Microsoft Secure Score is adding new Improvement Actions

Originally posted by Microsoft May 10, 2023 Uncategorized 0 Comments

We’re updating Microsoft Secure Score improvement actions to ensure a more accurate representation of security posture.

We will continue to add suggested security improvement actions on an ongoing basis.

When this will happen:

This will begin rollout in mid-May and is expected to be complete by late May.

How this will affect your organization:

The following new Exchange Online recommendation will be added as Microsoft Secure Score improvement actions:

  • Ensure mail transport rules do not whitelist specific domains.

The following SharePoint new recommendations will be added as Microsoft Secure Score improvement actions:

  • Ensure modern authentication for SharePoint applications is required.
  • Ensure that external users cannot share files, folders, and sites they do not own.

The following recommendations were added last month for customers with active Microsoft Defender for Cloud Apps license:

In order to view those new controls, O365 connector in Microsoft defender for cloud apps must be toggled via the App connectors settings page.

What you need to do to prepare:

There is no action required to prepare for this change, your score will be updated accordingly. Microsoft recommends reviewing the improvement actions listed in Microsoft Secure Score.  

  • Ensure that only organizationally managed/approved public groups exist.
  • Ensure Sign-in frequency is enabled, and browser sessions are not persistent for Administrative users.
  • Ensure Administrative accounts are separate, unassigned, and cloud-only.
  • Ensure third party integrated applications are not allowed.
  • Ensure the admin consent workflow is enabled.
  • Ensure DLP policies are enabled for Microsoft Teams.
  • Ensure that SPF records are published for all Exchange Domains.
  • Ensure Microsoft Defender for Cloud Apps is Enabled.
  • Ensure mobile device management policies are set to require advanced security configurations to protect from basic internet attacks.
  • Ensure that mobile device password reuse is prohibited.
  • Ensure that mobile devices are set to never expire passwords.
  • Ensure that users cannot connect from devices that are jail broken or rooted.
  • Ensure mobile devices are set to wipe on multiple sign-in failures to prevent brute force compromise.
  • Ensure that mobile devices require a minimum password length to prevent brute force attacks.
  • Ensure devices lock after a period of inactivity to prevent unauthorized access.
  • Ensure that mobile device encryption is enabled to prevent unauthorized access to mobile data.
  • Ensure that mobile devices require complex passwords (Type = Alphanumeric).
  • Ensure that mobile devices require complex passwords (Simple Passwords = Blocked).
  • Ensure that devices connecting have AV and a local firewall enabled.
  • Ensure mobile device management policies are required for email profiles.
  • Ensure mobile devices require the use of a password.

Message ID: MC552786

No comments yet

Leave a Reply

Joao Ferreira

I've been working with Microsoft Technologies over the last ten years, mainly focused on creating collaboration and productivity solutions that drive the adoption of Microsoft Modern Workplace.

%d bloggers like this: