Coming soon: We will update a recommendation behavior in Exposure Management in the Microsoft Defender portal for better alignment with the CIS (Center of Internet Security) benchmark.
After this rollout, the recommendation Ensure sign-in frequency is enabled and browser sessions are not persistent for administrative users will grant points only when the policy is saved as On.
Before this rollout, the recommendation granted points for both Report-only and On mode.
When this will happen:
General Availability (Worldwide): We will begin rolling out mid-April 2025 and expect to complete by mid-April 2025.
How this will affect your organization:
Your score will be updated accordingly. Due to this change, your organization may lose Secure Score points.
This change will be on by default.
What you need to do to prepare:
No action is required.