check before: 2024-09-15
Product:
Defender, Defender for Endpoint, Defender XDR
Platform:
Online, US Instances, World tenant
Status:
Change type:
Feature update, Admin impact
Links:
Details:
Summary:
Microsoft is updating the Microsoft Secure Score in Defender for Endpoint to better reflect security posture, removing the recommendation SCID-84 for Local Admin password management. The change will occur from mid-September to mid-October 2024, with no action required from admins.
Details:
We're updating the Microsoft Secure Score improvement action of Microsoft Defender for Endpoint (MDE) to ensure a more accurate representation of security posture.
As part of this update, we will gradually withdraw the MDE recommendation on SCID-84 Enable Local Admin password management.
We are working to refine the recommendation, ensuring it aligns more accurately with recommended policies and enhances the overall security value.
[When this will happen:]
General Availability (Worldwide, GCC, GCC High, DoD): We will begin rolling out in mid-September 2024 and expect to complete by mid-October 2024.
Change Category:
XXXXXXX ... free basic plan only
Scope:
XXXXXXX ... free basic plan only
Release Phase:
Created:
2024-09-05
updated:
2024-09-05
Task Type
XXXXXXX ... free basic plan only
Docu to Check
XXXXXXX ... free basic plan only
MS How does it affect me
XXXXXXX ... free basic plan only
MS Preperations
XXXXXXX ... free basic plan only
MS Urgency
XXXXXXX ... free basic plan only
MS workload name
XXXXXXX ... free basic plan only
Direct effects for Operations**
Removal of Local Admin Password Management Recommendation
The removal of the recommendation may lead to a lack of awareness regarding local admin password management, potentially increasing security risks if users do not implement alternative measures.
- roles: IT Security Manager, System Administrator
- references: https://techcommunity.microsoft.com/t5/security-compliance-and-identity-blog/microsoft-defender-for-endpoint-removing-a-recommendation-to/ba-p/3851230
Changes in Microsoft Secure Score Representation
The change in the Secure Score may confuse users who rely on this metric for assessing their security posture, leading to misinterpretation of their security status.
- roles: IT Security Analyst, Compliance Officer
- references: https://techcommunity.microsoft.com/t5/security-compliance-and-identity-blog/microsoft-defender-for-endpoint-removing-a-recommendation-to/ba-p/3851230
Configutation Options**
Disable Local Admin Password Management Recommendation
To restrict the visibility of the Local Admin password management recommendation in Microsoft Secure Score, you can disable the recommendation if it is still applicable in your environment.
- technical instructions: 1. Navigate to the Microsoft 365 Defender portal. 2. Go to 'Settings' > 'Endpoints' > 'Advanced features'. 3. Locate the 'Local Admin Password Management' setting and toggle it off if available.
- references: https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/local-admin-password-management?view=o365-worldwide
Update Documentation for Secure Score Changes
As the recommendation SCID-84 will be removed, it is essential to update any internal documentation or user guides to reflect this change.
- technical instructions: 1. Review existing documentation related to Microsoft Secure Score and Local Admin password management. 2. Remove references to SCID-84 and update any related security policies. 3. Communicate the changes to relevant stakeholders.
- references: https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/microsoft-secure-score?view=o365-worldwide
IT Security**
XXXXXXX ... paid membership only
** AI generated content. This information must be reviewed before use.
a free basic plan is required to see more details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.