Microsoft Defender XDR: Password protection account action buttons

Microsoft Defender XDR adds "Disable account" and "Reset password" buttons to the Password protection page for Active Directory human user accounts. Available by default from late May 2026, these actions enable direct remediation of risky accounts without configuration changes. No action is required from administrators.

[What and Why]

Microsoft Defender XDR is adding two new account action buttons, Disable account and Reset password, to the Password protection experience. This update allows administrators to take direct remediation actions on accounts identified as risky from the Password protection page.

[Rollout Schedule]

• Public Preview: Late May 2026 through mid-June 2026
• General Availability (Worldwide): Late Jun 2026 through late June 2026

[Impact on Your Organization]

Who is affected

• Administrators using Microsoft Defender XDR
• Applies to Active Directory human user accounts

Platforms/Services

• Microsoft Defender XDR (web portal)
• Password protection experience

What will happen

• The Password protection page will include two new action buttons:
  • Disable account
  • Reset password
• These actions can be performed directly from the Password protection page: 

  

• These actions apply only to Active Directory human user accounts.
• These actions are not available for the krbtgt (Kerberos Ticket Granting Ticket) accounts.
• The feature is enabled by default.
• No configuration changes are required.

[Action Required/Recommendations]

• No action is required.
• Inform security administrators about the new actions available in the Password protection page.
• Review internal processes for responding to risky accounts.
• Update internal documentation if applicable.

Learn more: Investigate identity password protection (Preview) | Microsoft Learn

[Compliance considerations]

No compliance considerations identified. Review as appropriate for your organization.