Managed ISPM

It would be really great to have a set of managed and policy/configuration assessments in ISPM specific for ACSC Essential 8. This would be a huge selling point for Australian customers.

I ran into an interesting situation with one of my clients. for the 2 to 4 Global admins control, it's not detecting if a user has the Global Admin role assigned via a security group. This also might be worth building a detection for, because someone could assign themselves a Global admin role using a security group and not be detected.

List Inbound and Outbound Connectors

Will there be any plans to let us configure the default settings to meet our needs instead of the predefined defaults. For example, instead of account lockout after 10 password failures, setting the default to 5 failures.

RE: Security Controls > Between two and four Global Administrators are designated (ispm/security_controls/127473) This control is reported as non-compliant for M365 tenants we manage using a JIT privilege escalation process. Our process removes all global admin role assignments from managed tenants until they are needed and the escalation request is logged. I recommend updating this control definition to allow tenants with zero Global Administrators to report as compliant for Partners that maintain this specific security posture.

We currently use Office Protect ( https://office-protect.com ) and one of it's stand-out features is the ability to automatically generate transport rules that prepend a warning banner to incoming emails when the display name of the sender matches that of a user within O365. This feature alone has prevented many phishing attacks from going past the initial email stage, as users see the prepended warning and are immediately wary.

The security controls for Auth methods will show as not compliant if the tenant is using EAM e.g. Cisco Duo. Can we detect and automatically add an exclusion or handle this in a smarter way?