Microsoft Secure Score recommendations- accuracy improvements

Originally posted by Microsoft Jan 8, 2024 Uncategorized 0 Comments

Due to recent accuracy improvements implemented this month, certain customers may notice a modification in specific scores.

When this will happen:

Available now

How this affects your organization:

Customers may notice a modification in the scores of the following Microsoft Defender for Identity recommendations:

  • Turn on Safe Attachments in block mode
  • Ensure Safe Attachments policy is enabled
  • Create Safe Links policies for email messages
  • Ensure Safe Links for Office Applications is Enabled
  • Ensure that an anti-phishing policy has been created
  • Enable impersonated domain protection
  • Ensure that mailbox intelligence is enabled
  • Move messages that are detected as impersonated users by mailbox intelligence
  • Ensure that intelligence for impersonation protection is enabled
  • Set the phishing email level threshold at 2 or higher
  • Enable the domain impersonation safety tip
  • Enable the user impersonation safety tip
  • Quarantine messages that are detected from impersonated domains
  • Quarantine messages that are detected from impersonated users
  • Enable impersonated user protection
  • Enable the user impersonation unusual characters safety tip
  • Ensure the Common Attachment Types Filter is enabled
  • Create zero-hour auto purge policies for malware
  • Ensure that no sender domains are allowed for anti-spam policies
  • Set action to take on bulk spam detection
  • Set the email bulk complaint level (BCL) threshold to be 6 or lower
  • Set action to take on high confidence phishing detection
  • Set action to take on high confidence spam detection
  • Set action to take on phishing detection
  • Retain spam in quarantine for 30 days
  • Set action to take on spam detection
  • Create zero-hour auto purge policies for phishing messages
  • Create zero-hour auto purge policies for spam messages
  • Set automatic email forwarding rules to be system controlled
  • Ensure all forms of mail forwarding are blocked and/or disabled
  • Set maximum number of external recipients that a user can email per hour
  • Set maximum number of internal recipients that a user can send to within an hour
  • Set a daily message limit
  • Ensure Exchange Online Spam Policies are set to notify administrators
  • Block users who reached the message limit

What you need to do to prepare:

Be aware of these accuracy improvements and review scores as appropriate.

Message ID: MC704191

No comments yet

Leave a Reply

Joao Ferreira

I've been working with Microsoft Technologies over the last ten years, mainly focused on creating collaboration and productivity solutions that drive the adoption of Microsoft Modern Workplace.

%d bloggers like this: