Merge pull request #3286 from anchawl/patch-9

Nov updates to secure score

microsoft-365/security/mtp/microsoft-secure-score-whats-coming.md

@@ -33,11 +33,29 @@ Removing the ability to create ServiceNow tickets through Secure Score by going
 
 - The preview period for the ServiceNow connector is ending. This capability will no longer available by the end of 2020. Thank you for your feedback and continued support while we determine next steps.
 
-### October 2020
+Adding 18 improvement actions related to Microsoft Defender for Endpoint (previously Microsoft Defender ATP):
 
-Remove improvement action related to Microsoft Defender Advanced Threat Protection:
+Attack Surface Reduction (ASR) related recommendations:
+- Block executable content from email client and webmail
+- Block all Office applications from creating child processes
+- Block Office applications from creating executable content
+- Block Office applications from injecting code into other processes
+- Block JavaScript or VBScript from launching downloaded executable content
+- Block execution of potentially obfuscated scripts
+- Block Win32 API calls from Office macros
+- Block executable files from running unless they meet a prevalence, age, or trusted list criterion
+- Use advanced protection against ransomware
+- Block credential stealing from the Windows local security authority subsystem (lsass.exe)
+- Block process creations originating from PSExec and WMI commands
+- Block untrusted and unsigned processes that run from USB
+- Block Office communication application from creating child processes
+- Block Adobe Reader from creating child processes
+- Block persistence through WMI event subscription
 
-- Set Microsoft Defender SmartScreen Windows Store app web content checking to warn
+Services related recommendations:
+- Fix unquoted service path for Windows services
+- Change service executable path to a common protected location
+- Change service account to avoid cached password in windows registry
 
 ## Related resources