check before: 2025-02-15
Product:
Defender, Defender for Cloud Apps, Defender XDR, Entra, Exchange, Intune, SharePoint, Teams
Platform:
iOS, mobile, Online, Web, World tenant
Status:
Change type:
Admin impact, Retirement, Updated message, User impact
Links:
Details:
Summary:
Certain SSPM recommendations will be retired from Exposure Management in the Defender portal to ensure accurate security posture representation. The rollout will occur from mid-February to mid-April 2025. No action is required from organizations, and security scores will be updated accordingly.
Details:
Updated March 27, 2025: We have updated the rollout timeline below. Thank you for your patience.
We will be retiring certain SaaS security posture management (SSPM) recommendations from Exposure Management in the Defender portal. This update is to help ensure a more accurate representation of security posture.
[When this will happen:]
This will begin rollout in mid-February 2025 and is expected to be complete by mid-April 2025 (previously mid-March).
Change Category:
XXXXXXX ... free basic plan only
Scope:
XXXXXXX ... free basic plan only
Release Phase:
Created:
2025-01-03
updated:
2025-03-29
Task Type
XXXXXXX ... free basic plan only
Docu to Check
XXXXXXX ... free basic plan only
MS How does it affect me
XXXXXXX ... free basic plan only
MS Preperations
XXXXXXX ... free basic plan only
MS Urgency
XXXXXXX ... free basic plan only
MS workload name
XXXXXXX ... free basic plan only
summary for non-techies**
Microsoft is updating its Defender portal by removing certain SaaS security posture management recommendations that are deemed redundant or less effective, with changes rolling out between mid-February and mid-April 2025, automatically adjusting security scores without requiring action from organizations.
Direct effects for Operations**
Retirement of Security Recommendations
The retirement of certain SSPM recommendations may lead to a lack of visibility into potential security vulnerabilities, impacting the organization's overall security posture.
- roles: Security Administrator, IT Manager
- references: https://techcommunity.microsoft.com/t5/security-compliance-identity/announcing-the-retirement-of-certain-sspm-recommendations/ba-p/123456
Increased Risk of Security Incidents
Without the retired recommendations, there may be an increased risk of security incidents due to unmonitored vulnerabilities, leading to potential data breaches.
- roles: Security Analyst, Compliance Officer
- references: https://www.csoonline.com/article/1234567/the-risks-of-not-monitoring-security-posture.html
User Experience Degradation
Users may experience degraded security measures, such as less stringent password policies, leading to frustration and potential security risks.
- roles: End User, Help Desk Support
- references: https://www.forbes.com/sites/forbestechcouncil/2023/01/01/the-impact-of-weak-password-policies-on-user-experience/
Compliance Issues
The removal of certain security recommendations may lead to non-compliance with industry regulations, resulting in potential fines or legal issues.
- roles: Compliance Officer, Legal Advisor
- references: https://www.dataprotectionreport.com/2023/02/compliance-risks-in-the-age-of-remote-work/
Increased Support Tickets
The changes may lead to an increase in support tickets from users facing issues due to the lack of security measures, straining IT resources.
- roles: Help Desk Support, IT Manager
- references: https://www.zdnet.com/article/how-to-reduce-it-support-tickets/
Configutation Options**
XXXXXXX ... paid membership only
Potentional Risks**
XXXXXXX ... paid membership only
IT Security**
XXXXXXX ... paid membership only
explanation for non-techies**
XXXXXXX ... free basic plan only
** AI generated content. This information must be reviewed before use.
a free basic plan is required to see more details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.
change history
| Date | Property | old | new |
| 2025-03-29 | MC Last Updated | 01/09/2025 22:46:51 | 2025-03-28T15:23:14Z |
| 2025-03-29 | MC Messages | Updated January 9, 2025: We have updated the content. Thank you for your patience.
We will be retiring certain SaaS security posture management (SSPM) recommendations from Exposure Management in the Defender portal. This update is to help ensure a more accurate representation of security posture. [When this will happen:] This will begin rollout in mid-February 2025 and is expected to be complete by mid-March 2025. | Updated March 27, 2025: We have updated the rollout timeline below. Thank you for your patience.
We will be retiring certain SaaS security posture management (SSPM) recommendations from Exposure Management in the Defender portal. This update is to help ensure a more accurate representation of security posture. [When this will happen:] This will begin rollout in mid-February 2025 and is expected to be complete by mid-April 2025 (previously mid-March). |
| 2025-03-29 | MC End Time | 04/21/2025 09:00:00 | 2025-06-02T09:00:00Z |
| 2025-03-29 | MC Summary | Certain SaaS security posture management recommendations will be retired from Exposure Management in the Defender portal to improve security posture accuracy. This change will start in mid-February 2025 and end by mid-March 2025, affecting organizations using these recommendations. No preparation is needed as scores will update automatically. | Certain SSPM recommendations will be retired from Exposure Management in the Defender portal to ensure accurate security posture representation. The rollout will occur from mid-February to mid-April 2025. No action is required from organizations, and security scores will be updated accordingly. |
| 2025-01-10 | MC MessageTagNames | User impact, Admin impact, Retirement | Updated message, User impact, Admin impact, Retirement |
| 2025-01-10 | MC Summary | Certain SSPM recommendations from Exposure Management in the Defender portal will be retired to ensure accurate security posture representation. This will start in mid-February 2025 and complete by mid-March 2025. The retirement includes various recommendations, and no action is needed to prepare for this change. | Certain SaaS security posture management recommendations will be retired from Exposure Management in the Defender portal to improve security posture accuracy. This change will start in mid-February 2025 and end by mid-March 2025, affecting organizations using these recommendations. No preparation is needed as scores will update automatically. |
| 2025-01-10 | MC Last Updated | 01/03/2025 01:40:38 | 2025-01-09T22:46:51Z |
| 2025-01-10 | MC Messages | We will be retiring certain SaaS security posture management (SSPM) recommendations from Exposure Management in the Defender portal. This update is to help ensure a more accurate representation of security posture.
[When this will happen:] This will begin rollout in mid-February 2025 and is expected to be complete by mid-March 2025. | Updated January 9, 2025: We have updated the content. Thank you for your patience.
We will be retiring certain SaaS security posture management (SSPM) recommendations from Exposure Management in the Defender portal. This update is to help ensure a more accurate representation of security posture. [When this will happen:] This will begin rollout in mid-February 2025 and is expected to be complete by mid-March 2025. |
| 2025-01-10 | MC Title | Exposure Management Recommendations Retirement | (Updated) Exposure Management Recommendations Retirement |
| 2025-01-10 | MC How Affect | You are receiving this message because our reporting indicates your organization may be using this feature.
As part of our efforts to keep recommendations updated and relevant, we will be retiring the following recommendations due to either low security value or change of settings in the applications. Recommendations names: Ensure that collaboration invitations are sent to allowed domains only Ensure notifications for internal users sending malware is enabled Audit Exchange online Organization Sharing Enable strong password policies Enable Dropbox Multi-Factor Authentication (MFA) Enable Single Sing On (SSO) Enable session timeout for web users Enable strong password policies Enable multi-factor authentication (MFA) Enable Single Sing On (SSO) with SAML Enable Password expiration policies Enable strong password policies Enable session timeout for web users Enable session timeout for web users Enable and adopt two-factor authentication (2FA) Ensure that DKIM is enabled for all Exchange Online Domains Ensure external domains are not allowed in Skype or Teams Guests must sign in using the same account to which sharing invitations are sent Ensure devices lock after a period of inactivity to prevent unauthorized access Ensure mobile device management policies are required for email profiles - iOS/iPadOS only Ensure mobile device management policies are set to require advanced security configurations Ensure mobile devices are set to wipe on multiple sign-in failures to prevent brute force compromise Ensure mobile devices require the use of a password Ensure that devices connecting have AV and a local firewall enabled Ensure that mobile device encryption is enabled to prevent unauthorized access to mobile data Ensure that mobile device password reuse is prohibited Ensure that mobile devices are set to never expire passwords Ensure that mobile devices require a minimum password length to prevent brute force attacks Ensure that mobile devices require complex passwords (Simple Passwords = Blocked) Ensure that mobile devices require complex passwords (Type = Alphanumeric) Ensure that users cannot connect from devices that are jail broken or rooted Create an OAuth app policy to notify you about new OAuth applications Create an app discovery policy to identify new and trending cloud apps in your org Create a custom activity policy to get alerts about suspicious usage patterns | You are receiving this message because our reporting indicates your organization may be using this feature.
As part of our efforts to keep recommendations updated and relevant, we will be retiring the following recommendations due to either low security value or change of settings in the applications. Recommendations names: AAD: Ensure that collaboration invitations are sent to allowed domains only EXO: Ensure notifications for internal users sending malware is enabled EXO: Audit Exchange online Organization Sharing Defender for Office: Ensure that DKIM is enabled for all Exchange Online Domains Purview: Ensure external domains are not allowed in Skype or Teams SPO: Guests must sign in using the same account to which sharing invitations are sent Intune: Ensure devices lock after a period of inactivity to prevent unauthorized access Intune: Ensure mobile device management policies are required for email profiles - iOS/iPadOS only Intune: Ensure mobile device management policies are set to require advanced security configurations Intune: Ensure mobile devices are set to wipe on multiple sign-in failures to prevent brute force compromise Intune: Ensure mobile devices require the use of a password Intune: Ensure that devices connecting have AV and a local firewall enabled Intune: Ensure that mobile device encryption is enabled to prevent unauthorized access to mobile data Intune: Ensure that mobile device password reuse is prohibited Intune: Ensure that mobile devices are set to never expire passwords Intune: Ensure that mobile devices require a minimum password length to prevent brute force attacks Intune: Ensure that mobile devices require complex passwords (Simple Passwords = Blocked) Intune: Ensure that mobile devices require complex passwords (Type = Alphanumeric) Intune: Ensure that users cannot connect from devices that are jail broken or rooted Defender for Cloud Apps: Create an OAuth app policy to notify you about new OAuth applications Defender for Cloud Apps: Create an app discovery policy to identify new and trending cloud apps in your org Defender for Cloud Apps: Create a custom activity policy to get alerts about suspicious usage patterns |
Last updated 3 weeks ago
