check before: 2024-11-01
Product:
Defender, Defender for Office 365, Defender XDR
Platform:
Online, US Instances, World tenant
Status:
Change type:
Feature update, Admin impact
Links:
Details:
Summary:
The Microsoft Secure Score recommendation for Spam confidence level (SCL) in Microsoft Defender for Office 365 will be updated. Post-update, the recommendation will only trigger if a transport rule explicitly sets SCL to -1. The rollout will start in early November 2024 and complete by early December 2024, potentially increasing the Secure Score for some organizations. No admin action is required before the rollout.
Details:
Before this rollout: Microsoft Defender for Office 365 | Microsoft Secure Score triggers the recommendation Ensure Spam confidence level (SCL) is configured in mail transport rules with specific domains in organizations with transport rules that use condition on sender domains even when not explicitly using SetSCL. The intent of the recommendation is to only flag rules that bypass spam filtering by setting SCL to -1.
After this rollout, this recommendation will only appear if the organization has transport rule specifically set SCL to -1. The recommendation will not appear when using rules that do not set SCL (where SCL is null).
[When this will happen:]
General Availability (Worldwide, GCC): We will begin rolling out early November 2024 and expect to complete by early December 2024.
Change Category:
XXXXXXX ... free basic plan only
Scope:
XXXXXXX ... free basic plan only
Release Phase:
Created:
2024-10-08
updated:
2024-10-08
Task Type
XXXXXXX ... free basic plan only
Docu to Check
XXXXXXX ... free basic plan only
MS How does it affect me
XXXXXXX ... free basic plan only
MS Preperations
XXXXXXX ... free basic plan only
MS Urgency
XXXXXXX ... free basic plan only
MS workload name
XXXXXXX ... free basic plan only
summary for non-techies**
XXXXXXX ... free basic plan only
Direct effects for Operations**
Change in Spam Confidence Level Recommendations
Post-update, the recommendation for configuring Spam confidence level (SCL) will only trigger if SCL is explicitly set to -1, potentially leading to confusion among users who may not understand why certain recommendations are no longer appearing.
- roles: IT Administrators, End Users
- references: https://learn.microsoft.com/defender-xdr/microsoft-secure-score
Impact on Secure Score Metrics
The update may result in a slight increase in the Secure Score for some organizations, which could mislead users into thinking their security posture has improved without any actual changes to their configurations.
- roles: IT Administrators, Security Analysts
- references: https://learn.microsoft.com/defender-xdr/microsoft-secure-score
Configutation Options**
XXXXXXX ... paid membership only
IT Security**
XXXXXXX ... paid membership only
explanation for non-techies**
Imagine your email system as a large office building with a security team responsible for keeping unwanted visitors out. In this analogy, Microsoft Defender for Office 365 acts as the security team, and the Spam Confidence Level (SCL) is like a security badge system that helps identify who should be allowed in and who should be kept out.
Currently, the security team has a rule that if anyone shows up with a specific badge (SCL set to -1), they are automatically allowed into the building without further checks. This can be risky because it might let in some unwanted visitors who managed to get hold of that badge.
The upcoming change is like updating the security policy so that the security team only raises a concern if they find a rule that explicitly allows someone in with this special badge (SCL set to -1). If no such rule exists, the security team won't worry about it. This means that the system will only focus on potential security risks that are explicitly defined, rather than worrying about every possible scenario.
For organizations, this update might result in a slight increase in their security score, which is like receiving a better safety rating for your building because the security team is now focusing on the most relevant threats. This change will happen automatically, so there's no need for any manual adjustments. However, it's a good idea to review your current security setup to understand how this might affect your organization and to inform your team about the change.
** AI generated content. This information must be reviewed before use.
a free basic plan is required to see more details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.
Last updated 1 month ago