MC1154297 - Microsoft Defender for Identity: New recommendations for Microsoft Secure Score

To improve the accuracy of Microsoft Secure Score and better reflect your organization’s security posture, we’re updating the improvement actions related to Microsoft Defender for Identity. This update introduces new posture recommendations that will appear as Secure Score improvement actions, helping you identify and remediate potential identity risks more effectively.

• Public Preview: Begins mid-October 2025; expected completion by mid-November 2025.
• General Availability (Worldwide, GCC, GCC High, DoD): Begins late October 2025; expected completion by late November 2025.

Who is affected:
Organizations with Microsoft Defender for Identity sensors installed in their identity infrastructure.

What will happen:

• New posture recommendations will be added to Microsoft Secure Score as improvement actions:
• Identify service accounts in privileged groups
• Remove stale Active Directory accounts
• Identify Entra ID privileged accounts that are also privileged in Active Directory
• Locate accounts in built-in Operator Groups
• Disable Entra Seamless SSO
• These recommendations will be available by default.
• Your Secure Score will update automatically based on these new actions.

• No admin action is required before or after rollout.
• Review your current configuration to assess potential impact.
• Notify your identity and security admins about the upcoming changes.
• Update any internal documentation that references Secure Score or Defender for Identity.
• Regularly review Secure Score improvement actions to stay informed of new recommendations.

Learn more: Microsoft Secure Score documentation

No compliance considerations identified, review as appropriate for your organization.