General Security Settings
Marketing Cloud Security settings are applied to the complete cloud (all users and all BUs). These are the settings which prevents invalid accesses. For example, restricting login to locations, IPs.
Session Settings:
- Session Timeout
- Require Secure Connections (https)
- Enable Clickjacking Protection
Username and logins
- Login Expires After Inactivity
- Invalid Logins Before Lockout
- Minimum Username Length
- Restrict Logins by IP Address (IP Whitelisting)
- IP Whitelisting List Source
- Allow machines not on Whitelisted IP Addresses list access
- Identity Verification
- Business Unit Identity Verification
- Browser Verification Code Lifetime
- Time a browser can be inactive before requiring re-verification
- Do not require Identity Verification for machines inside the whitelist
- Enable Username and Password for Web Services
- Do not require Identity Verification for machines inside the whitelist
- Enable Username and Password for Web Services
Password Policies
- Minimum Password Length
- Password Complexity
- Enforce Password History
- User Passwords Expire In
- Exclude API Users From Password Expiration
- Exclude FTP Users From Password Expiration
- Send Password Change Confirmation Email
Connection Security
Connection Types
Audit Logging
Enable Audit Logging Data Collection