Services
Summary
Microsoft is updating Microsoft Secure Score improvement actions for Defender for Identity, including new posture recommendations. Rollout starts mid-March 2025, with general availability by late May 2025. No admin action is required, but organizations should review their configurations and notify admins.
Details
Updated May 7, 2025: We have updated the timeline below. Thank you for your patience.
WeΓ’β¬β’re updating Microsoft Secure Score improvement actions of Microsoft Defender for Identity to ensure a more accurate representation of security posture. This rollout includes new posture recommendations that will be added as Microsoft Secure Score improvement actions and recommendations:
- Install Defender for Identity Sensor on ADCS servers.
- Install Defender for Identity Sensor on Entra Connect.
- Install Defender for Identity Sensor on ADFS servers.
- Change password for gMSA account.
- Change password for sMSA account.
When this will happen:
Public Preview: We will begin rolling out mid-March 2025 and expect to complete by mid-April 2025.
General Availability (Worldwide, GCC, GCC High, DoD): We will begin rolling out late March 2025 and expect to complete by late May 2025 (previously late April).
How this will affect your organization:
These new security posture reports will be available only if your tenant has a Defender for Identify sensor installed your identity infrastructure.
This update is available by default.
What you need to do to prepare:
This rollout will happen automatically by the specified date with no admin action required. Your score will be updated accordingly.
Review your current configuration to determine the impact for your organization. You may want to notify your admins about this change and update any relevant documentation.
Microsoft recommends reviewing the improvement actions listed in Microsoft Secure Score. We will continue to add suggested security improvement actions on an ongoing basis.