Microsoft

Microsoft Unveils New Identity Secure Score Recommendations in General Availability

Microsoft has announced the general availability of 11 new Identity Secure Score recommendations in Microsoft Entra, aimed at bolstering organizational security and providing actionable insights to mitigate risks.

The Identity Secure Score recommendations are designed to act as a trusted advisor, offering best practices rooted in industry standards to enhance security posture while improving employee productivity.

This latest release aligns with Microsoft’s commitment to transparency in adoption and advances the ongoing evolution of Microsoft Entra security recommendations.

These new recommendations emphasize critical security measures such as requiring multifactor authentication (MFA) for administrative roles, enabling sign-in and user risk policies, and adopting the principle of least privilege for role assignments.

Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free

Highlighted recommendations include preventing legacy authentication protocols, setting password policies to avoid expiration without reason, enabling password hash synchronization for hybrid environments, and restricting user application consent to verified publishers.

Other crucial recommendations include enabling self-service password reset, designating multiple Global Administrators for redundancy, and using Microsoft Entra ID risk policies to detect and address potential account compromises.

Trend Charts and User Entity Insights

Complementing these recommendations are two newly introduced features: the Secure Score Trend Chart and the Detailed List of User Entities.

The Secure Score Trend Chart enables organizations to track their security improvement over time, providing data-driven insights into how security measures impact overall protection.

These trends can also be accessed programmatically via the Tenant Secure Score API for broader integration.

The Detailed List of User Entities provides administrators with actionable insights into impacted users, making it easier to validate risks and initiate remediation steps.

Administrators can also retrieve impacted resource data using the impacted resources API.

Actionable Insights for Holistic Security

The new Identity Secure Score recommendations and features offer a comprehensive approach to mitigating threats.

Recommendations such as blocking legacy authentication known to be a common entry point for compromised sign-ins and protecting all users with MFA highlight Microsoft’s focus on proactive security measures.

Similarly, features like self-service password resets and least-privileged role assignments aim to enhance security without sacrificing ease of use or administrator efficiency.

Administrators can access these recommendations within the Microsoft Entra admin center by navigating to Identity > Overview > Recommendations and filtering by the “Identity Secure Score” category.

Alternatively, they can leverage the new Security Recommendations filter at the top of the overview page’s search bar to streamline recommendation discovery.

Microsoft has also hinted at the upcoming launch of Zero Trust recommendations to assist organizations in refining their Zero Trust security frameworks.

Additionally, Microsoft Entra Suite recommendations are on the horizon, designed to guide organizations in optimizing their usage of the Microsoft Entra Suite.

These future updates reflect Microsoft’s broader strategy to provide value-enhancing features and ensure seamless usability across its product portfolio.

With the general availability of these new Identity Secure Score recommendations, Microsoft reiterates its commitment to supporting organizations in addressing ever-evolving security challenges.

By integrating actionable insights, secure score trend tracking, and detailed user entity visibility, these enhancements are poised to empower IT administrators with the tools they need to safeguard their environments effectively.

Integrating Application Security into Your CI/CD Workflows Using Jenkins & Jira -> Free Webinar

Aman Mishra

Aman Mishra is a Security and privacy Reporter covering various data breach, cyber crime, malware, & vulnerability.

Recent Posts

Hack The box “Ghost” Challenge Cracked – A Detailed Technical Exploit

Cybersecurity researcher "0xdf" has cracked the "Ghost" challenge on Hack The Box (HTB), a premier…

6 hours ago

Sec-Gemini v1 – Google’s New AI Model for Cybersecurity Threat Intelligence

Google has unveiled Sec-Gemini v1, an AI model designed to redefine cybersecurity operations by empowering…

6 hours ago

U.S. Secures Extradition of Rydox Cybercrime Marketplace Admins from Kosovo in Major International Operation

The United States has successfully extradited two Kosovo nationals, Ardit Kutleshi, 26, and Jetmir Kutleshi,…

12 hours ago

Ivanti Fully Patched Connect Secure RCE Vulnerability That Actively Exploited in the Wild

Ivanti has issued an urgent security advisory for CVE-2025-22457, a critical vulnerability impacting Ivanti Connect…

2 days ago

Beware! Weaponized Job Recruitment Emails Spreading BeaverTail and Tropidoor Malware

A concerning malware campaign was disclosed by the AhnLab Security Intelligence Center (ASEC), revealing how…

2 days ago

EncryptHub Ransomware Uncovered Through ChatGPT Use and OPSEC Failures

EncryptHub, a rapidly evolving cybercriminal entity, has come under intense scrutiny following revelations of operational…

2 days ago