Chat with us, powered by LiveChat

365 Multi-Tenant Manager – Release July 14, 2026

Enhancements

The following new predefined settings have been introduced in the predefined settings library:

  • HS-S0127 – Ensure users cannot create security groups
    • Restricts users from creating security groups in Microsoft Entra ID.
  • HS-S0128 – Ensure the ability to join devices to Entra is restricted
    • Controls who can join devices to Microsoft Entra ID.
  • HS-S0129 – Ensure the maximum number of devices per user is limited
    • Limits how many devices each user can register in Microsoft Entra ID.
  • HS-S0130 – Ensure the GA role is not added as a local administrator during Entra join
    • Prevents the Global Administrator role from being automatically granted local administrator rights during device join.
  • HS-S0131 – Ensure local administrator assignment is limited during Entra join
    • Restricts which users receive local administrator permissions when devices join Entra ID.
  • HS-S0132 – Ensure Local Administrator Password Solution is enabled
    • Ensures Microsoft Local Administrator Password Solution (LAPS) is enabled to better protect local admin credentials.
  • HS-S0133 – Ensure users are restricted from recovering BitLocker keys
    • Restricts non-authorized users from recovering BitLocker keys.
  • HS-S0134 – Ensure Direct Send submissions are rejected
    • Prevents Direct Send email submissions where this configuration should not be allowed.
  • HS-S0135 – Ensure devices without a compliance policy are marked ‘not compliant’
    • Ensures devices without an assigned compliance policy are treated as non-compliant.
  • HS-S0136 – Ensure ‘Access reviews’ for Guest Users are configured
    • Helps ensure guest user access is regularly reviewed.
  • HS-S0137 – Ensure the admin consent workflow is enabled
    • Ensures the admin consent workflow is active for application permission requests.
  • HS-S0138 – Ensure system-preferred multifactor authentication is enabled
    • Enables Microsoft’s system-preferred MFA method selection.
  • HS-S0139 – Ensure the organisation cannot communicate with accounts in trial Teams tenants
    • Blocks communication with accounts hosted in trial Microsoft Teams tenants.

The following new predefined policies have been introduced in the predefined policies library:

  • HS-P0101 – Ensure a managed device is required to register security information
    • Requires users to use a managed device when registering security information.
  • HS-P0102 – Ensure sign-in frequency for Intune Enrollment is set to ‘Every time’
    • Requires users to re-authenticate each time they enroll a device with Microsoft Intune.

The following new predefined templates have been introduced in the templates library:

  • CIS M365 v5.0 Template – Introduces a new predefined template containing the newly supported CIS Microsoft 365 Benchmark v5.0 content.
  • CIS M365 v6.0 Template – Introduces a new predefined template containing the newly supported CIS Microsoft 365 Benchmark v6.0 content.

Improvements

  • Fixed an issue where the Identity screen incorrectly showed users as non-compliant.

Check other releases