Managed ISPM now support additional security controls to better protect Microsoft 365 organizations.
Exchange Online
Exchange controls have been expanded to include
- Ensure the Common Attachment types filter is enabled
- Ensure notifications for internal users sending malware is set to Enabled
- Ensure Exchange Online spam policies are set to notify administrators
- Ensure that SPF records are published for all Exchange domains
Microsoft Teams
The foundation for Microsoft Teams controls has been added to Managed ISPM, and today marks the first control in place. With this foundation set, you'll see us add more controls as we move toward GA on July 1.
- Communication with unmanaged Teams should be disabled
SharePoint Online
The foundation for SharePoint Online and OneDrive for Business has also been added to Managed ISPM. Today marks the first two controls in this space, adding protection to business information stored in Microsoft 365.
- Ensure Guest resharing of SharePoint and OneDrive files is set to Disabled
- Ensure Legacy authentication protocols are blocked for SharePoint and OneDrive