@@ -104,3 +104,7 @@ To add an `@e.email` account on /e/OS, open the account manager, add a Murena Wo
-**Change recovery email:** Update the recovery address tied to your Murena account at [Change your recovery email](/workspace/howto/change-recovery-email).
-**Referral program:** Earn cloud credits by inviting friends through the [Murena Workspace referral program](/workspace/howto/referral-program).
## Learn
-**Security:** Understand why Murena Workspace appears differently on Nextcloud’s scanner and how we keep the platform hardened at [Learn about Murena Workspace security](/workspace/learn/security).
Some users see a poor grade when running the Nextcloud security scanner against Murena Workspace. The grade reflects the baseline Nextcloud configuration the tool expects, not the unique way Murena Workspace is deployed.
Nextcloud’s scanner inspects the server version, configuration, and other security knobs. Murena Workspace intentionally differs from the vanilla recommendations (while still keeping all critical patches) to support our cloud infrastructure. As a result, the scanner may warn about minor warnings such as being one version behind, but those do not mean Murena Workspace lacks protections.
We monitor incoming traffic, apply Nextcloud’s suggested security presets, harden the underlying infrastructure, and respond to security news so the platform stays secure. The scanner now reports an A+ score, but the release cadence or temporary configuration differences can cause temporary drops even when the service remains protected.
One of our users got concerned when the Nextcloud server security check resulted in an F grade. However, this does not imply that Murena Workspace is insecure. Rather, the low Nextcloud security scan scores are due to differences in how Murena Workspace is deployed and how Nextcloud ranks servers.
### How does Nextcloud security scanner work?
The Nextcloud security scanner evaluates the security score of Nextcloud servers by checking factors like the version of Nextcloud version installed, the configuration of the server used, and some other factors. If the configuration used by a Nextcloud server is not as per the recommendations by Nextcloud, then the server's security score is reduced. As an example, one of Nextcloud's recent low security scans was because Murena Workspace was only one minor version behind and did NOT lack any major security patches. Warnings issued by Nextcloud security scanner like "likely trivial to break in" is not applicable to Murena Workspace, because of the security measures and monitoring on our infrastructure.
### Security measures deployed on Murena Workspace
We follow security news and also have automated systems in place to spot strange behavior in traffic and stop it before it can be exploited against Murena Workspace. Other small issues that are unrelated to the Murena Workspace or Nextcloud are handled at the infrastructure level as well. We follow Nextcloud's suggested security settings and other common security practices to keep Murena Workspace secure. This different configuration environment may confuse the Nextcloud security scan, leading to inaccurate scores. This indicates that Nextcloud security scan is an effective tool to test vanilla Nextcloud setups, but does not accurately reflect the security of Murena Workspace.
We are now receiving an A+ on the security scan. Nevertheless, the Nextcloud release cycle can occasionally cause a dip in the score, even when Murena Workspace is secure.
