check before: 2025-01-01
Product:
Defender, Defender for Endpoint, Defender XDR
Platform:
Online, US Instances, World tenant
Status:
Change type:
Admin impact, Updated message
Links:
Details:
Summary:
Microsoft is updating the Secure Score action for Defender for Endpoint to better reflect security posture, retiring the SCID-2020 recommendation. Rollout starts January 2025, with no admin action needed. The related recommendation will be removed from the UI, and scores will be adjusted accordingly.
Details:
Updated December 31, 2024: We have updated the rollout timeline below. Thank you for your patience.
We're updating the Microsoft Secure Score improvement action of Microsoft Defender for Endpoint (MDE) to ensure a more accurate representation of security posture.
As part of this change, we will gradually retire the MDE recommendation on SCID-2020, Turn on all system-level Exploit protection settings.
We are working to refine the recommendation, ensuring it aligns more accurately with recommended policies and enhances the overall security value.
[When this will happen:]
General Availability (Worldwide, GCC, GCC High, DoD): We will begin rolling out early January 2025 (previously early December) and expect to complete by early February 2025 (previously early January).
Change Category:
XXXXXXX ... free basic plan only
Scope:
XXXXXXX ... free basic plan only
Release Phase:
Created:
2024-11-26
updated:
2025-01-01
Task Type
XXXXXXX ... free basic plan only
Docu to Check
XXXXXXX ... free basic plan only
MS How does it affect me
XXXXXXX ... free basic plan only
MS Preperations
XXXXXXX ... free basic plan only
MS Urgency
XXXXXXX ... free basic plan only
MS workload name
XXXXXXX ... free basic plan only
summary for non-techies**
XXXXXXX ... free basic plan only
Direct effects for Operations**
Removal of SCID-2020 Recommendation
The removal of the SCID-2020 recommendation may lead to confusion among users who rely on this guidance for security settings, potentially resulting in misconfigurations or security gaps.
- roles: IT Administrators, Security Analysts
- references: https://techcommunity.microsoft.com/t5/security-compliance-identity/microsoft-secure-score-changing-microsoft-defender-for-endpoint/ba-p/3851230
Adjustment of Secure Score
Changes in the Secure Score may impact user perception of security posture, leading to decreased trust in the security measures in place if not communicated effectively.
- roles: IT Administrators, End Users
- references: https://techcommunity.microsoft.com/t5/security-compliance-identity/microsoft-secure-score-changing-microsoft-defender-for-endpoint/ba-p/3851230
User Documentation Updates
Failure to update user documentation regarding the changes may result in users not understanding the new security posture, leading to potential non-compliance with security policies.
- roles: IT Administrators, Compliance Officers
- references: https://techcommunity.microsoft.com/t5/security-compliance-identity/microsoft-secure-score-changing-microsoft-defender-for-endpoint/ba-p/3851230
Configutation Options**
XXXXXXX ... paid membership only
Opportunities**
Enhanced Security Awareness Training
With the removal of the SCID-2020 recommendation, there is an opportunity to implement enhanced security awareness training for users to better understand security posture and the importance of exploit protection settings. This can help in reducing potential vulnerabilities and improving overall security culture within the organization.
- next-steps: Develop a training program focused on security best practices and the implications of exploit protection settings. Schedule training sessions and create informative materials for users.
- roles: IT Security Team, HR Training Department, End Users
- references: https://www.microsoft.com/en-us/security/business/solutions/security-awareness-training, https://www.csoonline.com/article/3624168/why-security-awareness-training-is-a-must-have-for-businesses.html
Streamlined Security Policy Management
The update provides a chance to review and streamline security policies related to exploit protection settings, ensuring they are up-to-date and align with the new Microsoft Secure Score recommendations. This can reduce administrative overhead and improve compliance.
- next-steps: Conduct a policy audit to assess current exploit protection settings and align them with updated recommendations. Update documentation and communicate changes to relevant stakeholders.
- roles: IT Security Team, Compliance Officers, IT Administrators
- references: https://techcommunity.microsoft.com/t5/security-compliance-identity/blogs/announcing-microsoft-secure-score-for-endpoint/ba-p/1894111, https://www.cisecurity.org/
Improved Incident Response Procedures
The adjustment in Microsoft Secure Score provides an opportunity to refine incident response procedures, ensuring they are effective in light of the updated security posture reflected by the new recommendations. This can lead to faster response times and reduced impact from security incidents.
- next-steps: Review and update incident response plans to incorporate new insights from the updated Microsoft Secure Score. Conduct tabletop exercises to test the revised procedures.
- roles: IT Security Team, Incident Response Team, IT Management
- references: https://www.sans.org/white-papers/37029/, https://www.nist.gov/cyberframework
Potentional Risks**
XXXXXXX ... paid membership only
IT Security**
XXXXXXX ... paid membership only
explanation for non-techies**
XXXXXXX ... free basic plan only
** AI generated content. This information must be reviewed before use.
a free basic plan is required to see more details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.
change history
| Date | Property | old | new |
| 2025-01-01 | MC MessageTagNames | Admin impact | Updated message, Admin impact |
| 2025-01-01 | MC Summary | Microsoft is updating the Secure Score action for Defender for Endpoint to better reflect security posture, retiring the SCID-2020 recommendation. Rollout starts January 2025, with no admin action needed. The related recommendation will be removed from the UI, and scores will be adjusted accordingly. | |
| 2025-01-01 | MC Last Updated | 11/26/2024 01:44:19 | 2024-12-31T20:23:11Z |
| 2025-01-01 | MC Messages | We're updating the Microsoft Secure Score improvement action of Microsoft Defender for Endpoint (MDE) to ensure a more accurate representation of security posture.
As part of this change, we will gradually retire the MDE recommendation on SCID-2020, Turn on all system-level Exploit protection settings. We are working to refine the recommendation, ensuring it aligns more accurately with recommended policies and enhances the overall security value. [When this will happen:] General Availability (Worldwide, GCC, GCC High, DoD): We will begin rolling out early December 2024 and expect to complete by early January 2025. | Updated December 31, 2024: We have updated the rollout timeline below. Thank you for your patience.
We're updating the Microsoft Secure Score improvement action of Microsoft Defender for Endpoint (MDE) to ensure a more accurate representation of security posture. As part of this change, we will gradually retire the MDE recommendation on SCID-2020, Turn on all system-level Exploit protection settings. We are working to refine the recommendation, ensuring it aligns more accurately with recommended policies and enhances the overall security value. [When this will happen:] General Availability (Worldwide, GCC, GCC High, DoD): We will begin rolling out early January 2025 (previously early December) and expect to complete by early February 2025 (previously early January). |
| 2025-01-01 | MC Title | Microsoft Secure Score: Changing Microsoft Defender for Endpoint recommendation | (Updated) Microsoft Secure Score: Changing Microsoft Defender for Endpoint recommendation |
| 2025-01-01 | MC End Time | 02/03/2025 09:00:00 | 2025-03-10T09:00:00Z |
Last updated 1 week ago
