Exposure Management Recommendations Retirement

Originally posted by Microsoft Jan 3, 2025 Uncategorized 0 Comments

Certain SSPM recommendations from Exposure Management in the Defender portal will be retired to ensure accurate security posture representation. This will start in mid-February 2025 and complete by mid-March 2025. The retirement includes various recommendations, and no action is needed to prepare for this change.

We will be retiring certain SaaS security posture management (SSPM) recommendations from Exposure Management in the Defender portal. This update is to help ensure a more accurate representation of security posture.

When this will happen:

This will begin rollout in mid-February 2025 and is expected to be complete by mid-March 2025.

How this will affect your organization:

You are receiving this message because our reporting indicates your organization may be using this feature.

As part of our efforts to keep recommendations updated and relevant, we will be retiring the following recommendations due to either low security value or change of settings in the applications.

Recommendations names:

  • Ensure that collaboration invitations are sent to allowed domains only
  • Ensure notifications for internal users sending malware is enabled
  • Audit Exchange online Organization Sharing
  • Enable strong password policies
  • Enable Dropbox Multi-Factor Authentication (MFA)
  • Enable Single Sing On (SSO)
  • Enable session timeout for web users
  • Enable strong password policies
  • Enable multi-factor authentication (MFA)
  • Enable Single Sing On (SSO) with SAML
  • Enable Password expiration policies
  • Enable strong password policies
  • Enable session timeout for web users
  • Enable session timeout for web users
  • Enable and adopt two-factor authentication (2FA)
  • Ensure that DKIM is enabled for all Exchange Online Domains
  • Ensure external domains are not allowed in Skype or Teams
  • Guests must sign in using the same account to which sharing invitations are sent
  • Ensure devices lock after a period of inactivity to prevent unauthorized access
  • Ensure mobile device management policies are required for email profiles – iOS/iPadOS only
  • Ensure mobile device management policies are set to require advanced security configurations
  • Ensure mobile devices are set to wipe on multiple sign-in failures to prevent brute force compromise
  • Ensure mobile devices require the use of a password
  • Ensure that devices connecting have AV and a local firewall enabled
  • Ensure that mobile device encryption is enabled to prevent unauthorized access to mobile data
  • Ensure that mobile device password reuse is prohibited
  • Ensure that mobile devices are set to never expire passwords
  • Ensure that mobile devices require a minimum password length to prevent brute force attacks
  • Ensure that mobile devices require complex passwords (Simple Passwords = Blocked)
  • Ensure that mobile devices require complex passwords (Type = Alphanumeric)
  • Ensure that users cannot connect from devices that are jail broken or rooted
  • Create an OAuth app policy to notify you about new OAuth applications
  • Create an app discovery policy to identify new and trending cloud apps in your org
  • Create a custom activity policy to get alerts about suspicious usage patterns

What you need to do to prepare:

There’s no action needed to prepare for this change. Your score will be updated accordingly.

Message ID: MC971037

Comments are closed.

Joao Ferreira

I've been working with Microsoft Technologies over the last ten years, mainly focused on creating collaboration and productivity solutions that drive the adoption of Microsoft Modern Workplace.

%d bloggers like this: