Microsoft Secure Score: New recommendations for Microsoft Defender for Endpoint

Originally posted by Microsoft Oct 2, 2025 Uncategorized 0 Comments

New Microsoft Secure Score recommendations for Microsoft Defender for Endpoint will roll out mid-October 2025, adding protections like blocking web shell creation, impersonated tools, and Safe Mode rebooting. Admins should review and implement these to enhance security posture. No compliance issues identified.

We’re introducing new Microsoft Secure Score recommendations for Microsoft Defender for Endpoint (MDE) to help organizations strengthen their security posture. These recommendations are designed to proactively block common attack techniques and improve endpoint protection.

When this will happen:

Rollout will begin in mid-October 2025 and is expected to complete by the end of the month.

How this affects your organization:

Who is affected

Admins managing Microsoft Defender for Endpoint and Microsoft Secure Score.

What’s changing

Customers in Public Preview will see the following new recommendations in Microsoft Secure Score:

• Block web shell creation on servers
• Block use of copied or impersonated system tools:

View image in new tab

• Block rebooting a machine in Safe Mode:

 View image in new tab

Secure Score will be updated based on the implementation of these recommendations.

What you can do to prepare:

Compliance considerations:

No compliance considerations identified, review as appropriate for your organization.

• Review the new recommendations in Microsoft Secure Score once available.
• Complete the recommended actions to improve your organization’s security posture.
• Communicate these changes to your security and endpoint management teams.
• Learn more about Microsoft Secure Score: Microsoft Secure Score | Microsoft Defender XDR | Microsoft Defender | Microsoft Learn

Message ID: MC1163763