Forum Discussion
Brandon Koeller
Microsoft
MicrosoftAnnouncement: Office 365 Secure Score Released to Public Preview
Microsoft is pleased to announce the preview availability of a new security analytics service called the Office 365 Secure Score. The Secure Score is a security analytics tool that will help you unde...
Another issue with Secure Score.
"You should require that all of your users reset their password at least every 60 days"
This is no longer current best practice where strong passphrases and 2FA are used since more rapid enforced change of passwords leads to the use of weaker ones.
Hey Julian,
Thanks for the feedback. We 100% agree, and have been working on 'flipping' this control to award points for /not/ setting a password expiration policy. Microsoft and NIST both recently released research that supports this change on our policies. Thanks again for the feedback!
As Per Microsoft's Recommendation: https://www.microsoft.com/en-us/research/wp-content/uploads/2016/06/Microsoft_Password_Guidance-1.pdf
And updated NIST standards: https://pages.nist.gov/800-63-3/sp800-63-3.html
Brandon Koeller
Thanks for the feedback. We 100% agree, and have been working on 'flipping' this control to award points for /not/ setting a password expiration policy. Microsoft and NIST both recently released research that supports this change on our policies. Thanks again for the feedback!
As Per Microsoft's Recommendation: https://www.microsoft.com/en-us/research/wp-content/uploads/2016/06/Microsoft_Password_Guidance-1.pdf
And updated NIST standards: https://pages.nist.gov/800-63-3/sp800-63-3.html
Brandon Koeller
That password recommendations document contains a lot of good info. Can you get it copied from the Research org over into some public places, such as docs.microsoft.com and support.office.com?
- Hey Dean! I'll ask! Thanks, Brandon
