Category
stayInformed
Severity
normal
Major change
False
Last modified
2025-12-05 00:43:40
Summary source
Azure OpenAI (gpt-4.1)
Action by (Graph)
—
Action by (AI)
2025-12-31 00:00:00
Services
Microsoft Defender XDR
Tags
Feature update, User impact, Admin impact
Master tags
Admin, Security
Roadmap IDs
One-line summary
New Microsoft Secure Score recommendations for Defender for Endpoint will appear in Public Preview at end of Dec 2025 to help block attacks and improve endpoint protection.
Similar updates
More like thisMC1191616 Microsoft Secure Score: New recommendations for Microsoft Defender for Endpoint
MC1200058 Microsoft Defender for Office 365: Admins can block external users in Microsoft Teams from Defender Portal
MC1077861 (Updated) Microsoft Defender for Cloud Apps: SIEM agents will retire
MC1192257 (Updated) Microsoft Defender Threat Intelligence: Convergence with Microsoft Defender and Microsoft Sentinel
MC1193689 Microsoft baseline security mode for Office, SharePoint, Exchange, Teams, and Entra
MC1133508 (Updated) Microsoft Teams Integration with Microsoft Defender for Office Tenant Allow/Block List for blocking domains
Details
Summary
New Microsoft Secure Score recommendations for Microsoft Defender for Endpoint will roll out in public preview by the end of December 2025, helping admins improve security by blocking common attacks. Admins should review and implement these recommendations, such as disabling NTLM authentication, to enhance endpoint protection.
Body (from Message Center)
We’re introducing new Microsoft Secure Score recommendations for Microsoft Defender for Endpoint (MDE) to help organizations strengthen their security posture. These recommendations are designed to proactively block common attack techniques and improve endpoint protection.
When this will happenPublic Preview: Rollout will begin at the end of December 2025 and is expected to complete by the end of December 2025.
How this affects your organizationWho is affected: Admins managing Microsoft Defender for Endpoint and Microsoft Secure Score.
What will happen
- Customers in Public Preview will see new recommendations in Microsoft Secure Score.
- One example recommendation is: Disable NTLM authentication for Windows workstations.
- Secure Score will update based on the implementation of these recommendations.
- Review the new recommendations in Microsoft Secure Score once available.
- Complete the recommended actions to improve your organization’s security posture.
- Communicate these changes to your security and endpoint management teams.
Compliance considerations
No compliance considerations identified. Review as appropriate for your organization.
Raw JSON (for debugging)
Expand/collapse the full payload below.
Show/hide raw
{
"snapshot_item": {
"action_required_by": null,
"ai_action_required_by": "2025-12-31T00:00:00Z",
"ai_actions": [
"Review new Secure Score recommendations",
"Complete recommended security actions",
"Communicate changes to security teams"
],
"ai_master_tags": [
"Admin",
"Security"
],
"ai_model": "gpt-4.1",
"ai_summary": "New Microsoft Secure Score recommendations for Defender for Endpoint will appear in Public Preview at end of Dec 2025 to help block attacks and improve endpoint protection.",
"ai_topics": [
"Defender"
],
"category": "stayInformed",
"details_map": {
"Summary": "New Microsoft Secure Score recommendations for Microsoft Defender for Endpoint will roll out in public preview by the end of December 2025, helping admins improve security by blocking common attacks. Admins should review and implement these recommendations, such as disabling NTLM authentication, to enhance endpoint protection."
},
"id": "MC1192254",
"importance": 4,
"is_major_change": false,
"last_modified": "2025-12-05T00:43:40Z",
"ms_products": [
"Defender"
],
"platforms": null,
"roadmap_ids": [],
"services": [
"Microsoft Defender XDR"
],
"severity": "normal",
"tags": [
"Feature update",
"User impact",
"Admin impact"
],
"title": "Microsoft Defender for Endpoint: New Microsoft Secure Score recommendations"
}
}