← Back
(Updated) Microsoft Defender for Identity: New recommendation added to Microsoft Secure Score
MC1179155 · build prod-20251231-200323
Category
stayInformed
Severity
normal
Major change
False
Last modified
2025-10-31 16:54:17
Summary source
Azure OpenAI (gpt-4.1)
Action by (Graph)
Action by (AI)
Services
Microsoft Defender XDR
Tags
Updated message, New feature, Admin impact
Master tags
Security
Roadmap IDs

One-line summary

Microsoft Secure Score adds new improvement actions based on Defender for Identity, recommending password changes for on-prem accounts with leaked credentials; rollout starts early Nov 2025.

Similar updates

More like this
MC1155429 (Updated) Microsoft Defender for Identity: New recommendations added to Microsoft Secure Score
(Updated) Microsoft Defender for Identity: New recommendations added to Microsoft Secure Score Microsoft Secure Score adds new improvement actions based on Defender for Identity posture recommendations for PingOne, with rollout starting November 2025 and GA in January 2026. Updated October 29, 2025: We have updated the timeline. [Introduction:].
MC1187386 Microsoft Defender for Identity alerts transitioning to XDR-based detection platform
Microsoft Defender for Identity alerts transitioning to XDR-based detection platform Defender for Identity classic alerts will shift to the XDR detection platform starting mid-December 2025; update workflows and alert exclusions to use new XDR Detector IDs. [Introduction] Microsoft Defender for Identity classic alerts will transition to the XDR.
MC1192254 Microsoft Defender for Endpoint: New Microsoft Secure Score recommendations
Microsoft Defender for Endpoint: New Microsoft Secure Score recommendations New Secure Score recommendations for Defender for Endpoint will roll out in public preview at end of Dec 2025, helping admins proactively block attacks and improve endpoint security. We’re introducing new Microsoft Secure Score recommendations for Microsoft Defender for.
MC1191616 Microsoft Secure Score: New recommendations for Microsoft Defender for Endpoint
Microsoft Secure Score: New recommendations for Microsoft Defender for Endpoint New Microsoft Secure Score recommendations for Defender for Endpoint will roll out in public preview starting late November 2025, helping block attacks and improve endpoint security. Introduction We’re introducing new Microsoft Secure Score recommendations for.
MC1169078 Microsoft Defender for Cloud Apps: Improvements to threat protection capabilities
Microsoft Defender for Cloud Apps: Improvements to threat protection capabilities Defender for Cloud Apps expands dynamic threat detection, replacing legacy policies with new, research-driven detections; rollout starts early November 2025 and completes by end of November. [Introduction:] To improve threat detection accuracy and responsiveness,.
MC1163754 Enhancements to the Deep Analysis tab of Email Entity page by Microsoft Defender for Office 365
Enhancements to the Deep Analysis tab of Email Entity page by Microsoft Defender for Office 365 Defender for Office 365's Deep Analysis tab gains enhanced UI, improved detonation chains, expanded metadata, and exportable insights for better threat investigation, rolling out Nov 2025. We’re excited to share recent enhancements to the Deep.

Details

Summary
Microsoft Secure Score will add a new default recommendation from Microsoft Defender for Identity to improve on-premises account security by prompting password changes for potentially leaked credentials. The update rolls out November to December 2025, requires no admin action, and complements a related Microsoft Entra ID cloud account recommendation.

Body (from Message Center)

Updated October 31, 2025: We have updated the content. Thank you for your patience.

Introduction

To help organizations better assess and improve their identity security posture, Microsoft Secure Score is being enhanced with new improvement actions based on Microsoft Defender for Identity recommendations. These updates provide more accurate insights and actionable guidance to strengthen your security configuration.

When this will happen:

  • Public Preview: Rollout begins early November 2025, completes by mid-December 2025
  • General Availability (Worldwide, GCC, GCC High, and DoD): Rollout begins early November 2025, completes by mid-December 2025

How this affects your organization:

  • Who is affected: Admins managing Microsoft Secure Score and organizations with Microsoft Defender for Identity sensors deployed.
  • What will happen:
    • New posture recommendation will appear in Microsoft Secure Score as improvement actions: Change password for on-prem accounts with potentially leaked credentials
    • This recommendation is visible only if your tenant has a Defender for Identity sensor deployed.
    • The update is enabled by default and requires no configuration changes.
    • No impact to end-user workflow unless acted upon by the admin.
    • Please be aware of a related Microsoft Entra ID recommendation that is recently released, titled: “Change password for accounts with leaked credentials”. The Microsoft Entra ID recommendation is focused on cloud-based user accounts, whereas the Microsoft Defender for Identity recommendation targets on-prem user accounts.

What you can do to prepare:

  • No admin action is required before or after rollout.
  • Review your current identity configuration to assess potential impact.
  • Notify relevant administrators and update internal documentation as needed.
  • Regularly review Microsoft Secure Score to monitor and act on new improvement suggestions.
  • Learn more: Microsoft Secure Score 

Compliance considerations:

No compliance considerations identified, review as appropriate for your organization.

Raw JSON (for debugging)

Expand/collapse the full payload below.
Show/hide raw 
{
  "snapshot_item": {
    "action_required_by": null,
    "ai_action_required_by": null,
    "ai_actions": [
      "Review identity configuration",
      "Notify admins",
      "Update documentation",
      "Monitor Secure Score for new suggestions"
    ],
    "ai_master_tags": [
      "Security"
    ],
    "ai_model": "gpt-4.1",
    "ai_summary": "Microsoft Secure Score adds new improvement actions based on Defender for Identity, recommending password changes for on-prem accounts with leaked credentials; rollout starts early Nov 2025.",
    "ai_topics": [
      "Defender",
      "Entra"
    ],
    "category": "stayInformed",
    "details_map": {
      "Summary": "Microsoft Secure Score will add a new default recommendation from Microsoft Defender for Identity to improve on-premises account security by prompting password changes for potentially leaked credentials. The update rolls out November to December 2025, requires no admin action, and complements a related Microsoft Entra ID cloud account recommendation."
    },
    "id": "MC1179155",
    "importance": 1,
    "is_major_change": false,
    "last_modified": "2025-10-31T16:54:17Z",
    "ms_products": [
      "Defender"
    ],
    "platforms": null,
    "roadmap_ids": [],
    "services": [
      "Microsoft Defender XDR"
    ],
    "severity": "normal",
    "tags": [
      "Updated message",
      "New feature",
      "Admin impact"
    ],
    "title": "(Updated) Microsoft Defender for Identity: New recommendation added to Microsoft Secure Score"
  }
}