Microsoft
MicrosoftIt would be swell if these recommendations were an order of magnitude smarter. This kind of thing has been an issue since inception, but just one example is that the recommendation dings you for: "Sign out inactive users in SharePoint Online", (https://learn.microsoft.com/en-us/sharepoint/sign-out-inactive-users) even if "Idle session timeout for Microsoft 365" is enabled, which makes this setting irrelevant:
If you've set up idle session timeout policies for https://support.microsoft.com/topic/description-of-the-activity-based-authentication-timeout-for-owa-in-office-365-0c101e1b-020e-69c1-a0b0-26532d60c0a4 and https://learn.microsoft.com/en-us/sharepoint/sign-out-inactive-users, turning on idle session timeout in the Microsoft 365 admin center will override the Outlook web app and SharePoint settings.
ref: https://learn.microsoft.com/en-US/microsoft-365/admin/manage/idle-session-timeout-web-apps?view=o365-worldwide&WT.mc_id=365AdminCSH_inproduct
The whole point of these recommendations is to save customers from the mountain of documentation, yet they don't even incorporate the rules themselves.
Other examples include incorrect / no parsing of MFA configurations and misleading advice for what you can do at a given license level (e.g. creating an app discovery policy, even if you're not licensed to actually discover apps.)
