Jeff Sun,
As I had already shared the tenant ID and few controls here is entire list for which score is not getting updated after 48 hours
Below are the controls for which we made 48 hours back and still we are not compliant i.e. score has not changed:
- Require mobile devices to use alphanumeric password.
- Review blocked devices report weekly
- Activate mobile device management services
- Require mobile devices to use encryption
- Require mobile devices to lock if inactive
- Require mobile devices to manage email profile
- Require mobile devices to have minimum password length
- Require mobile devices to never expire passwords
- Require mobile devices to use a password
- Reduce mobile device password re-use
- Require mobile devices to block access and report policy violations
- Block jail broken or rooted mobile devices from connecting
- Do not allow simple passwords on mobile devices
- Require mobile devices to wipe on multiple sign-in failures
- Activate Information Rights Management (IRM) services
- Do not use mail forwarding rules to external domains
- Review malware detections report weekly
- Use non-global administrative roles
- Set up Office 365 ATP Safe Attachments
- Set up Office 365 ATP Safe Links to verify URLs
- Enable self-service password reset
- Set up versioning on SharePoint online document libraries
- Set outbound spam notifications
Microsoft