MC1163763 - Microsoft Secure Score: New recommendations for Microsoft Defender for Endpoint
Message Center
Service
Published
Tag
Summary
New Microsoft Secure Score recommendations for Microsoft Defender for Endpoint will roll out mid-October 2025, adding protections like blocking web shell creation, impersonated tools, and Safe Mode rebooting. Admins should review and implement these to enhance security posture. No compliance issues identified.
More information
We’re introducing new Microsoft Secure Score recommendations for Microsoft Defender for Endpoint (MDE) to help organizations strengthen their security posture. These recommendations are designed to proactively block common attack techniques and improve endpoint protection.
When this will happen:
Rollout will begin in mid-October 2025 and is expected to complete by the end of the month.
How this affects your organization:
Who is affected
Admins managing Microsoft Defender for Endpoint and Microsoft Secure Score.
What’s changing
Customers in Public Preview will see the following new recommendations in Microsoft Secure Score:
- Block web shell creation on servers
- Block use of copied or impersonated system tools:
- Block rebooting a machine in Safe Mode:
Secure Score will be updated based on the implementation of these recommendations.
What you can do to prepare:
- Review the new recommendations in Microsoft Secure Score once available.
- Complete the recommended actions to improve your organization’s security posture.
- Communicate these changes to your security and endpoint management teams.
- Learn more about Microsoft Secure Score: Microsoft Secure Score | Microsoft Defender XDR | Microsoft Defender | Microsoft Learn
Compliance considerations:
No compliance considerations identified, review as appropriate for your organization.