Security Recommendations
Actionable security recommendations to improve your Microsoft 365 security posture across all managed tenants. OpsPilot365 analyzes tenant configurations against Microsoft best practices, CIS benchmarks, and industry standards to surface prioritized improvement actions.
Note: Recommendations are generated by analyzing tenant configurations against Microsoft Secure Score guidance, CIS Microsoft 365 Benchmark controls, and OpsPilot365 best practices. Recommendations update automatically as configurations change, with new checks added as Microsoft introduces new security features.
Recommendations Overview
Summary of pending security recommendations across all managed tenants.
- 87 — Total Recommendations (across 14 tenants)
- 12 — Critical (immediate action needed)
- 28 — High Priority (address within 7 days)
- 234 — Implemented (completed this month)
Recommendation Categories
Recommendations are organized by security domain for systematic improvement.
Identity & Access (5 critical)
- MFA enforcement
- Conditional access policies
- Privileged account protection
- Password policies
- Guest access controls
Data Protection (8 high priority)
- DLP policies
- Sensitivity labels
- External sharing settings
- Information barriers
- Encryption settings
Email Security (3 critical)
- Anti-phishing policies
- DMARC/DKIM/SPF configuration
- Safe attachments
- Safe links
- Mail flow rules
Device Security (6 high priority)
- Compliance policies
- Conditional access for devices
- BitLocker/encryption
- App protection policies
- Windows Update rings
Threat Protection (4 critical)
- Defender for Office 365
- Attack simulation training
- Alert policies
- Automated investigation
- Threat intelligence
Audit & Compliance (12 moderate)
- Audit log retention
- eDiscovery settings
- Retention policies
- Communication compliance
- Insider risk management
Critical Recommendations
These recommendations address the most significant security risks and should be implemented as soon as possible.
Enable MFA for All Admin Accounts
3 tenants have admin accounts without multi-factor authentication. Admin accounts are high-value targets and should always require MFA.
- Affected tenants: 3
- Accounts: 7
- Score impact: +15 points
Configure DMARC Records
5 tenant domains lack DMARC DNS records. Without DMARC, attackers can spoof email from your domains, increasing phishing risk for partners and customers.
- Affected tenants: 5
- Domains: 8
- Score impact: +10 points
Disable Legacy Authentication Protocols
Legacy authentication protocols (POP3, IMAP, SMTP AUTH) bypass MFA. Block legacy auth via conditional access policies to prevent credential-based attacks.
- Affected tenants: 8
- Active sessions: 23
- Score impact: +12 points
Recommendation Details
Each recommendation includes detailed information to help you understand and implement the suggested change.
Recommendation Card Contents
- Severity: Critical, High, Medium, Low
- Category: Identity, Data, Email, Device, Threat, Audit
- Affected Tenants: List of impacted tenants
- Score Impact: Points added to Secure Score
- Implementation Guide: Step-by-step instructions
- Risk Assessment: What happens if not implemented
Available Actions
- Fix Now — Apply the recommendation directly through OpsPilot365 automation. Available for supported configurations.
- View Guide — Step-by-step implementation guide for manual changes requiring additional setup or testing.
- Dismiss — Mark as not applicable with a reason. Dismissed recommendations are tracked separately for audit purposes.
- Snooze — Defer for 7, 30, or 90 days. The recommendation will reappear after the snooze period.
Recommendation List
Browse and filter all recommendations with sorting and search.
Filter options: All Tenants, All Severities (Critical, High, Medium, Low), All Categories (Identity & Access, Data Protection, Email Security, Device Security, Threat Protection, Audit & Compliance), All Status (Open, In Progress, Dismissed, Snoozed).
| Severity | Recommendation | Category | Tenants | Score Impact |
|---|---|---|---|---|
| Critical | Enable MFA for all admin accounts | Identity | 3 | +15 |
| Critical | Configure DMARC records | 5 | +10 | |
| High | Enable Safe Attachments for all users | 4 | +8 | |
| High | Create DLP policies for sensitive data | Data | 8 | +6 |
| Medium | Enable unified audit logging | Audit | 2 | +4 |
Implementation Tracking
Track progress on implementing recommendations across your managed tenants.
Progress by Category
- Identity & Access: 78%
- Data Protection: 62%
- Email Security: 85%
- Device Security: 54%
- Threat Protection: 71%
Monthly Trend
- Recommendations resolved: +34 this month
- New recommendations: +8 this month
- Average resolution time: 4.2 days
- Score improvement: +47 points
- Dismissed: 6 (with justification)
Automated Remediation
Some recommendations can be automatically applied through OpsPilot365 without manual intervention.
Auto-fixable
- Enable/disable tenant settings
- Apply conditional access policies
- Configure MFA requirements
- Set password policies
- Enable audit logging
- Configure mail authentication (SPF/DKIM)
Requires Manual Steps
- DNS record changes (DMARC)
- Third-party integrations
- User training programs
- Custom DLP policies
- Complex conditional access rules
- Certificate-based authentication setup
API Reference
GET /api/security/recommendations— List all recommendationsPOST /api/security/recommendations/{id}/apply— Apply a recommendation
List recommendations request body:
{
"tenantIds": ["tenant-1", "tenant-2"],
"severity": ["critical", "high"],
"category": "identity",
"status": "open"
}Apply recommendation request body:
{
"tenantIds": ["tenant-1"],
"dryRun": false,
"notifyAdmins": true
}