Published Mar 2, 2024
Microsoft is updating Secure Score actions for Defender for Identity, removing the recommendation to disable 'password never expires' for domain accounts. The rollout begins early April 2024 and completes by late April. No action is required for preparation, but informing admins is suggested.
Updated April 3, 2024: We have updated the rollout timeline below. Thank you for your patience.
We’re updating Microsoft Secure Score improvement actions for Microsoft Defender for Identity to ensure a more accurate representation of your security posture.
As part of this update, after careful examination, we have decided to gradually withdraw this Microsoft Defender for Identity recommendation:Remove the attribute 'password never expires' from accounts in your domain.
This rollout is part of our work to refine the security assessment report, to ensure it aligns more accurately with recommended policies and enhances overall security value.
When this will happen:
We will begin rolling out early April 2024 (previously mid-March) and expect to complete by late April 2024 (previously mid-April).
How this will affect your organization:
After we remove the recommendation from Microsoft Defender for Identity, your Secure Score will be updated accordingly.
What you need to do to prepare:
No action is needed from you to prepare for this rollout. You may want to notify your admins about this change and update any relevant documentation as appropriate.