The ArcGIS Online Security Advisor has been updated.
This July 2020 release focuses on integrating with ArcGIS Enterprise to further expedite identification of HTTP references and best practices.
Now ArcGIS Enterprise users can connect to and use the Advisor to scan and get advice on settings and content.
Before a connection is allowed, the ArcGIS Enterprise Admin will need to register the Advisor to create an App ID.
Recent Advisor releases included:
Improved Single Sign-On (SSO) integration with AGO.
- The Advisor will use its existing sign-in when accessing AGO or ArcGIS Enterprise.
HTTP Check enhancements:
- Editor support added for these item types: Dashboard, Hub Site, Classic Story Map, Story Map, Web AppBuilder, Experience Builder, Web Map, Web Scene
- Increased Search result maximum to 10,000.
- Added exclusion lists to prevent “Keys” & “URLs” from being reported as having an http:// url.
- Organization members (non-Admins) can log in and use the HTTP Check.
Public Survey123 Check: Quickly discover and update the editing session of surveys are:
- Surveys that are Public – meaning anyone can answer them
- Associated with layers that have query capabilities
This is important because Public surveys are designed to collect information anonymously and to not enable public sharing of survey findings and results before the results are analyzed and interpreted by the survey owner. Survey layers with the query capability improperly configured can be accessed anonymously and queried, which may expose information in unintended ways.
For more information regarding this topic, including complete documentation for managing survey settings, please review the “Discovering and Securely Configuring Public Survey Results” document found in the documents tab in the ArcGIS Trust Center.
Publicly Shared Items: Leverages the existing search and sharing filter within the ArcGIS Organization. This will open a connection back into your ArcGIS content and show all of the items that are publicly shared.
Preparing for ArcGIS Online HTTPS Only
If you have any questions, please reach out to the Software Security & Privacy Team at firstname.lastname@example.org
– Esri Software Security & Privacy Team