Add minor updates and clarify several polices in the EXO baseline document #285
Labels
baseline-document
Issues relating to the text in the baseline documents themselves
Milestone
馃挕 Summary
The are several comments in the comments matrix asking for minor updates or asking for clarifications on policies in the EXO baseline document. This issue is to bundle up these minor updates to the baseline document as they don't seem worthy of a separate issue to for investigation.
Motivation and context
This makes us go back and rewrite the original language of the EXO baselines for both clarification and updates to any implementation steps.
Implementation notes
Comments Matrix number 64 (Separate spreadsheet)
Commenter notes that PowerShell examples are being given for some but not all of the policies. They also note that it currently isn't clear why some policies provide implementation details through both the GUI and PowerShell while others only through the GUI.
Comments Matrix number 134 (Comment from adhilto)
EXO 2.1: Microsoft recommended we add the following as resources for 2.1:
Comments Matrix number 64 (Separate Spreadsheet)
EXO 2.2 The commenter notes that this baseline provides a PowerShell script to test the SPD configuration; however, we do not describe how to interpret the results of the script.
Comments Matrix number 64 (Separate Spreadsheet)
EXO 2.3 The commenter notes that the first section of the intro to this baseline true but could be misread that DKIM is providing authenticity for the sending user. They recommend making it clearer that DKIM authenticates both the sending mail server and the sending user.
Comments Matrix number 64 (Separate Spreadsheet)
EXO 2.3 The commenter notes that the first section of the intro to this baseline true but could be misread that DKIM is providing authenticity for the sending user. They recommend making it clearer that DKIM authenticates both the sending mail server and the sending user.
Comments Matrix number 64 (Separate Spreadsheet)
EXO 2.5 The commenter notes that SMTP AUTH cannot enforce MFA. They recommend we add additional guidance that should be provided that SMTP AUTH be used on a limited basis with scenarios provided where such authentication is appropriate and convey the caution that should be taken when enabling SMTP Auth.
Comments Matrix number 64 (Separate Spreadsheet)
EXO 2.9: Recommendation that we add *.iso to the list of click-to-run files that should be blocked.
Acceptance criteria
The text was updated successfully, but these errors were encountered: