check before: 2026-03-01
Product:
Defender, Defender for Endpoint, Defender XDR, Entra, Windows
Platform:
Online, World tenant
Status:
Change type:
New feature, User impact, Admin impact
Links:
Details:
Summary:
Microsoft Secure Score will add a new recommendation to block outbound traffic from mshta.exe in Microsoft Defender for Endpoint, starting public preview in late March 2026. This reduces risk from attacks using mshta.exe, requires admin action to enable, and impacts compliance monitoring and data access.
Details:
[Introduction]
To help organizations strengthen endpoint security and reduce exposure to common attack techniques, we're introducing a new Microsoft Secure Score recommendation in Microsoft Defender for Endpoint (MDE). This recommendation focuses on blocking outbound traffic from mshta.exe, a legitimate Windows binary that is frequently abused by attackers to execute malicious scripts. Implementing this recommendation helps reduce risk from living-off-the-land binary (LOLBIN) attacks and improves your overall security posture.
[When this will happen]
Public Preview: Rollout begins late March 2026 and is expected to complete by early April 2026.
General Availability (Worldwide): Rollout begins late March 2026 and is expected to complete by late May 2026.
Change Category:
XXXXXXX ... free basic plan only
Scope:
XXXXXXX ... free basic plan only
Release Phase:
Created:
2026-04-01
updated:
2026-04-01
Task Type
XXXXXXX ... free basic plan only
Docu to Check
XXXXXXX ... free basic plan only
MS How does it affect me
XXXXXXX ... free basic plan only
MS Preperations
XXXXXXX ... free basic plan only
MS Urgency
XXXXXXX ... free basic plan only
MS workload name
XXXXXXX ... free basic plan only
Pictures
XXXXXXX ... free basic plan only
summary for non-techies**
XXXXXXX ... free basic plan only
Direct effects for Operations**
Blocking outbound traffic from mshta.exe
If the recommendation is implemented without preparation, it may disrupt existing applications or scripts that rely on mshta.exe for legitimate outbound traffic, leading to potential service interruptions.
- roles: IT Admin, Application Developer
- references: https://learn.microsoft.com/defender-xdr/microsoft-secure-score?view=o365-worldwide
Compliance Monitoring
The change may affect compliance monitoring as it alters how data is accessed, potentially leading to non-compliance if not properly managed and communicated to relevant teams.
- roles: Compliance Officer, IT Admin
- references: https://learn.microsoft.com/defender-xdr/microsoft-secure-score?view=o365-worldwide
User Experience
If the configuration is enforced without prior communication, users may experience disruptions in their workflows due to blocked access to necessary external resources, impacting productivity.
- roles: End User, IT Support
- references: https://learn.microsoft.com/defender-xdr/microsoft-secure-score?view=o365-worldwide
Configutation Options**
XXXXXXX ... paid membership only
Opportunities**
XXXXXXX ... free basic plan only
Potentional Risks**
XXXXXXX ... paid membership only
IT Security**
XXXXXXX ... paid membership only
explanation for non-techies**
XXXXXXX ... free basic plan only
** AI generated content. This information must be reviewed before use.
a free basic plan is required to see more details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.
Last updated 2 weeks ago ago
