Updated November 27, 2023: We have updated the rollout timeline below. Thank you for your patience.
We’re updating Microsoft Secure Score improvement actions to ensure a more accurate representation of security posture.
The improvement actions listed below will be added to Microsoft Secure Score. Your score will be updated accordingly.
[When this will happen:]
This will begin rollout in mid-October 2023 and is expected to be complete by late December 2023 (previously mid-November).
[How this will affect your organization:]
The following new Microsoft Entra (AAD) recommendations will be added as Microsoft Secure Score improvement actions:
- Ensure ‘Phishing-resistant MFA strength’ is required for administrators.
- Ensure custom banned passwords lists are used.
The following new Microsoft Sway recommendations will be added as Microsoft Secure Score improvement actions:
- Ensure that Sways cannot be shared with people outside of your organization
The following new Atlassian recommendations will be added as Microsoft Secure Score improvement actions:
- Enable multi-factor authentication (MFA).
- Enable Single Sing On (SSO).
- Enable strong Password Policies.
- Enable session timeout for web users.
- Enable Password expiration policies.
- Atlassian mobile app security – Users that are affected by policies.
- Atlassian mobile app security – App data protection.
- Atlassian mobile app security – App access requirement.
The following new Zendesk recommendations will be added as Microsoft Secure Score improvement actions:
- Enable and adopt two-factor authentication (2FA).
- Send a notification on password change for admins, agents, and end users.
- Enable IP restrictions.
- Block customers to bypass IP restrictions.
- Admins and agents can use the Zendesk Support mobile app.
- Enable Zendesk authentication.
- Enable session timeout for users.
- Block account assumption.
- Block admins to set passwords.
The names, functionality and compliance conditions for Okta and DocuSign security recommendation were updated as Microsoft Secure Score improvement action.
The name of this control “Ensure Sign-in frequency is enabled and browser sessions are not persistent for Administrative users” is changed to “Ensure Sign-in frequency is enabled and browser sessions are not persistent for Administrative users”.
[What you need to do to prepare:]
There’s no action needed to prepare for this change, your score will be updated accordingly. Microsoft recommends reviewing the improvement actions listed in Microsoft Secure Score. We will continue to add suggested security improvement actions on an ongoing basis.
