Updated March 27, 2025: We have updated the rollout timeline below. Thank you for your patience.
We will be retiring certain SaaS security posture management (SSPM) recommendations from Exposure Management in the Defender portal. This update is to help ensure a more accurate representation of security posture.
When this will happen:
This will begin rollout in mid-February 2025 and is expected to be complete by mid-April 2025 (previously mid-March).
How this will affect your organization:
You are receiving this message because our reporting indicates your organization may be using this feature.
As part of our efforts to keep recommendations updated and relevant, we will be retiring the following recommendations due to either low security value or change of settings in the applications.
Recommendations names:
- AAD: Ensure that collaboration invitations are sent to allowed domains only
- EXO: Ensure notifications for internal users sending malware is enabled
- EXO: Audit Exchange online Organization Sharing
- Defender for Office: Ensure that DKIM is enabled for all Exchange Online Domains
- Purview: Ensure external domains are not allowed in Skype or Teams
- SPO: Guests must sign in using the same account to which sharing invitations are sent
- Intune: Ensure devices lock after a period of inactivity to prevent unauthorized access
- Intune: Ensure mobile device management policies are required for email profiles – iOS/iPadOS only
- Intune: Ensure mobile device management policies are set to require advanced security configurations
- Intune: Ensure mobile devices are set to wipe on multiple sign-in failures to prevent brute force compromise
- Intune: Ensure mobile devices require the use of a password
- Intune: Ensure that devices connecting have AV and a local firewall enabled
- Intune: Ensure that mobile device encryption is enabled to prevent unauthorized access to mobile data
- Intune: Ensure that mobile device password reuse is prohibited
- Intune: Ensure that mobile devices are set to never expire passwords
- Intune: Ensure that mobile devices require a minimum password length to prevent brute force attacks
- Intune: Ensure that mobile devices require complex passwords (Simple Passwords = Blocked)
- Intune: Ensure that mobile devices require complex passwords (Type = Alphanumeric)
- Intune: Ensure that users cannot connect from devices that are jail broken or rooted
- Defender for Cloud Apps: Create an OAuth app policy to notify you about new OAuth applications
- Defender for Cloud Apps: Create an app discovery policy to identify new and trending cloud apps in your org
- Defender for Cloud Apps: Create a custom activity policy to get alerts about suspicious usage patterns
What you need to do to prepare:
There’s no action needed to prepare for this change. Your score will be updated accordingly.