Managed ISPM

RE: Security Controls > Between two and four Global Administrators are designated (ispm/security_controls/127473) This control is reported as non-compliant for M365 tenants we manage using a JIT privilege escalation process. Our process removes all global admin role assignments from managed tenants until they are needed and the escalation request is logged. I recommend updating this control definition to allow tenants with zero Global Administrators to report as compliant for Partners that maintain this specific security posture.

The security controls for Auth methods will show as not compliant if the tenant is using EAM e.g. Cisco Duo. Can we detect and automatically add an exclusion or handle this in a smarter way?

We currently use Office Protect ( https://office-protect.com ) and one of it's stand-out features is the ability to automatically generate transport rules that prepend a warning banner to incoming emails when the display name of the sender matches that of a user within O365. This feature alone has prevented many phishing attacks from going past the initial email stage, as users see the prepended warning and are immediately wary.