MC971037 – (Updated) Exposure Management Recommendations Retirement

Microsoft Exchange Logo

check before: 2025-02-15

Product:

Defender, Defender for Cloud Apps, Defender XDR, Entra, Exchange, Intune, SharePoint, Teams

Platform:

iOS, mobile, Online, Web, World tenant

Status:

Change type:

Admin impact, Retirement, Updated message, User impact

Links:

Details:

Summary:
Certain SaaS security posture management recommendations will be retired from Exposure Management in the Defender portal to improve security posture accuracy. This change will start in mid-February 2025 and end by mid-March 2025, affecting organizations using these recommendations. No preparation is needed as scores will update automatically.

Details:
Updated January 9, 2025: We have updated the content. Thank you for your patience.
We will be retiring certain SaaS security posture management (SSPM) recommendations from Exposure Management in the Defender portal. This update is to help ensure a more accurate representation of security posture.
[When this will happen:]
This will begin rollout in mid-February 2025 and is expected to be complete by mid-March 2025.

Change Category:
XXXXXXX ... free basic plan only

Scope:
XXXXXXX ... free basic plan only

Release Phase:

Created:
2025-01-03

updated:
2025-01-10

Task Type

XXXXXXX ... free basic plan only

Docu to Check

XXXXXXX ... free basic plan only

MS How does it affect me

XXXXXXX ... free basic plan only

MS Preperations

XXXXXXX ... free basic plan only

MS Urgency

XXXXXXX ... free basic plan only

MS workload name

XXXXXXX ... free basic plan only

summary for non-techies**

Microsoft is updating its Defender portal by retiring certain security recommendations between mid-February and mid-March 2025, as they are now redundant or provide low security value, and this change will automatically adjust organizations' security scores without requiring any action from users.

Direct effects for Operations**

Loss of Security Recommendations
Retirement of certain SaaS security posture management recommendations may lead to gaps in security coverage, increasing vulnerability to threats.
   - roles: Security Administrator, IT Manager
   - references: https://techcommunity.microsoft.com/t5/security-compliance-identity/announcing-the-retirement-of-some-saas-security-posture/ba-p/3741230

User Experience Degradation
Users may experience a decline in security measures, leading to potential unauthorized access and data breaches, affecting overall user trust.
   - roles: End User, Compliance Officer
   - references: https://www.csoonline.com/article/3531230/the-impact-of-security-breach-on-user-experience.html

Increased Risk of Data Breaches
With the removal of certain security recommendations, there is a heightened risk of data breaches, which can lead to loss of sensitive information.
   - roles: Data Protection Officer, IT Security Analyst
   - references: https://www.forbes.com/sites/bernardmarr/2021/06/14/the-impact-of-data-breach-on-businesses-and-customers/

Compliance Issues
Organizations may face compliance challenges due to the lack of certain security recommendations, potentially leading to legal repercussions.
   - roles: Compliance Officer, Legal Advisor
   - references: https://www.dataprotectionreport.com/2021/05/the-importance-of-compliance-in-data-protection/

Operational Disruption
The removal of security recommendations may disrupt operational workflows, as users may need to adapt to new security protocols or face increased security incidents.
   - roles: Operations Manager, IT Support Specialist
   - references: https://www.ibm.com/security/data-breach

Configutation Options**

XXXXXXX ... paid membership only

Potentional Risks**

XXXXXXX ... paid membership only

IT Security**

XXXXXXX ... paid membership only

explanation for non-techies**

XXXXXXX ... free basic plan only

** AI generated content. This information must be reviewed before use.

a free basic plan is required to see more details. Sign up here


A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.



change history

DatePropertyoldnew
2025-01-10MC MessageTagNamesUser impact, Admin impact, RetirementUpdated message, User impact, Admin impact, Retirement
2025-01-10MC SummaryCertain SSPM recommendations from Exposure Management in the Defender portal will be retired to ensure accurate security posture representation. This will start in mid-February 2025 and complete by mid-March 2025. The retirement includes various recommendations, and no action is needed to prepare for this change.Certain SaaS security posture management recommendations will be retired from Exposure Management in the Defender portal to improve security posture accuracy. This change will start in mid-February 2025 and end by mid-March 2025, affecting organizations using these recommendations. No preparation is needed as scores will update automatically.
2025-01-10MC Last Updated01/03/2025 01:40:382025-01-09T22:46:51Z
2025-01-10MC MessagesWe will be retiring certain SaaS security posture management (SSPM) recommendations from Exposure Management in the Defender portal. This update is to help ensure a more accurate representation of security posture.
[When this will happen:]
This will begin rollout in mid-February 2025 and is expected to be complete by mid-March 2025.
Updated January 9, 2025: We have updated the content. Thank you for your patience.
We will be retiring certain SaaS security posture management (SSPM) recommendations from Exposure Management in the Defender portal. This update is to help ensure a more accurate representation of security posture.
[When this will happen:]
This will begin rollout in mid-February 2025 and is expected to be complete by mid-March 2025.
2025-01-10MC TitleExposure Management Recommendations Retirement(Updated) Exposure Management Recommendations Retirement
2025-01-10MC How AffectYou are receiving this message because our reporting indicates your organization may be using this feature.
As part of our efforts to keep recommendations updated and relevant, we will be retiring the following recommendations due to either low security value or change of settings in the applications.
Recommendations names:
Ensure that collaboration invitations are sent to allowed domains only
Ensure notifications for internal users sending malware is enabled
Audit Exchange online Organization Sharing
Enable strong password policies
Enable Dropbox Multi-Factor Authentication (MFA)
Enable Single Sing On (SSO)
Enable session timeout for web users
Enable strong password policies
Enable multi-factor authentication (MFA)
Enable Single Sing On (SSO) with SAML
Enable Password expiration policies
Enable strong password policies
Enable session timeout for web users
Enable session timeout for web users
Enable and adopt two-factor authentication (2FA)
Ensure that DKIM is enabled for all Exchange Online Domains
Ensure external domains are not allowed in Skype or Teams
Guests must sign in using the same account to which sharing invitations are sent
Ensure devices lock after a period of inactivity to prevent unauthorized access
Ensure mobile device management policies are required for email profiles - iOS/iPadOS only
Ensure mobile device management policies are set to require advanced security configurations
Ensure mobile devices are set to wipe on multiple sign-in failures to prevent brute force compromise
Ensure mobile devices require the use of a password
Ensure that devices connecting have AV and a local firewall enabled
Ensure that mobile device encryption is enabled to prevent unauthorized access to mobile data
Ensure that mobile device password reuse is prohibited
Ensure that mobile devices are set to never expire passwords
Ensure that mobile devices require a minimum password length to prevent brute force attacks
Ensure that mobile devices require complex passwords (Simple Passwords = Blocked)
Ensure that mobile devices require complex passwords (Type = Alphanumeric)
Ensure that users cannot connect from devices that are jail broken or rooted
Create an OAuth app policy to notify you about new OAuth applications
Create an app discovery policy to identify new and trending cloud apps in your org
Create a custom activity policy to get alerts about suspicious usage patterns
You are receiving this message because our reporting indicates your organization may be using this feature.
As part of our efforts to keep recommendations updated and relevant, we will be retiring the following recommendations due to either low security value or change of settings in the applications.
Recommendations names:
AAD: Ensure that collaboration invitations are sent to allowed domains only
EXO: Ensure notifications for internal users sending malware is enabled
EXO: Audit Exchange online Organization Sharing
Defender for Office: Ensure that DKIM is enabled for all Exchange Online Domains
Purview: Ensure external domains are not allowed in Skype or Teams
SPO: Guests must sign in using the same account to which sharing invitations are sent
Intune: Ensure devices lock after a period of inactivity to prevent unauthorized access
Intune: Ensure mobile device management policies are required for email profiles - iOS/iPadOS only
Intune: Ensure mobile device management policies are set to require advanced security configurations
Intune: Ensure mobile devices are set to wipe on multiple sign-in failures to prevent brute force compromise
Intune: Ensure mobile devices require the use of a password
Intune: Ensure that devices connecting have AV and a local firewall enabled
Intune: Ensure that mobile device encryption is enabled to prevent unauthorized access to mobile data
Intune: Ensure that mobile device password reuse is prohibited
Intune: Ensure that mobile devices are set to never expire passwords
Intune: Ensure that mobile devices require a minimum password length to prevent brute force attacks
Intune: Ensure that mobile devices require complex passwords (Simple Passwords = Blocked)
Intune: Ensure that mobile devices require complex passwords (Type = Alphanumeric)
Intune: Ensure that users cannot connect from devices that are jail broken or rooted
Defender for Cloud Apps: Create an OAuth app policy to notify you about new OAuth applications
Defender for Cloud Apps: Create an app discovery policy to identify new and trending cloud apps in your org
Defender for Cloud Apps: Create a custom activity policy to get alerts about suspicious usage patterns

Last updated 2 weeks ago

Share to MS Teams

Login to your account

Welcome Back, We Missed You!