Microsoft 365 Message Center Archive

MC971037 - Exposure Management Recommendations Retirement

Message ID

MC971037

View in Message Center

Service

Microsoft Defender XDR

Last Updated

Mar 28, 2025

Published Jan 3, 2025

Tag

Major change
Updated message
User impact
Admin impact
Retirement

Summary

Certain SSPM recommendations will be retired from Exposure Management in the Defender portal to ensure accurate security posture representation. The rollout will occur from mid-February to mid-April 2025. No action is required from organizations, and security scores will be updated accordingly.

More information

Updated March 27, 2025: We have updated the rollout timeline below. Thank you for your patience.

We will be retiring certain SaaS security posture management (SSPM) recommendations from Exposure Management in the Defender portal. This update is to help ensure a more accurate representation of security posture.

When this will happen:

This will begin rollout in mid-February 2025 and is expected to be complete by mid-April 2025 (previously mid-March).

How this will affect your organization:

You are receiving this message because our reporting indicates your organization may be using this feature.

As part of our efforts to keep recommendations updated and relevant, we will be retiring the following recommendations due to either low security value or change of settings in the applications.

Recommendations names:

  • AAD: Ensure that collaboration invitations are sent to allowed domains only
  • EXO: Ensure notifications for internal users sending malware is enabled
  • EXO: Audit Exchange online Organization Sharing
  • Defender for Office: Ensure that DKIM is enabled for all Exchange Online Domains
  • Purview: Ensure external domains are not allowed in Skype or Teams
  • SPO: Guests must sign in using the same account to which sharing invitations are sent
  • Intune: Ensure devices lock after a period of inactivity to prevent unauthorized access
  • Intune: Ensure mobile device management policies are required for email profiles - iOS/iPadOS only
  • Intune: Ensure mobile device management policies are set to require advanced security configurations
  • Intune: Ensure mobile devices are set to wipe on multiple sign-in failures to prevent brute force compromise
  • Intune: Ensure mobile devices require the use of a password
  • Intune: Ensure that devices connecting have AV and a local firewall enabled
  • Intune: Ensure that mobile device encryption is enabled to prevent unauthorized access to mobile data
  • Intune: Ensure that mobile device password reuse is prohibited
  • Intune: Ensure that mobile devices are set to never expire passwords
  • Intune: Ensure that mobile devices require a minimum password length to prevent brute force attacks
  • Intune: Ensure that mobile devices require complex passwords (Simple Passwords = Blocked)
  • Intune: Ensure that mobile devices require complex passwords (Type = Alphanumeric)
  • Intune: Ensure that users cannot connect from devices that are jail broken or rooted
  • Defender for Cloud Apps: Create an OAuth app policy to notify you about new OAuth applications
  • Defender for Cloud Apps: Create an app discovery policy to identify new and trending cloud apps in your org
  • Defender for Cloud Apps: Create a custom activity policy to get alerts about suspicious usage patterns

What you need to do to prepare:

There's no action needed to prepare for this change. Your score will be updated accordingly.