M365 Archive

MC681893 - Microsoft Secure Score - Changes in SSPM support

Message Center

This announcement expired on Mar 4, 2024 and is no longer active in Message Center.

Message ID

MC681893

View in Message Center

Service

Microsoft Defender XDR

Last Updated

Jan 5, 2024

Published Oct 16, 2023

Tag

Updated message
Feature update
Admin impact

More information

Updated January 5, 2024: We have updated the rollout timeline below. Thank you for your patience.

We’re updating Microsoft Secure Score improvement actions to ensure a more accurate representation of security posture.

The improvement actions listed below will be added to Microsoft Secure Score. Your score will be updated accordingly.

When this will happen:

This will begin rollout in mid-October 2023 and is expected to be complete by late January 2024 (previously late December).

How this will affect your organization:

The following new Microsoft Entra (AAD) recommendations will be added as Microsoft Secure Score improvement actions:

  • Ensure 'Phishing-resistant MFA strength' is required for administrators.
  • Ensure custom banned passwords lists are used.

The following new Microsoft Sway recommendations will be added as Microsoft Secure Score improvement actions:

  • Ensure that Sways cannot be shared with people outside of your organization

The following new Atlassian recommendations will be added as Microsoft Secure Score improvement actions:

  • Enable multi-factor authentication (MFA).
  • Enable Single Sing On (SSO).
  • Enable strong Password Policies.
  • Enable session timeout for web users.
  • Enable Password expiration policies.
  • Atlassian mobile app security - Users that are affected by policies.
  • Atlassian mobile app security - App data protection.
  • Atlassian mobile app security - App access requirement.

The following new Zendesk recommendations will be added as Microsoft Secure Score improvement actions:

  • Enable and adopt two-factor authentication (2FA).
  • Send a notification on password change for admins, agents, and end users.
  • Enable IP restrictions.
  • Block customers to bypass IP restrictions.
  • Admins and agents can use the Zendesk Support mobile app.
  • Enable Zendesk authentication.
  • Enable session timeout for users.
  • Block account assumption.
  • Block admins to set passwords.

The names, functionality and compliance conditions for Okta and DocuSign security recommendation were updated as Microsoft Secure Score improvement action.

The name of this control "Ensure Sign-in frequency is enabled and browser sessions are not persistent for Administrative users" is changed to "Ensure Sign-in frequency is enabled and browser sessions are not persistent for Administrative users".


What you need to do to prepare:

There's no action needed to prepare for this change, your score will be updated accordingly. Microsoft recommends reviewing the improvement actions listed in Microsoft Secure Score. We will continue to add suggested security improvement actions on an ongoing basis.