Favorite your Message Center and Roadmap items. Access them anytime via your Profile. Export and share with your team or your LLM.

Microsoft Secure Score: New recommendation to reduce inbound internet exposure

Message ID
MC1358832
View in Message Center
Service
Microsoft Defender XDR
Category
Stay Informed
Tags
New featureAdmin impact
Rollout
June 2026

Summary

A new Microsoft Secure Score recommendation in Microsoft Defender for Endpoint will identify and help reduce unnecessary inbound internet exposure on internet-facing devices. Rolling out worldwide in June 2026, it provides admins visibility, requires no configuration, and supports proactive risk reduction without affecting user experience.

Details

[What and Why:]

We’re introducing a new Microsoft Secure Score recommendation in Microsoft Defender for Endpoint (MDE) to help organizations reduce unnecessary inbound exposure from the public internet. This update strengthens your enterprise security posture by giving admins clear visibility into internet-facing devices, helping validate whether exposure is expected, approved, and appropriately secured. By highlighting potential attack surface risks, this recommendation supports proactive risk reduction and aligns with Microsoft’s commitment to enterprise-ready security and manageability.

[Rollout Schedule:]

  • Public Preview (Worldwide): We will begin rolling out in early June 2026 and expect to complete by mid-June 2026.
  • General Availability (Worldwide): We will begin rolling out in early June 2026 and expect to complete by mid-June 2026.

[Impact on Your Organization:]

Who is affected: Admins managing Microsoft Defender for Endpoint and Microsoft Secure Score

Platforms/Services: Microsoft Defender for Endpoint, Microsoft Secure Score

What will happen:

  • A new Secure Score recommendation, "Reduce unnecessary inbound internet exposure on internet-facing devices," will appear.

    • Screenshot: New Secure Score recommendation in Microsoft Defender:

    user settings

  • Admins will gain visibility into devices with observed inbound connectivity from the public internet.
  • Devices or services reachable from the internet will be identified for review.
  • Secure Score will reflect progress as remediation or validation actions are taken.
  • The recommendation is on by default and requires no configuration to appear.
  • No user experience changes.

[Action Required / Recommendations:]

No immediate action is required to enable this feature.

Recommended actions for admins:

  • Review the new recommendation in Microsoft Secure Score once it appears.
  • Identify devices flagged as internet-facing.
  • Validate whether each exposure is expected, approved, and required.
  • Follow provided remediation guidance to reduce unnecessary exposure.
  • For devices that must remain internet-facing:
    • Ensure the exposure is approved, documented, and properly secured.
    • Consider applying an exception where the risk is accepted by your organization.

For more information, review documentation on Microsoft Defender for Endpoint and Microsoft Secure Score in Microsoft Learn.

[Compliance considerations:]

No compliance considerations identified, review as appropriate for your organization.

Change History

Show
Published: June 4, 2026
Last Updated: June 4, 2026
No change history available

Never Miss a Microsoft 365 Update

Join thousands of IT professionals who rely on DeltaPulse for real-time Microsoft 365 change intelligence, automated notifications, and community insights.

Explore Dashboard Sign Up Free