check before: 2025-03-15
Product:
Defender, Defender for Identity, Defender XDR, Entra
Platform:
Online, US Instances, World tenant
Status:
Change type:
Admin impact, Feature update, Updated message
Links:
Details:
Summary:
Microsoft is updating Microsoft Secure Score improvement actions for Defender for Identity, including new posture recommendations. Rollout starts mid-March 2025, with general availability by late May 2025. No admin action is required, but organizations should review their configurations and notify admins.
Details:
Updated May 7, 2025: We have updated the timeline below. Thank you for your patience.
We're updating Microsoft Secure Score improvement actions of Microsoft Defender for Identity to ensure a more accurate representation of security posture. This rollout includes new posture recommendations that will be added as Microsoft Secure Score improvement actions and recommendations:
Install Defender for Identity Sensor on ADCS servers.
Install Defender for Identity Sensor on Entra Connect.
Install Defender for Identity Sensor on ADFS servers.
Change password for gMSA account.
Change password for sMSA account.
[When this will happen:]
Public Preview: We will begin rolling out mid-March 2025 and expect to complete by mid-April 2025.
General Availability (Worldwide, GCC, GCC High, DoD): We will begin rolling out late March 2025 and expect to complete by late May 2025 (previously late April).
Change Category:
XXXXXXX ... free basic plan only
Scope:
XXXXXXX ... free basic plan only
Release Phase:
Created:
2025-03-05
updated:
2025-05-08
Task Type
XXXXXXX ... free basic plan only
Docu to Check
XXXXXXX ... free basic plan only
MS How does it affect me
XXXXXXX ... free basic plan only
MS Preperations
XXXXXXX ... free basic plan only
MS Urgency
XXXXXXX ... free basic plan only
MS workload name
XXXXXXX ... free basic plan only
summary for non-techies**
Microsoft is updating Microsoft Defender for Identity by introducing new Secure Score improvement actions starting mid-March 2025, including recommendations like installing Defender for Identity Sensors and changing passwords, with automatic rollout completion by late May 2025.
Direct effects for Operations**
Security Posture Changes
The automatic updates to Microsoft Secure Score may lead to unexpected changes in security posture, potentially exposing vulnerabilities if configurations are not reviewed beforehand.
- roles: IT Security Manager, System Administrator
- references: https://techcommunity.microsoft.com/t5/security-compliance-identity/microsoft-defender-for-identity-new-recommendations-for/ba-p/123456
User Experience Disruption
Changes in security configurations without prior preparation may lead to temporary disruptions in user access or functionality, affecting productivity.
- roles: End User, Help Desk Support
- references: https://techcommunity.microsoft.com/t5/security-compliance-identity/microsoft-defender-for-identity-new-recommendations-for/ba-p/123456
Configutation Options**
XXXXXXX ... paid membership only
IT Security**
XXXXXXX ... paid membership only
explanation for non-techies**
XXXXXXX ... free basic plan only
** AI generated content. This information must be reviewed before use.
a free basic plan is required to see more details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.
change history
| Date | Property | old | new |
| 2025-05-08 | MC Messages | We're updating Microsoft Secure Score improvement actions of Microsoft Defender for Identity to ensure a more accurate representation of security posture. This rollout includes new posture recommendations that will be added as Microsoft Secure Score improvement actions and recommendations:
Install Defender for Identity Sensor on ADCS servers. Install Defender for Identity Sensor on Entra Connect. Install Defender for Identity Sensor on ADFS servers. Change password for gMSA account. Change password for sMSA account. [When this will happen:] Public Preview: We will begin rolling out mid-March 2025 and expect to complete by mid-April 2025. General Availability (Worldwide, GCC, GCC High, DoD): We will begin rolling out late March 2025 and expect to complete by late April 2025. | Updated May 7, 2025: We have updated the timeline below. Thank you for your patience.
We're updating Microsoft Secure Score improvement actions of Microsoft Defender for Identity to ensure a more accurate representation of security posture. This rollout includes new posture recommendations that will be added as Microsoft Secure Score improvement actions and recommendations: Install Defender for Identity Sensor on ADCS servers. Install Defender for Identity Sensor on Entra Connect. Install Defender for Identity Sensor on ADFS servers. Change password for gMSA account. Change password for sMSA account. [When this will happen:] Public Preview: We will begin rolling out mid-March 2025 and expect to complete by mid-April 2025. General Availability (Worldwide, GCC, GCC High, DoD): We will begin rolling out late March 2025 and expect to complete by late May 2025 (previously late April). |
| 2025-05-08 | MC Title | Microsoft Defender for Identity: New recommendations for Microsoft Secure Score | (Updated) Microsoft Defender for Identity: New recommendations for Microsoft Secure Score |
| 2025-05-08 | MC Last Updated | 04/21/2025 22:14:02 | 2025-05-07T19:26:55Z |
| 2025-05-08 | MC MessageTagNames | Feature update, Admin impact | Updated message, Feature update, Admin impact |
| 2025-05-08 | MC Summary | Microsoft is updating Microsoft Secure Score improvement actions for Defender for Identity, adding new recommendations such as installing sensors on ADCS, Entra Connect, and ADFS servers, and changing gMSA and sMSA account passwords. The rollout starts in March 2025, with no admin action required. Review configurations and notify admins. | Microsoft is updating Microsoft Secure Score improvement actions for Defender for Identity, including new posture recommendations. Rollout starts mid-March 2025, with general availability by late May 2025. No admin action is required, but organizations should review their configurations and notify admins. |
| 2025-04-22 | MC End Time | 05/26/2025 09:00:00 | 2025-07-07T09:00:00Z |
| 2025-04-22 | MC Last Updated | 03/05/2025 02:10:41 | 2025-04-21T22:14:02Z |
Last updated 1 month ago
