Forum Discussion
Secure Score
We are updating Microsoft Secure Score improvement actions to ensure a more accurate representation of security posture.
When this will happen:
Rollout will begin in mid-July (previously mid-June) and is expected to be complete by late July (previously late June).
How this will affect your organization:
The following Microsoft Defender for Identity recommendations will be added as Microsoft Secure S
Score improvement actions:
Remove the attribute 'password never expires' from accounts in your domain
Remove access rights on suspicious accounts with the Admin SDHolder permission
Manage accounts with passwords more than 180 days old
Remove local admins on identity assets
Remove non-admin accounts with DCSync permissions
Start your Defender for Identity deployment, installing Sensors on Domain Controllers and other eligible servers
- It will be great if you reconsider this action "Remove the attribute 'password never expires' from accounts in your domain" to add on MS Score.
After all, current recommendations are against enforcing a password expiration timeout because users will continue to repeat the pattern over and over again.
https://learn.microsoft.com/en-us/microsoft-365/admin/misc/password-policy-recommendations?view=o365-worldwide RioHindle - They need to add more information regarding the improvement action "Remove access rights on suspicious accounts with the Admin SDHolder permission? All sites appear to have this action triggered as NOT COMPLETED but it displays "Users affected​ - No data to show" and under "Exposed Entities" it is blank with a line at the bottom displaying:
{ISPM_REPORT_SUSPICIOUS_ADMIN_SD_HOLDER_USERS_TABLE_EMPTY_PLACEHOLDER}
- is it possible to adjust the number of days in the manage accounts with passwords more than ...
thanks
