Microsoft Defender for Identity: New recommendation added to Microsoft Secure Score

Informational

Message ID

MC1179155
View in Message Center

Services

Microsoft Defender XDR

Summary

Microsoft Secure Score will add a new default recommendation from Microsoft Defender for Identity to improve on-premises account security by prompting password changes for potentially leaked credentials. The update rolls out November to December 2025, requires no admin action, and complements a related Microsoft Entra ID cloud account recommendation.

Details

Updated October 31, 2025: We have updated the content. Thank you for your patience.

Introduction

To help organizations better assess and improve their identity security posture, Microsoft Secure Score is being enhanced with new improvement actions based on Microsoft Defender for Identity recommendations. These updates provide more accurate insights and actionable guidance to strengthen your security configuration.

When this will happen:

  • Public Preview: Rollout begins early November 2025, completes by mid-December 2025
  • General Availability (Worldwide, GCC, GCC High, and DoD): Rollout begins early November 2025, completes by mid-December 2025

How this affects your organization:

  • Who is affected: Admins managing Microsoft Secure Score and organizations with Microsoft Defender for Identity sensors deployed.
  • What will happen:
    • New posture recommendation will appear in Microsoft Secure Score as improvement actions: Change password for on-prem accounts with potentially leaked credentials
    • This recommendation is visible only if your tenant has a Defender for Identity sensor deployed.
    • The update is enabled by default and requires no configuration changes.
    • No impact to end-user workflow unless acted upon by the admin.
    • Please be aware of a related Microsoft Entra ID recommendation that is recently released, titled: “Change password for accounts with leaked credentials”. The Microsoft Entra ID recommendation is focused on cloud-based user accounts, whereas the Microsoft Defender for Identity recommendation targets on-prem user accounts.

What you can do to prepare:

  • No admin action is required before or after rollout.
  • Review your current identity configuration to assess potential impact.
  • Notify relevant administrators and update internal documentation as needed.
  • Regularly review Microsoft Secure Score to monitor and act on new improvement suggestions.
  • Learn more: Microsoft Secure Score 

Compliance considerations:

No compliance considerations identified, review as appropriate for your organization.

Timeline

Published
Oct 24, 2025
Updated
Oct 31, 2025
End Date
Jan 16, 2026

Tags

Updated messageNew featureAdmin impact

Category

Stay Informed