Microsoft Defender for Identity will require a 60-day expiration period when enabling Recommended test mode starting late July 2025. Admins must manually set this expiration, which limits test duration and restores original alert thresholds after expiry, affecting alerting and integrations but not users directly.
Introduction
To help organizations better manage testing efforts and reduce the risk of prolonged exposure to test configurations, Microsoft Defender for Identity (MDI) now requires an expiration period (up to 60 days) when enabling Recommended test mode. This update ensures test settings are time-bound, improving operational clarity and reducing potential security gaps.
When this will happen
General Availability (Worldwide): Rollout will begin in late July 2025 and is expected to complete by mid-August 2025.
How this affects your organization
This feature is not enabled by default. Admins must manually enable Recommended test mode, and starting with this update, they will also be required to define an expiration period of up to 60 days. The selected expiration date will be clearly displayed next to the toggle in the Microsoft Defender for Identity portal.
Expiration date displayed next to the Recommended test mode toggle in the Microsoft Defender for Identity portal:
For tenants that had Recommended test mode enabled prior to this change, a default 60-day expiration period will be automatically applied starting from the rollout date. Once the expiration period ends, test mode will be turned off and original alert thresholds will be restored.
This change:
What you can do to prepare
No admin action is required for this change to take effect. However, we recommend:
Learn more:
Compliance considerations
No compliance considerations identified, review as appropriate for your organization.