Microsoft Secure Score: New recommendations for Microsoft Defender for Endpoint

Originally posted by Microsoft Oct 31, 2025 Uncategorized 0 Comments

New Microsoft Secure Score recommendations for Microsoft Defender for Endpoint will roll out in November 2025, focusing on LDAP security enhancements like client signing, traffic encryption, channel binding, and server signing to improve endpoint protection and prevent attacks. Admins should review and implement these changes.

Introduction

Microsoft Secure Score recommendations

When this will happen:

Public Preview: Rollout begins in early November 2025 and is expected to complete by mid-November 2025.

How this affects your organization:

Who is affected: Admins managing Microsoft Defender for Endpoint and Microsoft Secure Score.

What’s changing:

Lightweight Directory Access Protocol (LDAP) is a protocol used to access and manage directory information, commonly for authentication and authorization in enterprise environments.

Customers in Public Preview will see the following new recommendations in Microsoft Secure Score:

1. Require LDAP client signing to prevent tampering and protect directory authentication 
2. Encrypt LDAP client traffic to protect sensitive data in transi 
3. Enforce LDAP channel binding to protect authentication sessions from interception 
4. Require LDAP server signing to ensure integrity of directory traffic

Secure Score will be updated based on the implementation of these recommendations.

What you can do to prepare:

• Review the new recommendations in Microsoft Secure Score once available.
• Complete the recommended actions to improve your organization’s security posture.
• Communicate these changes to your security and endpoint management teams.
• Learn more about Microsoft Secure Score: Microsoft Secure Score | Microsoft Defender XDR | Microsoft Defender | Microsoft Learn

Compliance considerations:

No compliance considerations identified, review as appropriate for your organization.

Message ID: MC1181656