Microsoft Secure Score will add a new Defender for Identity recommendation, "Prevent Certificate Enrollment with arbitrary Application Policies (ESC15)", to improve security posture. Public Preview begins mid-November 2024, with General Availability starting late November 2024. No action is required for preparation.
We’re updating Microsoft Secure Score improvement actions to ensure a more accurate representation of security posture. A new Microsoft Defender for Identity posture recommendation will be added: "Prevent Certificate Enrollment with arbitrary Application Policies (ESC15)".
Your score will be updated accordingly.
When this will happen:
Public Preview: We will begin rolling out mid-November 2024 and expect to complete by mid-December 2024.
General Availability (Worldwide, GCC, GCC High, DoD): We will begin rolling out late November 2024 and expect to complete by mid-December 2024.
Please note that in order to provide the recommendation as quickly as possible, it will be introduced to your environment at the earliest opportunity rather than on the regular monthly schedule.
How this will affect your organization:
We are adding a new Microsoft Defender for Identity posture recommendation that will be added as Microsoft Secure Score improvement actions: "Prevent Certificate Enrollment with arbitrary Application Policies (ESC15)".
This new security posture report is related to Active Directory Certificate Services (AD CS) that analyze the configurations of different AD CS components and guide remediation, if necessary.
This update is available by default.
What you need to do to prepare:
There's no action needed to prepare for this change. Your score will be updated accordingly. Microsoft recommends reviewing the improvement actions listed in Microsoft Secure Score. We will continue to add suggested security improvement actions on an ongoing basis.