MC906488 - Microsoft Defender for Office 365: Microsoft Secure Score recommendation update for Spam confidence level

Service

Microsoft Defender XDR

Published

Oct 7, 2024

Tag

Feature update
Admin impact

Summary

The Microsoft Secure Score recommendation for Spam confidence level (SCL) in Microsoft Defender for Office 365 will be updated. Post-update, the recommendation will only trigger if a transport rule explicitly sets SCL to -1. The rollout will start in early November 2024 and complete by early December 2024, potentially increasing the Secure Score for some organizations. No admin action is required before the rollout.

More information

Before this rollout: Microsoft Defender for Office 365 | Microsoft Secure Score triggers the recommendation Ensure Spam confidence level (SCL) is configured in mail transport rules with specific domains in organizations with transport rules that use condition on sender domains even when not explicitly using SetSCL. The intent of the recommendation is to only flag rules that bypass spam filtering by setting SCL to -1.

After this rollout, this recommendation will only appear if the organization has transport rule specifically set SCL to -1. The recommendation will not appear when using rules that do not set SCL (where SCL is null).

When this will happen:

General Availability (Worldwide, GCC): We will begin rolling out early November 2024 and expect to complete by early December 2024.

How this will affect your organization:

After this rollout, the Secure Score for your organization should be automatically fixed. For some organizations, the rollout may result in a slight increase in the Secure Score because the recommendation might not be generated.

Click path: Go to Defender > Exposure management > Secure Score > Recommended actions > Ensure Spam confidence level (SCL) is configured in mail transport rules with specific domains

This change is on by default.

What you need to do to prepare:

This rollout will happen automatically by the specified date with no admin action required before the rollout. Review your current configuration to determine the impact for your organization. You may want to notify your users about this change and update any relevant documentation.