Microsoft Defender for Endpoint: New Microsoft Secure Score recommendations

New Microsoft Secure Score recommendations for Microsoft Defender for Endpoint will roll out in public preview by the end of December 2025, helping admins improve security by blocking common attacks. Admins should review and implement these recommendations, such as disabling NTLM authentication, to enhance endpoint protection.

We’re introducing new Microsoft Secure Score recommendations for Microsoft Defender for Endpoint (MDE) to help organizations strengthen their security posture. These recommendations are designed to proactively block common attack techniques and improve endpoint protection.

When this will happen

Public Preview: Rollout will begin at the end of December 2025 and is expected to complete by the end of December 2025.

How this affects your organization

Who is affected: Admins managing Microsoft Defender for Endpoint and Microsoft Secure Score.

What will happen

• Customers in Public Preview will see new recommendations in Microsoft Secure Score.
• One example recommendation is: Disable NTLM authentication for Windows workstations.
• Secure Score will update based on the implementation of these recommendations.

What you can do to prepare

• Review the new recommendations in Microsoft Secure Score once available.
• Complete the recommended actions to improve your organization’s security posture.
• Communicate these changes to your security and endpoint management teams.

Compliance considerations

No compliance considerations identified. Review as appropriate for your organization.