Microsoft Secure Score is Adding New Improvement Actions

Originally posted by Microsoft Jun 7, 2023 Uncategorized 0 Comments

We are updating Microsoft Secure Score improvement actions to ensure a more accurate representation of security posture.

When this will happen:

Rollout will begin in mid-June 2023 and is expected to be complete by late June 2023.

How this will affect your organization:

The following Microsoft Defender for Identity recommendations will be added as Microsoft Secure Score improvement actions:

  • Recommend customers without an active workspace and reporting sensors to start the onboarding 
  • Accounts with password set to never expire
  • Suspicious accounts with Admin SDHolder permission
  • Accounts with password older than 180 days
  • Non-admin accounts with DCSync permissions
  • Local admins on identity assets

The following existing Microsoft Defender for Identity recommendations has been updated:

  • Resolve unsecure account attributes – added the ‘SPN Set’ attribute has unsecure account attribute.
  • Remove dormant accounts from sensitive groups – dormant account now defined as account who didn’t perform logon activity for more than 90 days (was 180).

The following new Microsoft Information Protection recommendation will be added as Microsoft Secure Score improvement action:

  • Ensure Microsoft 365 audit log search is enabled

The following new Exchange Online recommendation will be added as Microsoft Secure Score improvement actions:

  • Ensure modern authentication for Exchange Online is enabled
  • Ensure MailTips are enabled for end users

The following new Azure Active Directory recommendations will be added as Microsoft Secure Score improvement actions:

  • Enable multi-factor authentication (MFA)

What you need to do to prepare:

  • Ensure that password protection is enabled for Active Directory
  • Ensure that LinkedIn contact synchronization is disabled

In order to view those new controls, Office 365 connector in Microsoft defender for cloud apps must be toggled on via the App connectors settings page.

The following SharePoint new recommendations will be added as Microsoft Secure Score improvement actions:

  • Block OneDrive for Business sync from unmanaged devices
  • Ensure document sharing is being controlled by domains with whitelist or blacklist

In order to view those new controls, Office 365 connector in Microsoft defender for cloud apps must be toggled on via the App connectors settings page.

The following Google workspace recommendation will be added as Microsoft Secure Score improvement actions:

In order to view this new control, Google workspace connector in Microsoft defender for cloud apps must be configured via the App connectors settings page.

We have updated the Secure Score improvement action for the following Microsoft Defender for Office 365 recommendation:

  • Set action to take on bulk spam detection -Currently, you receive points by configuring this recommendation and choosing the action “MoveToJMF”. From today, you’ll also receive points when you choose the “Quarantine” action. 

There’s no action needed to prepare for this change, your score will be updated accordingly. Microsoft recommends reviewing the improvement actions listed in Microsoft Secure Score.

Message ID: MC574388

No comments yet

Leave a Reply

Joao Ferreira

I've been working with Microsoft Technologies over the last ten years, mainly focused on creating collaboration and productivity solutions that drive the adoption of Microsoft Modern Workplace.

%d bloggers like this: