Skip to content

Commit b0c6323

Browse files
authored
Merge branch 'main' into WI480553-update-ms-date-ms-reviewer
2 parents 3cc9648 + 3caef24 commit b0c6323

File tree

2 files changed

+6
-8
lines changed

2 files changed

+6
-8
lines changed

ATPDocs/security-assessment-unsecure-account-attributes.md

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -40,8 +40,9 @@ Use the remediation appropriate to the relevant attribute as described in the fo
4040
| Enable Kerberos AES encryption support | Enable AES features on the account properties in AD | Enabling AES128_CTS_HMAC_SHA1_96 or AES256_CTS_HMAC_SHA1_96 on the account helps prevent the use of weaker encryption ciphers for Kerberos authentication. |
4141
| Remove Use Kerberos DES encryption types for this account | Remove this setting from account properties in AD | Removing this setting enables the use of stronger encryption algorithms for the account's password. |
4242
| Remove a Service Principal Name (SPN) | Remove this setting from account properties in AD | When a user account is configured with an SPN set, it means that the account has been associated with one or more SPNs. This typically occurs when a service is installed or registered to run under a specific user account, and the SPN is created to uniquely identify the service workspace for Kerberos authentication. This recommendation only showed for sensitive accounts. |
43+
|Reset password as SmartcardRequired setting was removed|Reset the account password|Changing the account's password after the SmartcardRequired UAC flag was removed ensures it was set under current security policies. This helps prevent potential exposure from passwords created when smartcard enforcement was still active.|
4344

44-
Use the **UserAccountControl** flag to manipulate user account profiles. For more information, see:
45+
Use the **UserAccountControl** (UAC) flag to manipulate user account profiles. For more information, see:
4546

4647
- [Windows Server troubleshooting](/troubleshoot/windows-server/identity/useraccountcontrol-manipulate-account-properties) documentation.
4748
- [User Properties - Account Section](/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/dd861342(v=ws.11))

CloudAppSecurityDocs/governance-actions.md

Lines changed: 4 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -85,21 +85,17 @@ The following governance actions can be taken for connected apps either on a spe
8585
- **Trash** – Move the file to the trash folder. (Box, Dropbox, Google Drive, OneDrive, SharePoint)
8686

8787
These actions are restricted to users with specific administrative roles. If the options described are not visible or accessible, please confirm with your system administrator that your account has one of the following roles assigned:
88-
- Security Operator
88+
- Security Operator
8989
- Security administrator
9090
- Global administrator
9191
- Cloud app security administrator
9292

9393
:::image type="content" source="media/governance-actions/governance-actions-dropbox-google-workspace.png" alt-text="Screenshot that shows malware governance actions." lightbox="media/governance-actions/governance-actions-dropbox-google-workspace.png":::
9494

9595
> [!NOTE]
96-
> In SharePoint and OneDrive, Defender for Cloud Apps supports user quarantine only for files in Shared Documents libraries (SharePoint Online) and files in the Documents library (OneDrive for Business).
97-
>
98-
> Microsoft Defender for Microsoft 365 customers can control detected malware files in SharePoint and OneDrive via the [Microsoft Defender XDR **Quarantine** page](https://security.microsoft.com/quarantine?viewid=Files). For example, supported activities include recovering files, deleting files, and downloading files in password-protected ZIP files. These activities are limited to files that were not already quarantined by Microsoft Defender for Cloud Apps.
99-
> In SharePoint, Defender for Cloud Apps supports quarantine tasks only for files with Shared Documents in path in English.
100-
>
96+
> In SharePoint and OneDrive, Defender for Cloud Apps supports user quarantine only for files in Shared Documents libraries and only for files with Shared Documents in path in English (SharePoint Online) and files in the Documents library (OneDrive for Business). In addition, you must [enable the service principal](/graph/api/serviceprincipal-get?view=graph-rest-1.0&tabs=http) to get Malware detection and response support (this service API is enabled by default). Once API is enabled, Defender for Cloud Apps starts getting the logs (with a delay of 24-72 hours).
97+
> Microsoft Defender for Microsoft 365 customers can control detected malware files in SharePoint and OneDrive via the [Microsoft Defender XDR ](https://security.microsoft.com/quarantine?viewid=Files)**[Quarantine](https://security.microsoft.com/quarantine?viewid=Files)**[ page](https://security.microsoft.com/quarantine?viewid=Files). For example, supported activities include recovering files, deleting files, and downloading files in password-protected ZIP files. These activities are limited to files that were not already quarantined by Microsoft Defender for Cloud Apps.
10198
> Actions will only show for connected apps.
102-
>
10399
104100
## Activity governance actions
105101

@@ -114,6 +110,7 @@ These actions are restricted to users with specific administrative roles. If the
114110
- **Governance actions in apps** - Granular actions can be enforced per app, specific actions vary depending on app terminology.
115111

116112
- **Suspend user** – Suspend the user from the application.
113+
117114
> [!NOTE]
118115
> If your Microsoft Entra ID is set to automatically sync with the users in your Active Directory on-premises environment the settings in the on-premises environment will override the Microsoft Entra settings and this governance action will be reverted.
119116

0 commit comments

Comments
 (0)