← Back
(Updated) Microsoft Defender for Identity: New recommendations added to Microsoft Secure Score
MC1155429 · build prod-20251231-200323
Category
stayInformed
Severity
normal
Major change
False
Last modified
2025-10-29 17:07:11
Summary source
Azure OpenAI (gpt-4.1)
Action by (Graph)
Action by (AI)
Services
Microsoft Defender XDR
Tags
Updated message, Feature update, User impact, Admin impact
Master tags
Security
Roadmap IDs

One-line summary

Microsoft Secure Score adds new improvement actions based on Defender for Identity posture recommendations for PingOne, with rollout starting November 2025 and GA in January 2026.

Similar updates

More like this
MC1179155 (Updated) Microsoft Defender for Identity: New recommendation added to Microsoft Secure Score
(Updated) Microsoft Defender for Identity: New recommendation added to Microsoft Secure Score Microsoft Secure Score adds new improvement actions based on Defender for Identity, recommending password changes for on-prem accounts with leaked credentials; rollout starts early Nov 2025. ...appen: Public Preview: Rollout begins early November.
MC1191616 Microsoft Secure Score: New recommendations for Microsoft Defender for Endpoint
Microsoft Secure Score: New recommendations for Microsoft Defender for Endpoint New Microsoft Secure Score recommendations for Defender for Endpoint will roll out in public preview starting late November 2025, helping block attacks and improve endpoint security. Introduction We’re introducing new Microsoft Secure Score recommendations for.
MC1192254 Microsoft Defender for Endpoint: New Microsoft Secure Score recommendations
Microsoft Defender for Endpoint: New Microsoft Secure Score recommendations New Secure Score recommendations for Defender for Endpoint will roll out in public preview at end of Dec 2025, helping admins proactively block attacks and improve endpoint security. We’re introducing new Microsoft Secure Score recommendations for Microsoft Defender for.
MC1187386 Microsoft Defender for Identity alerts transitioning to XDR-based detection platform
Microsoft Defender for Identity alerts transitioning to XDR-based detection platform Defender for Identity classic alerts will shift to the XDR detection platform starting mid-December 2025; update workflows and alert exclusions to use new XDR Detector IDs. [Introduction] Microsoft Defender for Identity classic alerts will transition to the XDR.
MC1169078 Microsoft Defender for Cloud Apps: Improvements to threat protection capabilities
Microsoft Defender for Cloud Apps: Improvements to threat protection capabilities Defender for Cloud Apps expands dynamic threat detection, replacing legacy policies with new, research-driven detections; rollout starts early November 2025 and completes by end of November. [Introduction:] To improve threat detection accuracy and responsiveness,.
MC1147387 Microsoft Defender for Office 365: Alert experience enhancements for faster triage
Microsoft Defender for Office 365: Alert experience enhancements for faster triage Defender for Office 365 will consolidate related alerts into richer, single alerts starting mid-September 2025, reducing alert fatigue and improving triage without changing detection or workflows. Introduction We’re improving the alert experience in Microsoft.

Details

Summary
Microsoft Secure Score will add new improvement actions based on Microsoft Defender for Identity recommendations for PingOne, rolling out from November 2025 to February 2026. These default-enabled actions target PingOne privileged account security, requiring no admin changes but encouraging review and monitoring by organizations with PingOne connectors.

Body (from Message Center)

Updated October 29, 2025: We have updated the timeline. Thank you for your patience.

[Introduction:]

We’re enhancing Microsoft Secure Score by introducing new improvement actions based on Microsoft Defender for Identity posture recommendations for PingOne. These updates provide a more accurate reflection of your organization’s identity security posture and help strengthen your overall security configuration.

[When this will happen:]

  • Public Preview: Rollout begins in late November 2025 (previously late October) and completes by mid-December 2025 (previously mid-November).
  • General Availability (Worldwide, GCC, GCC High, and DoD): Rollout begins in late January 2026 (previously late November 2025) and completes by late February 2026 (previously mid-December 2025).

[How this affects your organization:]

Who is affected: Tenants with a PingOne connector configured for Microsoft Defender for Identity.

What will happen:

New posture recommendations will appear in Microsoft Secure Score as improvement actions:

user settings

  • Limit the number of PingOne accounts with organization admin role
  • Assign multi-factor authentication for PingOne privileged user accounts:

    user settings

  • Change password for PingOne privileged user accounts
  • Remove stale PingOne privileged accounts
  • High number of PingOne accounts with a privileged role assigned

These recommendations are enabled by default and require no configuration changes.

[What you can do to prepare:]

  • No admin action is required before or after rollout.
  • Review your current identity configuration to assess potential impact.
  • Notify relevant administrators and update internal documentation as needed.
  • Regularly review Microsoft Secure Score to monitor and act on new improvement suggestions.

[Compliance considerations:]

No compliance considerations identified, review as appropriate for your organization.

Raw JSON (for debugging)

Expand/collapse the full payload below.
Show/hide raw 
{
  "snapshot_item": {
    "action_required_by": null,
    "ai_action_required_by": null,
    "ai_actions": [
      "Review identity configuration",
      "Notify admins",
      "Update documentation",
      "Monitor Secure Score for new suggestions"
    ],
    "ai_master_tags": [
      "Security"
    ],
    "ai_model": "gpt-4.1",
    "ai_summary": "Microsoft Secure Score adds new improvement actions based on Defender for Identity posture recommendations for PingOne, with rollout starting November 2025 and GA in January 2026.",
    "ai_topics": [
      "Defender",
      "Secure Score"
    ],
    "category": "stayInformed",
    "details_map": {
      "Summary": "Microsoft Secure Score will add new improvement actions based on Microsoft Defender for Identity recommendations for PingOne, rolling out from November 2025 to February 2026. These default-enabled actions target PingOne privileged account security, requiring no admin changes but encouraging review and monitoring by organizations with PingOne connectors."
    },
    "id": "MC1155429",
    "importance": 0,
    "is_major_change": false,
    "last_modified": "2025-10-29T17:07:11Z",
    "ms_products": [
      "Defender"
    ],
    "platforms": null,
    "roadmap_ids": [],
    "services": [
      "Microsoft Defender XDR"
    ],
    "severity": "normal",
    "tags": [
      "Updated message",
      "Feature update",
      "User impact",
      "Admin impact"
    ],
    "title": "(Updated) Microsoft Defender for Identity: New recommendations added to Microsoft Secure Score"
  }
}