Home

Duplicate machines effecting TVM Exposure Score

%3CLINGO-SUB%20id%3D%22lingo-sub-836189%22%20slang%3D%22en-US%22%3EDuplicate%20machines%20effecting%20TVM%20Exposure%20Score%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-836189%22%20slang%3D%22en-US%22%3E%3CP%3EHello%20everyone%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20recently%20being%20going%20through%20the%20security%20recommendations%20on%20machines%20to%20try%20and%20bring%20our%20exposure%20score%20down.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20realise%20that%20inactive%20machines%20are%20counted%20against%20the%20score%20because%20they%20could%20still%20exhibit%20the%20same%20configuration%20flaws%20in%20their%20dormant%20state%20which%20will%20need%20addressing.%20I%20have%20noticed%20however%2C%20that%20after%20a%20new%20instance%20of%20a%20machine%20which%20is%20now%20active%2C%20say%20after%20an%20upgrade%2C%20or%20re-image%2C%20the%20inactive%20version%20that%20still%20resides%20in%20the%20list%20due%20to%20the%20data%20retention%20policy%20is%20also%20counted%20against%20the%20exposure%20score%20too.%20The%20inactive%20machine%20contains%20the%20old%20security%20recommendations%20that%20have%20now%20been%20fixed%20by%20the%20upgrade.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECan%20MS%20allow%20us%20to%20toggle%20off%20these%20old%20machines%20if%20there%20is%20a%20newer%20version%20in%20the%20list%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAny%20help%20or%20ideas%20would%20be%20welcome.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMany%20thanks%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EJonathan%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Jonathan_Young
New Contributor

Hello everyone,

 

I have recently being going through the security recommendations on machines to try and bring our exposure score down.

 

I realise that inactive machines are counted against the score because they could still exhibit the same configuration flaws in their dormant state which will need addressing. I have noticed however, that after a new instance of a machine which is now active, say after an upgrade, or re-image, the inactive version that still resides in the list due to the data retention policy is also counted against the exposure score too. The inactive machine contains the old security recommendations that have now been fixed by the upgrade.

 

Can MS allow us to toggle off these old machines if there is a newer version in the list?

 

Any help or ideas would be welcome.

 

Many thanks

 

Jonathan

Related Conversations