M365 Archive
Back to latest version
Comparing Mar 28, 2025 Jan 3, 2025 Swap

MC971037 - Exposure Management Recommendations Retirement

Message Center

Metadata at Jan 3, 2025

Message ID

MC971037

View in Message Center

Published

Jan 3, 2025

Service

Microsoft Defender XDR

Tag

Major change
User impact
Admin impact
Retirement

Metadata changes

Tags
Admin impact, Retirement, Updated message, User impactAdmin impact, Retirement, User impact
End date
Jun 2, 2025Apr 21, 2025

Body changes

removed textadded text

Updated March 27, 2025: We have updated the rollout timeline below. Thank you for your patience.

We will be retiring certain SaaS security posture management (SSPM) recommendations from Exposure Management in the Defender portal. This update is to help ensure a more accurate representation of security posture.

When this will happen:

This will begin rollout in mid-February 2025 and is expected to be complete by mid-April 2025 (previously mid-March).March 2025.

How this will affect your organization:

You are receiving this message because our reporting indicates your organization may be using this feature.

As part of our efforts to keep recommendations updated and relevant, we will be retiring the following recommendations due to either low security value or change of settings in the applications.

Recommendations names:

  • AAD: Ensure that collaboration invitations are sent to allowed domains only
  • EXO: Ensure notifications for internal users sending malware is enabled
  • EXO: Audit Exchange online Organization Sharing
  • DefenderEnable strong password policies
  • Enable Dropbox Multi-Factor Authentication (MFA)
  • Enable Single Sing On (SSO)
  • Enable session timeout for Office: web users
  • Enable strong password policies
  • Enable multi-factor authentication (MFA)
  • Enable Single Sing On (SSO) with SAML
  • Enable Password expiration policies
  • Enable strong password policies
  • Enable session timeout for web users
  • Enable session timeout for web users
  • Enable and adopt two-factor authentication (2FA)
  • Ensure that DKIM is enabled for all Exchange Online Domains
  • Purview: Ensure external domains are not allowed in Skype or Teams
  • SPO: Guests must sign in using the same account to which sharing invitations are sent
  • Intune: Ensure devices lock after a period of inactivity to prevent unauthorized access
  • Intune: Ensure mobile device management policies are required for email profiles - iOS/iPadOS only
  • Intune: Ensure mobile device management policies are set to require advanced security configurations
  • Intune: Ensure mobile devices are set to wipe on multiple sign-in failures to prevent brute force compromise
  • Intune: Ensure mobile devices require the use of a password
  • Intune: Ensure that devices connecting have AV and a local firewall enabled
  • Intune: Ensure that mobile device encryption is enabled to prevent unauthorized access to mobile data
  • Intune: Ensure that mobile device password reuse is prohibited
  • Intune: Ensure that mobile devices are set to never expire passwords
  • Intune: Ensure that mobile devices require a minimum password length to prevent brute force attacks
  • Intune: Ensure that mobile devices require complex passwords (Simple Passwords = Blocked)
  • Intune: Ensure that mobile devices require complex passwords (Type = Alphanumeric)
  • Intune: Ensure that users cannot connect from devices that are jail broken or rooted
  • Defender for Cloud Apps: Create an OAuth app policy to notify you about new OAuth applications
  • Defender for Cloud Apps: Create an app discovery policy to identify new and trending cloud apps in your org
  • Defender for Cloud Apps: Create a custom activity policy to get alerts about suspicious usage patterns

What you need to do to prepare:

There's no action needed to prepare for this change. Your score will be updated accordingly.