MC1023484Microsoft Defender for Identity: New recommendations for Microsoft Secure Score

Updated May 7, 2025: We have updated the timeline below. Thank you for your patience.

We’re updating Microsoft Secure Score improvement actions of Microsoft Defender for Identity to ensure a more accurate representation of security posture. This rollout includes new posture recommendations that will be added as Microsoft Secure Score improvement actions and recommendations:

• Install Defender for Identity Sensor on ADCS servers.
• Install Defender for Identity Sensor on Entra Connect. 
• Install Defender for Identity Sensor on ADFS servers.
• Change password for gMSA account.
• Change password for sMSA account. 

When this will happen:

Public Preview: We will begin rolling out mid-March 2025 and expect to complete by mid-April 2025.

General Availability (Worldwide, GCC, GCC High, DoD): We will begin rolling out late March 2025 and expect to complete by late May 2025 (previously late April).

How this will affect your organization:

These new security posture reports will be available only if your tenant has a Defender for Identify sensor installed your identity infrastructure.

This update is available by default.

What you need to do to prepare:

This rollout will happen automatically by the specified date with no admin action required. Your score will be updated accordingly.

Review your current configuration to determine the impact for your organization. You may want to notify your admins about this change and update any relevant documentation.

Microsoft recommends reviewing the improvement actions listed in Microsoft Secure Score. We will continue to add suggested security improvement actions on an ongoing basis.