Microsoft 365 Message Center ArchiveM365 Archive
Message Center

MC1358832Microsoft Secure Score: New recommendation to reduce inbound internet exposure

Summary

A new Microsoft Secure Score recommendation in Microsoft Defender for Endpoint will identify and help reduce unnecessary inbound internet exposure on internet-facing devices. Rolling out worldwide in June 2026, it provides admins visibility, requires no configuration, and supports proactive risk reduction without affecting user experience.

More information

What and Why:

We’re introducing a new Microsoft Secure Score recommendation in Microsoft Defender for Endpoint (MDE) to help organizations reduce unnecessary inbound exposure from the public internet. This update strengthens your enterprise security posture by giving admins clear visibility into internet-facing devices, helping validate whether exposure is expected, approved, and appropriately secured. By highlighting potential attack surface risks, this recommendation supports proactive risk reduction and aligns with Microsoft’s commitment to enterprise-ready security and manageability.

Rollout Schedule:

  • Public Preview (Worldwide): We will begin rolling out in early June 2026 and expect to complete by mid-June 2026.
  • General Availability (Worldwide): We will begin rolling out in early June 2026 and expect to complete by mid-June 2026.

Impact on Your Organization:

Who is affected: Admins managing Microsoft Defender for Endpoint and Microsoft Secure Score

Platforms/Services: Microsoft Defender for Endpoint, Microsoft Secure Score

What will happen:

  • A new Secure Score recommendation, "Reduce unnecessary inbound internet exposure on internet-facing devices," will appear.

    • Screenshot: New Secure Score recommendation in Microsoft Defender:

    user settings

  • Admins will gain visibility into devices with observed inbound connectivity from the public internet.
  • Devices or services reachable from the internet will be identified for review.
  • Secure Score will reflect progress as remediation or validation actions are taken.
  • The recommendation is on by default and requires no configuration to appear.
  • No user experience changes.

Action Required / Recommendations:

No immediate action is required to enable this feature.

Recommended actions for admins:

  • Review the new recommendation in Microsoft Secure Score once it appears.
  • Identify devices flagged as internet-facing.
  • Validate whether each exposure is expected, approved, and required.
  • Follow provided remediation guidance to reduce unnecessary exposure.
  • For devices that must remain internet-facing:
    • Ensure the exposure is approved, documented, and properly secured.
    • Consider applying an exception where the risk is accepted by your organization.

For more information, review documentation on Microsoft Defender for Endpoint and Microsoft Secure Score in Microsoft Learn.

Compliance considerations:

No compliance considerations identified, review as appropriate for your organization.