Microsoft Secure Score – Changes in SSPM support

Originally posted by Microsoft Oct 17, 2023 Uncategorized 0 Comments

We’re updating Microsoft Secure Score improvement actions to ensure a more accurate representation of security posture.

The improvement actions listed below will be added to Microsoft Secure Score. Your score will be updated accordingly.

When this will happen:

This will begin rollout in mid-October 2023 and is expected to be complete by late mid-November 2023.

How this will affect your organization:

The following new Microsoft Entra (AAD) recommendations will be added as Microsoft Secure Score improvement actions:

  • Ensure ‘Phishing-resistant MFA strength’ is required for administrators.
  • Ensure custom banned passwords lists are used.

The following new Microsoft Sway recommendations will be added as Microsoft Secure Score improvement actions:

  • Ensure that Sways cannot be shared with people outside of your organization

The following new Atlassian recommendations will be added as Microsoft Secure Score improvement actions:

  • Enable multi-factor authentication (MFA).
  • Enable Single Sing On (SSO).
  • Enable strong Password Policies.
  • Enable session timeout for web users.
  • Enable Password expiration policies.
  • Atlassian mobile app security – Users that are affected by policies.
  • Atlassian mobile app security – App data protection.
  • Atlassian mobile app security – App access requirement.

The following new Zendesk recommendations will be added as Microsoft Secure Score improvement actions:

The names, functionality and compliance conditions for Okta and DocuSign security recommendation were updated as Microsoft Secure Score improvement action.

What you need to do to prepare:

  • Enable and adopt two-factor authentication (2FA).
  • Send a notification on password change for admins, agents, and end users.
  • Enable IP restrictions.
  • Block customers to bypass IP restrictions.
  • Admins and agents can use the Zendesk Support mobile app.
  • Enable Zendesk authentication.
  • Enable session timeout for users.
  • Block account assumption.
  • Block admins to set passwords.

The name of this control “Ensure Sign-in frequency is enabled and browser sessions are not persistent for Administrative users” is changed to “Ensure Sign-in frequency is enabled and browser sessions are not persistent for Administrative users”.

There’s no action needed to prepare for this change, your score will be updated accordingly. Microsoft recommends reviewing the improvement actions listed in Microsoft Secure Score. We will continue to add suggested security improvement actions on an ongoing basis.

Message ID: MC681893

No comments yet

Leave a Reply

Joao Ferreira

I've been working with Microsoft Technologies over the last ten years, mainly focused on creating collaboration and productivity solutions that drive the adoption of Microsoft Modern Workplace.

%d bloggers like this: