lockbox feature is enabled
We have updated the names for Secure Score recommendations for the following CIS Benchmark Microsoft Defender for Cloud Apps recommendation, here is the new name:
Ensure Microsoft Defender for Cloud Apps is enabled and configured

We have updated the names for Secure Score recommendations for the following CIS Benchmark Microsoft Share Point Online recommendation, here is the new name:
Ensure SharePoint external sharing is managed through domain whitelist/blacklists
Block OneDrive for Business sync from unmanaged devices

We have updated the names for Secure Score recommendations for the following CIS Benchmark Microsoft Entra ID (Azure Active Directory), here are the new names:
Ensure Security Defaults is disabled on Azure Active Directory
Ensure password protection is enabled for on-prem Active Directory
Ensure 'LinkedIn account connections' is disabled
Ensure Sign-in frequency is enabled and browser sessions are not persistent for Administrative users
Ensure multifactor authentication is enabled for all users in administrative roles

Ensure multifactor authentication is enabled for all users

Ensure 'Privileged Identity Management' is used to manage roles

Ensure that only organizationally managed/approved public groups exist

Ensure Administrative accounts are separate and cloud-only

Ensure the admin consent workflow is enabled

Ensure third party integrated applications are not allowed
Ensure 'Self service password reset enabled' is set to 'All'

Enable Conditional Access policies to block legacy authentication

Ensure that password hash sync is enabled for hybrid deployments

Enable Azure AD Identity Protection sign-in risk policies

Enable Azure AD Identity Protection user risk policies

Ensure the 'Password expiration policy' is set to 'Set passwords to never expire

Ensure user consent to apps accessing company data on their behalf is not allowed

We have updated the names for Secure Score recommendations for the following CIS Benchmark Microsoft Exchange Online recommendation, here are the new names:
Ensure modern authentication for Exchange Online is enabled
Ensure MailTips are enabled for end users
Ensure mailbox auditing for all users is Enabled
Ensure additional storage providers are restricted in Outlook on the web
Ensure 'External sharing' of calendars is not available
Ensure mail transport rules do not whitelist specific domains
Ensure that SPF records are published for all Exchange Domains
We have updated the names for Secure Score recommendations for the following CIS Benchmark Microsoft Purview recommendation, here are the new names:
Ensure DLP policies are enabled
2023-08-31MC Last Updated08/10/2023 01:21:282023-08-30T22:59:02Z
2023-08-31MC MessageTagNamesFeature update, Admin impactUpdated message, Feature update, Admin impact

*starting April 2022

Last updated 6 months ago

Share to MS Teams

Login to your account

Welcome Back, We Missed You!