Exciting News! 12 New Identity Secure Score Recommendations in Microsoft Entra. Microsoft introduced Secure Score Recommendations from Microsoft Defender for Identity to bring more visibility into your organization’s security posture.
These secure Score Recommendations are now in public preview. These are not only focused on helping you prevent, detect, and respond to identity-based cyberattacks, but also drives visibility and alignment across identity and security teams.
As you know that, Microsoft Entra Recommendations help you monitor and improve the security and health of your Entra tenant. Last year, Microsoft launched many improvements on Entra Recommendation. This time, 12 new recommendations have also been released.
This new recommendation is designed by combining best practices from identity and access management with additional security signals from Defender. Microsoft is committed to bringing new security postures to help customers continuously.
Table of Contents
12 New Identity Secure Score Recommendations in Microsoft Entra
Secure Score Recommendation is the latest feature on Entra Recommendation. Last year, Microsoft added new security signals to Entra Recommendations to help strengthen your organization’s security posture and offer actionable insights to help identity and effectively mitigate risks.
Entra Recommendations focused on serves as a trusted advisor for enhancing security posture, especially as cybersecurity threats become more refined with new AI and Agentic scenarios.
- How Microsoft Entra Enhances Identity Security and Resilience to Help you Meet DORA Requirements
- How Transport Layer Security TLS Inspection Works in Microsoft Entra Internet Access to Empower Security
- 5 Easy Steps to Secure your Microsoft 365 or Entra Tenant
12 Latest Identity Secure Score Recommendation
As mentioned above 12 recommendations are available in Preview. These recommendations will definitely help your organisation to strengthen its security. The following table shows 12 recommendations from Microsoft Defender.
| Recommendations | Details |
|---|---|
| Edit misconfigured enrollment agent certificate template | Enrollment agent certificates can authenticate as IT Admin and request a certificate on behalf of a user. |
| Remove unsafe permissions on sensitive Entra Connect accounts | On-prem and cloud identity systems are critical to hybrid identity. |
| Reversible passwords found in GPOs | If your organization ever used Group Policy Preferences (GPP) to deploy credentials, there’s a chance those passwords are still inside a system volume (SYSVOL) folder. |
| Stop clear text credentials exposure | Entities exposing credentials in clear text increase risk as unsecure traffic, such as Lightweight Directory Access Protocol (LDAP) simple-bind, is highly susceptible to interception. |
| Remove dormant accounts from sensitive groups | An easy and quiet path deep into your organization is through inactive accounts that are a part of sensitive groups. |
| Stop weak cipher usage | Weak ciphers need to be disabled because they are susceptible to cracking and reduce the overall security posture of the organization. |
| Edit misconfigured certificate templates ACL | Certificate templates are Active Directory objects, with an access control list that defines access to the template. |
| Modify unsecure Kerberos delegations to prevent impersonation | Kerberos delegation is a setting that allows applications to request end-user access credentials to access resources on behalf of the originating user. |
| Protect and manage local admin passwords with Microsoft LAPS | Local Administrator Password Solution (LAPS) provides management of local account passwords for domain joined computers. |
| Rotate password for Entra Connect Active Directory Domain Services (AD DS) Connector account | Your connector accounts play a key role in syncing identities between on-prem and cloud. |
| Replace Enterprise or Domain Admin account for Entra Connect AD DS Connecto | If your Entra Connect AD DS Connector account is a member of Domain Admins or Enterprise Admins, it has broad privileges. |
| Configure VPN integration | Simplify your attack investigation process with the inclusion of Microsoft Defender for Identity user account information |
How to Access Secure Score Recommendation
You can easily access Secure Score Recommendations from the Microsoft Entra Portal. If your tenant is up to date you can quickly access this feature. Here, you will see the new security controls that can be used in scenarios ranging from Agentic AI, network access and identity threat detection and response.
- Open Microsoft Entra Portal
- Go to Overview > Recommendations
- Here you can see Microsoft Defender for Identity
Need Further Assistance or Have Technical Questions?
Join the LinkedIn Page and Telegram group to get the latest step-by-step guides and news updates. Join our Meetup Page to participate in User group meetings. Also, Join the WhatsApp Community to get the latest news on Microsoft Technologies. We are there on Reddit as well.
Resource
Secure Score Recommendations from Microsoft Defender are now available in Entra Recommendations.
Author
Anoop C Nair has been Microsoft MVP for 10 consecutive years from 2015 onwards. He is a Workplace Solution Architect with more than 22+ years of experience in Workplace technologies. He is a Blogger, Speaker, and Local User Group Community leader. His primary focus is on Device Management technologies like SCCM and Intune. He writes about technologies like Intune, SCCM, Windows, Cloud PC, Windows, Entra, Microsoft Security, Career, etc.