check before: 2025-02-15
Product:
Defender, Defender for Cloud Apps, Defender XDR, Entra, Exchange, Intune, SharePoint, Teams
Platform:
iOS, mobile, Online, Web, World tenant
Status:
Change type:
Admin impact, Retirement, Updated message, User impact
Links:
Details:
Summary:
Certain SaaS security posture management recommendations will be retired from Exposure Management in the Defender portal to improve security posture accuracy. This change will start in mid-February 2025 and end by mid-March 2025, affecting organizations using these recommendations. No preparation is needed as scores will update automatically.
Details:
Updated January 9, 2025: We have updated the content. Thank you for your patience.
We will be retiring certain SaaS security posture management (SSPM) recommendations from Exposure Management in the Defender portal. This update is to help ensure a more accurate representation of security posture.
[When this will happen:]
This will begin rollout in mid-February 2025 and is expected to be complete by mid-March 2025.
Change Category:
XXXXXXX ... free basic plan only
Scope:
XXXXXXX ... free basic plan only
Release Phase:
Created:
2025-01-03
updated:
2025-01-10
Task Type
XXXXXXX ... free basic plan only
Docu to Check
XXXXXXX ... free basic plan only
MS How does it affect me
XXXXXXX ... free basic plan only
MS Preperations
XXXXXXX ... free basic plan only
MS Urgency
XXXXXXX ... free basic plan only
MS workload name
XXXXXXX ... free basic plan only
summary for non-techies**
Microsoft is updating its Defender portal by retiring certain security recommendations between mid-February and mid-March 2025, as they are now redundant or provide low security value, and this change will automatically adjust organizations' security scores without requiring any action from users.
Direct effects for Operations**
Loss of Security Recommendations
Retirement of certain SaaS security posture management recommendations may lead to gaps in security coverage, increasing vulnerability to threats.
- roles: Security Administrator, IT Manager
- references: https://techcommunity.microsoft.com/t5/security-compliance-identity/announcing-the-retirement-of-some-saas-security-posture/ba-p/3741230
User Experience Degradation
Users may experience a decline in security measures, leading to potential unauthorized access and data breaches, affecting overall user trust.
- roles: End User, Compliance Officer
- references: https://www.csoonline.com/article/3531230/the-impact-of-security-breach-on-user-experience.html
Increased Risk of Data Breaches
With the removal of certain security recommendations, there is a heightened risk of data breaches, which can lead to loss of sensitive information.
- roles: Data Protection Officer, IT Security Analyst
- references: https://www.forbes.com/sites/bernardmarr/2021/06/14/the-impact-of-data-breach-on-businesses-and-customers/
Compliance Issues
Organizations may face compliance challenges due to the lack of certain security recommendations, potentially leading to legal repercussions.
- roles: Compliance Officer, Legal Advisor
- references: https://www.dataprotectionreport.com/2021/05/the-importance-of-compliance-in-data-protection/
Operational Disruption
The removal of security recommendations may disrupt operational workflows, as users may need to adapt to new security protocols or face increased security incidents.
- roles: Operations Manager, IT Support Specialist
- references: https://www.ibm.com/security/data-breach
Configutation Options**
XXXXXXX ... paid membership only
Potentional Risks**
XXXXXXX ... paid membership only
IT Security**
XXXXXXX ... paid membership only
explanation for non-techies**
XXXXXXX ... free basic plan only
** AI generated content. This information must be reviewed before use.
a free basic plan is required to see more details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.
change history
Date | Property | old | new |
2025-01-10 | MC MessageTagNames | User impact, Admin impact, Retirement | Updated message, User impact, Admin impact, Retirement |
2025-01-10 | MC Summary | Certain SSPM recommendations from Exposure Management in the Defender portal will be retired to ensure accurate security posture representation. This will start in mid-February 2025 and complete by mid-March 2025. The retirement includes various recommendations, and no action is needed to prepare for this change. | Certain SaaS security posture management recommendations will be retired from Exposure Management in the Defender portal to improve security posture accuracy. This change will start in mid-February 2025 and end by mid-March 2025, affecting organizations using these recommendations. No preparation is needed as scores will update automatically. |
2025-01-10 | MC Last Updated | 01/03/2025 01:40:38 | 2025-01-09T22:46:51Z |
2025-01-10 | MC Messages | We will be retiring certain SaaS security posture management (SSPM) recommendations from Exposure Management in the Defender portal. This update is to help ensure a more accurate representation of security posture.
[When this will happen:] This will begin rollout in mid-February 2025 and is expected to be complete by mid-March 2025. | Updated January 9, 2025: We have updated the content. Thank you for your patience.
We will be retiring certain SaaS security posture management (SSPM) recommendations from Exposure Management in the Defender portal. This update is to help ensure a more accurate representation of security posture. [When this will happen:] This will begin rollout in mid-February 2025 and is expected to be complete by mid-March 2025. |
2025-01-10 | MC Title | Exposure Management Recommendations Retirement | (Updated) Exposure Management Recommendations Retirement |
2025-01-10 | MC How Affect | You are receiving this message because our reporting indicates your organization may be using this feature.
As part of our efforts to keep recommendations updated and relevant, we will be retiring the following recommendations due to either low security value or change of settings in the applications. Recommendations names: Ensure that collaboration invitations are sent to allowed domains only Ensure notifications for internal users sending malware is enabled Audit Exchange online Organization Sharing Enable strong password policies Enable Dropbox Multi-Factor Authentication (MFA) Enable Single Sing On (SSO) Enable session timeout for web users Enable strong password policies Enable multi-factor authentication (MFA) Enable Single Sing On (SSO) with SAML Enable Password expiration policies Enable strong password policies Enable session timeout for web users Enable session timeout for web users Enable and adopt two-factor authentication (2FA) Ensure that DKIM is enabled for all Exchange Online Domains Ensure external domains are not allowed in Skype or Teams Guests must sign in using the same account to which sharing invitations are sent Ensure devices lock after a period of inactivity to prevent unauthorized access Ensure mobile device management policies are required for email profiles - iOS/iPadOS only Ensure mobile device management policies are set to require advanced security configurations Ensure mobile devices are set to wipe on multiple sign-in failures to prevent brute force compromise Ensure mobile devices require the use of a password Ensure that devices connecting have AV and a local firewall enabled Ensure that mobile device encryption is enabled to prevent unauthorized access to mobile data Ensure that mobile device password reuse is prohibited Ensure that mobile devices are set to never expire passwords Ensure that mobile devices require a minimum password length to prevent brute force attacks Ensure that mobile devices require complex passwords (Simple Passwords = Blocked) Ensure that mobile devices require complex passwords (Type = Alphanumeric) Ensure that users cannot connect from devices that are jail broken or rooted Create an OAuth app policy to notify you about new OAuth applications Create an app discovery policy to identify new and trending cloud apps in your org Create a custom activity policy to get alerts about suspicious usage patterns | You are receiving this message because our reporting indicates your organization may be using this feature.
As part of our efforts to keep recommendations updated and relevant, we will be retiring the following recommendations due to either low security value or change of settings in the applications. Recommendations names: AAD: Ensure that collaboration invitations are sent to allowed domains only EXO: Ensure notifications for internal users sending malware is enabled EXO: Audit Exchange online Organization Sharing Defender for Office: Ensure that DKIM is enabled for all Exchange Online Domains Purview: Ensure external domains are not allowed in Skype or Teams SPO: Guests must sign in using the same account to which sharing invitations are sent Intune: Ensure devices lock after a period of inactivity to prevent unauthorized access Intune: Ensure mobile device management policies are required for email profiles - iOS/iPadOS only Intune: Ensure mobile device management policies are set to require advanced security configurations Intune: Ensure mobile devices are set to wipe on multiple sign-in failures to prevent brute force compromise Intune: Ensure mobile devices require the use of a password Intune: Ensure that devices connecting have AV and a local firewall enabled Intune: Ensure that mobile device encryption is enabled to prevent unauthorized access to mobile data Intune: Ensure that mobile device password reuse is prohibited Intune: Ensure that mobile devices are set to never expire passwords Intune: Ensure that mobile devices require a minimum password length to prevent brute force attacks Intune: Ensure that mobile devices require complex passwords (Simple Passwords = Blocked) Intune: Ensure that mobile devices require complex passwords (Type = Alphanumeric) Intune: Ensure that users cannot connect from devices that are jail broken or rooted Defender for Cloud Apps: Create an OAuth app policy to notify you about new OAuth applications Defender for Cloud Apps: Create an app discovery policy to identify new and trending cloud apps in your org Defender for Cloud Apps: Create a custom activity policy to get alerts about suspicious usage patterns |
Last updated 2 weeks ago