(Updated) Microsoft Defender for Identity: New recommendation added to Microsoft Secure Score

Message Center ID: MC1179155
Microsoft Defender XDR
Stay Informed
New feature Admin impact
November 2025 December 2025

Summary

Microsoft Secure Score will add a new default recommendation from Microsoft Defender for Identity to improve on-premises account security by prompting password changes for potentially leaked credentials. The update rolls out November to December 2025, requires no admin action, and complements a related Microsoft Entra ID cloud account recommendation.

Details

Updated October 31, 2025: We have updated the content. Thank you for your patience.

Introduction

To help organizations better assess and improve their identity security posture, Microsoft Secure Score is being enhanced with new improvement actions based on Microsoft Defender for Identity recommendations. These updates provide more accurate insights and actionable guidance to strengthen your security configuration.

When this will happen:

  • Public Preview: Rollout begins early November 2025, completes by mid-December 2025
  • General Availability (Worldwide, GCC, GCC High, and DoD): Rollout begins early November 2025, completes by mid-December 2025

How this affects your organization:

  • Who is affected: Admins managing Microsoft Secure Score and organizations with Microsoft Defender for Identity sensors deployed.
  • What will happen:
    • New posture recommendation will appear in Microsoft Secure Score as improvement actions: Change password for on-prem accounts with potentially leaked credentials
    • This recommendation is visible only if your tenant has a Defender for Identity sensor deployed.
    • The update is enabled by default and requires no configuration changes.
    • No impact to end-user workflow unless acted upon by the admin.
    • Please be aware of a related Microsoft Entra ID recommendation that is recently released, titled: “Change password for accounts with leaked credentials”. The Microsoft Entra ID recommendation is focused on cloud-based user accounts, whereas the Microsoft Defender for Identity recommendation targets on-prem user accounts.

What you can do to prepare:

  • No admin action is required before or after rollout.
  • Review your current identity configuration to assess potential impact.
  • Notify relevant administrators and update internal documentation as needed.
  • Regularly review Microsoft Secure Score to monitor and act on new improvement suggestions.
  • Learn more: Microsoft Secure Score 

Compliance considerations:

No compliance considerations identified, review as appropriate for your organization.

Change History

Published: October 24, 2025
Last Updated: October 31, 2025
October 31, 2025 at 6:31 PM Updated
Summary
Previous
Microsoft Secure Score will add a new improvement action from Microsoft Defender for Identity to recommend changing passwords for on-prem accounts with potentially leaked credentials. The update rolls out November to December 2025, is enabled by default, requires no admin action, and affects only tenants with Defender for Identity sensors.
New
Microsoft Secure Score will add a new default recommendation from Microsoft Defender for Identity to improve on-premises account security by prompting password changes for potentially leaked credentials. The update rolls out November to December 2025, requires no admin action, and complements a related Microsoft Entra ID cloud account recommendation.
Last Updated Date
Previous
2025-10-30T17:42:23.137Z
New
2025-10-31T16:54:17.143Z
Body Content
Previous

Updated October 30, 2025: We have updated the content. Thank you for your patience.

Introduction

To help organizations better assess and improve their identity security posture, Microsoft Secure Score is being enhanced with new improvement actions based on Microsoft Defender for Identity recommendations. These updates provide more accurate insights and actionable guidance to strengthen your security configuration.

When this will happen:

  • Public Preview: Rollout begins early November 2025, completes by mid-December 2025
  • General Availability (Worldwide, GCC, GCC High, and DoD): Rollout begins early November 2025, completes by mid-December 2025

How this affects your organization:

  • Who is affected: Admins managing Microsoft Secure Score and organizations with Microsoft Defender for Identity sensors deployed.
  • What will happen:
    • New posture recommendation will appear in Microsoft Secure Score as improvement actions: Change password for on-prem accounts with potentially leaked credentials
    • This recommendation is visible only if your tenant has a Defender for Identity sensor deployed.
    • The update is enabled by default and requires no configuration changes.
    • No impact to end-user workflow unless acted upon by the admin.

What you can do to prepare:

  • No admin action is required before or after rollout.
  • Review your current identity configuration to assess potential impact.
  • Notify relevant administrators and update internal documentation as needed.
  • Regularly review Microsoft Secure Score to monitor and act on new improvement suggestions.
  • Learn more: Microsoft Secure Score 

Compliance considerations:

No compliance considerations identified, review as appropriate for your organization.

New

Updated October 31, 2025: We have updated the content. Thank you for your patience.

Introduction

To help organizations better assess and improve their identity security posture, Microsoft Secure Score is being enhanced with new improvement actions based on Microsoft Defender for Identity recommendations. These updates provide more accurate insights and actionable guidance to strengthen your security configuration.

When this will happen:

  • Public Preview: Rollout begins early November 2025, completes by mid-December 2025
  • General Availability (Worldwide, GCC, GCC High, and DoD): Rollout begins early November 2025, completes by mid-December 2025

How this affects your organization:

  • Who is affected: Admins managing Microsoft Secure Score and organizations with Microsoft Defender for Identity sensors deployed.
  • What will happen:
    • New posture recommendation will appear in Microsoft Secure Score as improvement actions: Change password for on-prem accounts with potentially leaked credentials
    • This recommendation is visible only if your tenant has a Defender for Identity sensor deployed.
    • The update is enabled by default and requires no configuration changes.
    • No impact to end-user workflow unless acted upon by the admin.
    • Please be aware of a related Microsoft Entra ID recommendation that is recently released, titled: “Change password for accounts with leaked credentials”. The Microsoft Entra ID recommendation is focused on cloud-based user accounts, whereas the Microsoft Defender for Identity recommendation targets on-prem user accounts.

What you can do to prepare:

  • No admin action is required before or after rollout.
  • Review your current identity configuration to assess potential impact.
  • Notify relevant administrators and update internal documentation as needed.
  • Regularly review Microsoft Secure Score to monitor and act on new improvement suggestions.
  • Learn more: Microsoft Secure Score 

Compliance considerations:

No compliance considerations identified, review as appropriate for your organization.

October 30, 2025 at 6:31 PM Updated
Title
Previous
Microsoft Defender for Identity: New recommendation added to Microsoft Secure Score
New
(Updated) Microsoft Defender for Identity: New recommendation added to Microsoft Secure Score
Summary
Previous
Microsoft Secure Score will add a new improvement action from Microsoft Defender for Identity to prompt password changes for accounts with potentially leaked credentials. Rolling out November to December 2025, it requires no admin action and appears only if Defender for Identity sensors are deployed.
New
Microsoft Secure Score will add a new improvement action from Microsoft Defender for Identity to recommend changing passwords for on-prem accounts with potentially leaked credentials. The update rolls out November to December 2025, is enabled by default, requires no admin action, and affects only tenants with Defender for Identity sensors.
Last Updated Date
Previous
2025-10-24T22:09:48.947Z
New
2025-10-30T17:42:23.137Z
Tags
Previous
New feature,Admin impact
New
Updated message,New feature,Admin impact
Body Content
Previous

Introduction

To help organizations better assess and improve their identity security posture, Microsoft Secure Score is being enhanced with new improvement actions based on Microsoft Defender for Identity recommendations. These updates provide more accurate insights and actionable guidance to strengthen your security configuration.

When this will happen:

  • Public Preview: Rollout begins early November 2025, completes by mid-December 2025
  • General Availability (Worldwide, GCC, GCC High, and DoD): Rollout begins early November 2025, completes by mid-December 2025

How this affects your organization:

  • Who is affected: Admins managing Microsoft Secure Score and organizations with Microsoft Defender for Identity sensors deployed.
  • What will happen:
    • A new improvement action will appear in Microsoft Secure Score: Change password for accounts with potentially leaked credentials
    • This recommendation is visible only if your tenant has a Defender for Identity sensor deployed.
    • The update is enabled by default and requires no configuration changes.
    • No impact to end-user workflow unless acted upon by the admin.

What you can do to prepare:

  • No admin action is required before or after rollout.
  • Review your current identity configuration to assess potential impact.
  • Notify relevant administrators and update internal documentation as needed.
  • Regularly review Microsoft Secure Score to monitor and act on new improvement suggestions.
  • Learn more: Microsoft Secure Score 

Compliance considerations:

No compliance considerations identified, review as appropriate for your organization.

New

Updated October 30, 2025: We have updated the content. Thank you for your patience.

Introduction

To help organizations better assess and improve their identity security posture, Microsoft Secure Score is being enhanced with new improvement actions based on Microsoft Defender for Identity recommendations. These updates provide more accurate insights and actionable guidance to strengthen your security configuration.

When this will happen:

  • Public Preview: Rollout begins early November 2025, completes by mid-December 2025
  • General Availability (Worldwide, GCC, GCC High, and DoD): Rollout begins early November 2025, completes by mid-December 2025

How this affects your organization:

  • Who is affected: Admins managing Microsoft Secure Score and organizations with Microsoft Defender for Identity sensors deployed.
  • What will happen:
    • New posture recommendation will appear in Microsoft Secure Score as improvement actions: Change password for on-prem accounts with potentially leaked credentials
    • This recommendation is visible only if your tenant has a Defender for Identity sensor deployed.
    • The update is enabled by default and requires no configuration changes.
    • No impact to end-user workflow unless acted upon by the admin.

What you can do to prepare:

  • No admin action is required before or after rollout.
  • Review your current identity configuration to assess potential impact.
  • Notify relevant administrators and update internal documentation as needed.
  • Regularly review Microsoft Secure Score to monitor and act on new improvement suggestions.
  • Learn more: Microsoft Secure Score 

Compliance considerations:

No compliance considerations identified, review as appropriate for your organization.

Never Miss a Microsoft 365 Update

Join thousands of IT professionals who rely on DeltaPulse for real-time Microsoft 365 change intelligence, automated notifications, and community insights.

View Full Details Sign Up Free