check before: 2025-11-01
Product:
Defender, Defender for Identity, Defender XDR, Entra
Platform:
Online, US Instances, World tenant
Status:
Change type:
Admin impact, New feature, Updated message
Links:
Details:
Summary:
Microsoft Secure Score will add a new default recommendation from Microsoft Defender for Identity to improve on-premises account security by prompting password changes for potentially leaked credentials. The update rolls out November to December 2025, requires no admin action, and complements a related Microsoft Entra ID cloud account recommendation.
Details:
Updated October 31, 2025: We have updated the content. Thank you for your patience.
Introduction
To help organizations better assess and improve their identity security posture, Microsoft Secure Score is being enhanced with new improvement actions based on Microsoft Defender for Identity recommendations. These updates provide more accurate insights and actionable guidance to strengthen your security configuration.
When this will happen:
Public Preview: Rollout begins early November 2025, completes by mid-December 2025
General Availability (Worldwide, GCC, GCC High, and DoD): Rollout begins early November 2025, completes by mid-December 2025
Change Category:
XXXXXXX ... free basic plan only
Scope:
XXXXXXX ... free basic plan only
Release Phase:
Created:
2025-10-25
updated:
2025-10-31
Task Type
XXXXXXX ... free basic plan only
Docu to Check
XXXXXXX ... free basic plan only
MS How does it affect me
XXXXXXX ... free basic plan only
MS Preperations
XXXXXXX ... free basic plan only
MS Urgency
XXXXXXX ... free basic plan only
MS workload name
XXXXXXX ... free basic plan only
summary for non-techies**
XXXXXXX ... free basic plan only
Direct effects for Operations**
Password Change Requirement
Admins may need to change passwords for on-prem accounts with potentially leaked credentials, leading to potential disruptions in user access if not managed properly.
- roles: IT Admins, Security Officers
- references: https://learn.microsoft.com/microsoft-365/security/mtp/microsoft-secure-score
User Access Disruption
If admins act on the new recommendation without proper communication, users may experience unexpected access issues due to password changes, impacting productivity.
- roles: End Users, IT Support
- references: https://learn.microsoft.com/microsoft-365/security/mtp/microsoft-secure-score
Configutation Options**
XXXXXXX ... paid membership only
IT Security**
XXXXXXX ... paid membership only
explanation for non-techies**
Microsoft is introducing a new feature to help improve the security of your organization's accounts. Imagine you have a house with both an alarm system and a security camera. The alarm system alerts you if someone tries to break in, while the camera lets you see what's happening outside. Microsoft Defender for Identity is like the security camera for your organization's on-premises accounts, and Microsoft Secure Score is like the report card that tells you how secure your house is.
Starting from November to December 2025, Microsoft Secure Score will include a new recommendation from Microsoft Defender for Identity. This recommendation will suggest changing passwords for accounts that might have leaked credentials, similar to how you might change the locks if you suspect someone has a copy of your house key. This update is automatic and doesn't require any action from administrators, making it easy to implement.
This new recommendation is specifically for on-premises accounts, which are like the physical keys to your office. Meanwhile, there's a related recommendation for cloud accounts, which are like the digital keys you use to access online services. Both recommendations aim to enhance security by ensuring that any potentially compromised credentials are updated promptly.
Administrators should keep an eye on their Microsoft Secure Score to see these new recommendations and take action if necessary. It's like regularly checking your security report card to make sure your house remains safe. There's no immediate impact on end-users unless administrators decide to act on these recommendations, so it's a seamless addition to your existing security measures.
** AI generated content. This information must be reviewed before use.
a free basic plan is required to see more details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.
change history
| Date | Property | old | new |
| 2025-10-31 | MC Messages | Updated October 30, 2025: We have updated the content. Thank you for your patience.
Introduction To help organizations better assess and improve their identity security posture, Microsoft Secure Score is being enhanced with new improvement actions based on Microsoft Defender for Identity recommendations. These updates provide more accurate insights and actionable guidance to strengthen your security configuration. When this will happen: Public Preview: Rollout begins early November 2025, completes by mid-December 2025 General Availability (Worldwide, GCC, GCC High, and DoD): Rollout begins early November 2025, completes by mid-December 2025 | Updated October 31, 2025: We have updated the content. Thank you for your patience.
Introduction To help organizations better assess and improve their identity security posture, Microsoft Secure Score is being enhanced with new improvement actions based on Microsoft Defender for Identity recommendations. These updates provide more accurate insights and actionable guidance to strengthen your security configuration. When this will happen: Public Preview: Rollout begins early November 2025, completes by mid-December 2025 General Availability (Worldwide, GCC, GCC High, and DoD): Rollout begins early November 2025, completes by mid-December 2025 |
| 2025-10-31 | MC How Affect | Who is affected: Admins managing Microsoft Secure Score and organizations with Microsoft Defender for Identity sensors deployed.
What will happen: New posture recommendation will appear in Microsoft Secure Score as improvement actions: Change password for on-prem accounts with potentially leaked credentials This recommendation is visible only if your tenant has a Defender for Identity sensor deployed. The update is enabled by default and requires no configuration changes. No impact to end-user workflow unless acted upon by the admin. What you can do to prepare: No admin action is required before or after rollout. Review your current identity configuration to assess potential impact. Notify relevant administrators and update internal documentation as needed. Regularly review Microsoft Secure Score to monitor and act on new improvement suggestions. Learn more: Microsoft Secure Score Compliance considerations: No compliance considerations identified, review as appropriate for your organization. | Who is affected: Admins managing Microsoft Secure Score and organizations with Microsoft Defender for Identity sensors deployed.
What will happen: New posture recommendation will appear in Microsoft Secure Score as improvement actions: Change password for on-prem accounts with potentially leaked credentials This recommendation is visible only if your tenant has a Defender for Identity sensor deployed. The update is enabled by default and requires no configuration changes. No impact to end-user workflow unless acted upon by the admin. Please be aware of a related Microsoft Entra ID recommendation that is recently released, titled: "Change password for accounts with leaked credentials". The Microsoft Entra ID recommendation is focused on cloud-based user accounts, whereas the Microsoft Defender for Identity recommendation targets on-prem user accounts. What you can do to prepare: No admin action is required before or after rollout. Review your current identity configuration to assess potential impact. Notify relevant administrators and update internal documentation as needed. Regularly review Microsoft Secure Score to monitor and act on new improvement suggestions. Learn more: Microsoft Secure Score Compliance considerations: No compliance considerations identified, review as appropriate for your organization. |
| 2025-10-31 | MC Last Updated | 10/30/2025 18:42:23 | 2025-10-31T17:54:17Z |
| 2025-10-31 | MC Summary | Microsoft Secure Score will add a new improvement action from Microsoft Defender for Identity to recommend changing passwords for on-prem accounts with potentially leaked credentials. The update rolls out November to December 2025, is enabled by default, requires no admin action, and affects only tenants with Defender for Identity sensors. | Microsoft Secure Score will add a new default recommendation from Microsoft Defender for Identity to improve on-premises account security by prompting password changes for potentially leaked credentials. The update rolls out November to December 2025, requires no admin action, and complements a related Microsoft Entra ID cloud account recommendation. |
| 2025-10-30 | MC MessageTagNames | New feature, Admin impact | Updated message, New feature, Admin impact |
| 2025-10-30 | MC Summary | Microsoft Secure Score will add a new improvement action from Microsoft Defender for Identity to prompt password changes for accounts with potentially leaked credentials. Rolling out November to December 2025, it requires no admin action and appears only if Defender for Identity sensors are deployed. | Microsoft Secure Score will add a new improvement action from Microsoft Defender for Identity to recommend changing passwords for on-prem accounts with potentially leaked credentials. The update rolls out November to December 2025, is enabled by default, requires no admin action, and affects only tenants with Defender for Identity sensors. |
| 2025-10-30 | MC Last Updated | 10/25/2025 00:09:48 | 2025-10-30T18:42:23Z |
| 2025-10-30 | MC Messages | Introduction
To help organizations better assess and improve their identity security posture, Microsoft Secure Score is being enhanced with new improvement actions based on Microsoft Defender for Identity recommendations. These updates provide more accurate insights and actionable guidance to strengthen your security configuration. When this will happen: Public Preview: Rollout begins early November 2025, completes by mid-December 2025 General Availability (Worldwide, GCC, GCC High, and DoD): Rollout begins early November 2025, completes by mid-December 2025 | Updated October 30, 2025: We have updated the content. Thank you for your patience.
Introduction To help organizations better assess and improve their identity security posture, Microsoft Secure Score is being enhanced with new improvement actions based on Microsoft Defender for Identity recommendations. These updates provide more accurate insights and actionable guidance to strengthen your security configuration. When this will happen: Public Preview: Rollout begins early November 2025, completes by mid-December 2025 General Availability (Worldwide, GCC, GCC High, and DoD): Rollout begins early November 2025, completes by mid-December 2025 |
| 2025-10-30 | MC Title | Microsoft Defender for Identity: New recommendation added to Microsoft Secure Score | (Updated) Microsoft Defender for Identity: New recommendation added to Microsoft Secure Score |
| 2025-10-30 | MC How Affect | Who is affected: Admins managing Microsoft Secure Score and organizations with Microsoft Defender for Identity sensors deployed.
What will happen: A new improvement action will appear in Microsoft Secure Score: Change password for accounts with potentially leaked credentials This recommendation is visible only if your tenant has a Defender for Identity sensor deployed. The update is enabled by default and requires no configuration changes. No impact to end-user workflow unless acted upon by the admin. What you can do to prepare: No admin action is required before or after rollout. Review your current identity configuration to assess potential impact. Notify relevant administrators and update internal documentation as needed. Regularly review Microsoft Secure Score to monitor and act on new improvement suggestions. Learn more: Microsoft Secure Score Compliance considerations: No compliance considerations identified, review as appropriate for your organization. | Who is affected: Admins managing Microsoft Secure Score and organizations with Microsoft Defender for Identity sensors deployed.
What will happen: New posture recommendation will appear in Microsoft Secure Score as improvement actions: Change password for on-prem accounts with potentially leaked credentials This recommendation is visible only if your tenant has a Defender for Identity sensor deployed. The update is enabled by default and requires no configuration changes. No impact to end-user workflow unless acted upon by the admin. What you can do to prepare: No admin action is required before or after rollout. Review your current identity configuration to assess potential impact. Notify relevant administrators and update internal documentation as needed. Regularly review Microsoft Secure Score to monitor and act on new improvement suggestions. Learn more: Microsoft Secure Score Compliance considerations: No compliance considerations identified, review as appropriate for your organization. |
Last updated 1 month ago ago
