Skip to main content
🦉
Message CenterMicrosoft 365 Updates
HomePermissionsTenant FinderPortfolio
🦉
M365 Message Centerby Cengiz YILMAZ

Track the latest updates, features, and announcements for Microsoft 365 services. Comprehensive archive of service updates and important changes.

Quick Links

HomePermissionsTenant FinderPortfolio

Connect

© 2026 M365 Message Center. Created with ❤️ by Cengiz YILMAZ

Data sourced from Microsoft 365 Message Center • Not affiliated with Microsoft

  1. Home
  2. /
  3. MC1179155

Microsoft Defender for Identity: New recommendation added to Microsoft Secure Score

Informational

Message ID

MC1179155
View in Admin Center

Services

Microsoft Defender XDR

Summary

Microsoft Secure Score will add a new default recommendation from Microsoft Defender for Identity to improve on-premises account security by prompting password changes for potentially leaked credentials. The update rolls out November to December 2025, requires no admin action, and complements a related Microsoft Entra ID cloud account recommendation.

Details

Updated October 31, 2025: We have updated the content. Thank you for your patience.

Introduction

To help organizations better assess and improve their identity security posture, Microsoft Secure Score is being enhanced with new improvement actions based on Microsoft Defender for Identity recommendations. These updates provide more accurate insights and actionable guidance to strengthen your security configuration.

When this will happen:

  • Public Preview: Rollout begins early November 2025, completes by mid-December 2025
  • General Availability (Worldwide, GCC, GCC High, and DoD): Rollout begins early November 2025, completes by mid-December 2025

How this affects your organization:

  • Who is affected: Admins managing Microsoft Secure Score and organizations with Microsoft Defender for Identity sensors deployed.
  • What will happen:
    • New posture recommendation will appear in Microsoft Secure Score as improvement actions: Change password for on-prem accounts with potentially leaked credentials
    • This recommendation is visible only if your tenant has a Defender for Identity sensor deployed.
    • The update is enabled by default and requires no configuration changes.
    • No impact to end-user workflow unless acted upon by the admin.
    • Please be aware of a related Microsoft Entra ID recommendation that is recently released, titled: “Change password for accounts with leaked credentials”. The Microsoft Entra ID recommendation is focused on cloud-based user accounts, whereas the Microsoft Defender for Identity recommendation targets on-prem user accounts.

What you can do to prepare:

  • No admin action is required before or after rollout.
  • Review your current identity configuration to assess potential impact.
  • Notify relevant administrators and update internal documentation as needed.
  • Regularly review Microsoft Secure Score to monitor and act on new improvement suggestions.
  • Learn more: Microsoft Secure Score 

Compliance considerations:

No compliance considerations identified, review as appropriate for your organization.

Timeline

📅
Published
Oct 24, 2025
Message published to Message Center
✏️
Updated
Oct 31, 2025
Message content updated
🏁
End Date
Jan 16, 2026
Message timeline ends

Tags

#Updated message#New feature#Admin impact

Category

📖Stay Informed

Related Messages

Similar updates

MC1187403

Automatic Windows event auditing configuration now available for unified sensors (V3.x)

Nov 17, 2025
MC1187390

Unified sensor (v3.x) – new Remote Procedure Call (RPC) configuration health alert for Microsoft Defender for Identity

Nov 17, 2025
MC1147984

Microsoft Teams: User reporting for incorrectly identified security concerns

Sep 4, 2025
MC1200058

Microsoft Defender for Office 365: Admins can block external users in Microsoft Teams from Defender Portal

Dec 19, 2025
MC1133508

Microsoft Teams Integration with Microsoft Defender for Office Tenant Allow/Block List for blocking domains

Aug 11, 2025