Partner Login

365 Multi-Tenant Manager Release on January 15th, 2026

Written by Hornetsecurity / 15.01.2026 / 365 Multi-Tenant Manager for MSPs,Release-Notes

Enhancements

The following new predefined settings have been introduced in the predefined settings library:

  • HS-S0121 – Ensure participants agreement is required for recording and transcription in Teams meetings
    • Ensures that participants have to agree to and are notified of recordings, transcripts, and Copilot usage in Teams meetings
  • HS-S0122 – Ensure users in an organization can communicate with trial Teams tenants
    • Ensures that users in the organization are able to communicate with users from Teams subscriptions that contain only trial licenses.
  • HS-S0123 – Ensure end-to-end call and meeting encryption is allowed
    • Ensures that users are able to turn on end-to-end encryption for Teams calls and meetings.
  • HS-S0124 – Ensure Teams Cortana policy is configured properly
    • Ensures that the settings for the Cortana voice assistant in Microsoft Teams are configured properly.
  • HS-S0125 – Ensure Microsoft 365 group owners are not allowed to invite guests
    • Ensures that all Microsoft 365 group owners across the tenant are prevented from inviting or adding guest users.
  • HS-S0126 – Ensure authentication method policy settings are properly configured
    • Ensures security recommendations for authentication and reporting of suspicious activities are enabled

The following new predefined policies have been introduced in the predefined policies library:

  • HS-P0076 – Ensure Windows firewall notifications are disabled when programs are blocked on public, private, domain profile
    • Disables Windows firewall notifications from displaying when applications are blocked.
  • HS-P0077 – Ensure use of Internet Connection Sharing and Network Bridge on the DNS domain network is disabled
    • Disables administrators from enabling and configuring Internet Connection Sharing (ICS) and disables users from installing and configuring the Network Bridge on the DNS domain network.
  • HS-P0078 – Ensure WDigest authentication is disabled
    • Ensures that WDigest authentication is disabled on Windows devices, which prevents LSASS from storing plaintext passwords in memory, reducing the risk of credential theft.
  • HS-P0079 – Ensure offline access to shares is disabled
    • Ensures that Offline Files feature is disabled and users can’t work with network files offline on Windows devices
  • HS-P0080 – Ensure automatic running of Flash plugins on webpages is disabled
    • Ensures that Adobe Flash content is disabled and cannot run in Microsoft Edge.
  • HS-P0081 – Ensure UAC restrictions to local accounts on network logons are enabled
    • Ensures that UAC token filtering is applied so that local accounts don’t have administrative privileges during network logon on Windows devices.
  • HS-P0082 – Ensure domain users are required to elevate when setting a network’s location
    • Ensures that domain users have to elevate before setting a network’s location on Windows devices.
  • HS-P0083 – Ensure Local Security Authority (LSA) protection is enabled
    • Ensures that Local Security Authority (LSA) process runs as a protected process with UEFI lock, preventing untrusted code from injecting into LSASS or extracting sensitive authentication data and enforcing the configuration at the firmware level.
  • HS-P0084 – Ensure Microsoft Defender Credential Guard is enabled
    • Ensures that Microsoft Defender Credential Guard is enabled with UEFI lock, which protects derived domain credentials and prevents the configuration from being modified within Windows.
  • HS-P0085 – Ensure Microsoft Edge SmartScreen is enabled
    • Ensures that Microsoft Defender SmartScreen blocks or warns users about untrusted apps as well as downloads from malicious or unsafe websites.
  • HS-P0086 – Ensure ‘Autofill’ feature for passwords in Google Chrome and Microsoft Edge browsers is disabled
    • Ensures that users are prevented from saving new passwords, so Google Chrome and Microsoft Edge can’t remember and provide them on the next sign-in.
  • HS-P0087 – Ensure third party cookies for Microsoft Edge and Google Chrome are blocked
    • Blocks web page elements that aren’t from the domain in the address bar from setting cookies for both Microsoft Edge and Google Chrome.
  • HS-P0088 – Ensure that running background apps when Google Chrome is closed are disabled
    • Disables background mode, ensuring that Chrome closes completely with no background apps running.
  • HS-P0089 – Ensure that automatic updates are enabled and the option to enable or disable updates is hidden
    • Ensures that Office automatic updates are enabled for all Office products and hides the user interface (UI) options to enable or disable Office automatic updates from users.
  • HS-P0090 – Enable Controlled Folder Access feature
    • Enables Controlled Folder Access, preventing untrusted applications from modifying or deleting files in protected folders.
  • HS-P0091 – Configure Remote Desktop connections security level to TLS
    • The Remote Desktop session host requires all incoming RDP connections to use TLS for encryption and server authentication.
  • HS-P0092 – Ensure User Account Control is configured to automatically deny elevation requests
    • Ensures that any action by the user that requires an elevation of privilege is denied.
  • HS-P0093 – Ensure local storage of passwords and credentials is disabled
    • Disables Credential Manager from storing passwords and credentials on the computer on Windows devices.
  • HS-P0094 – Disable print spooler to accept connections
    • Disables the Print Spooler service from accepting inbound client connections to reduce attack surface and prevent unauthorized remote printing.
  • HS-P0095 – Ensure user authentication is required for remote connections with network level authentication
    • Ensures that Remote Desktop connections require Network Level Authentication, meaning users must authenticate before a remote session is established. This prevents unauthorized access and reduces exposure to remote desktop attacks.
  • HS-P0096 – Configure Domain members security options
    • Enhances domain security by enforcing strong session keys, requiring encryption or signing of secure channel communications, and ensuring regular machine account password rotations on all Windows domain-joined devices.
  • HS-P0097 – Disable insecure guest logons for SMB
    • Blocks anonymous SMB guest logins to protect devices from unsecured network access.
  • HS-P0098 – Disable enumeration of administrator accounts on elevation
    • Prevents users from viewing administrator account names during elevation prompts, reducing exposure of privileged identities.
  • HS-P0099 – Disable merging of local Microsoft Defender Firewall rules with group policy firewall rules for the Public profile
    • Enforces strict firewall control on Public networks by disabling the merging of local firewall rules. Only IT-managed Microsoft Defender Firewall rules are allowed, preventing users or software from creating unauthorized rules that could weaken security.
  • HS-P0100 – Block Personal devices from accessing resources
    • Blocks access to all organizational resources from devices marked as Personal in Intune, preventing personal devices from being used to access company data

Check other releases