365 Multi-Tenant Manager Release on September 25th, 2025

Enhancements

The following new predefined settings have been introduced in the predefined settings library:

• HS-S0110 – Ensure browser idle sign-out is enabled
  • This setting ensures that browser idle sign-out is enabled to automatically sign users out after inactivity. When enforcement is selected, the policy displays a warning after 40 minutes and signs out users after 1 hour of inactivity.
• HS-S0111 – Ensure Spam Confidence Level is applied for Exchange Transport Rules
  • This setting ensures all mail transport rules in Exchange have a defined Spam Confidence Level (SCL); in Notify mode, it lists rules with SCL set, and in Enforce mode, it assigns the specified SCL to rules missing it.
• HS-S0112 – Ensure Anti-Phishing policy safety tips are enabled
  • Ensure safety tips for similar users, similar domains, and unusual characters are enabled in the default Anti-Phish policy to protect against impersonation attacks.
• HS-S0113 – Ensure Anti-Phishing policy protects impersonated domains and targeted users
  • Ensure the default Anti-Phishing policy is configured to protect organizational domains and targeted users, and enforce the appropriate protection actions against impersonation attempts.
• HS-S0114 – Ensure Outbound Spam Filter Policy limits for internal and external user emailing
  • Ensure outbound spam thresholds are configured to limit recipients per hour and define the action taken when thresholds are exceeded on the default outbound spam filter policy, to ensure outbound spam protection.

The following new predefined policies have been introduced in the predefined policies library:

• HS-P0045 – Ensure Windows Firewall is enabled (Private, Public, Domain)
  • This policy ensures that the Windows Firewall is enabled across all network profiles like Domain, Private, and Public on Windows devices, providing consistent protection against unauthorized access and network threats.
• HS-P0046 – Disable the built-in Administrator and Guest accounts
  • The policy ensures that the default Administrator and Guest accounts on Windows devices are disabled to reduce the risk of unauthorized access and enhance overall system security.
• HS-P0047 – Attack Surface Reduction (ASR) enhanced
  • This policy is designed to harden security on Windows 10 devices by reducing attack surfaces and preventing credential stealing, block Office communication application from creating child processes and block persistence through WMI events.
• HS-P0048 – Disable ‘Allow Basic authentication’ for WinRM Client and Service
  • Enhances security by ensuring that basic authentication is disabled for both the WinRM client and service, reducing the risk of credential exposure in clear text over the network.
• HS-P0049 – Windows Antivirus Policy
  • Enhances endpoint protection by enforcing Microsoft Defender Antivirus settings such as network protection, email scanning, behavior monitoring, and removable drive scanning on Windows devices.
• HS-P0050 – Linux Antivirus Policy
  • Enhances endpoint protection by enforcing Microsoft Defender Antivirus settings such as network protection, enable behavior monitoring, and ensure scans of archives on Linux devices.