Microsoft Adds New Secure Score Security Recommendations for Defender for Endpoint

Microsoft is rolling out new Microsoft Secure Score recommendations for Microsoft Defender for Endpoint (MDE) to help organizations strengthen endpoint security and reduce exposure to common attack techniques.

According to Microsoft 365 Admin Center Message ID MC1251207, the new recommendations focus on improving enterprise security configurations and helping administrators identify potential weaknesses in their environments.

New security recommendations for SMB and RDP

One of the recommendations focuses on hardening SMB server security to protect systems against authentication relay attacks.

SMB relay attacks occur when attackers intercept authentication traffic and reuse it to gain unauthorized access to systems or services on the same network.

Microsoft is also introducing a recommendation that suggests blocking file transfers over Remote Desktop Protocol (RDP).

RDP file transfer features can potentially be abused by attackers to move sensitive data outside the organization. Disabling file transfers helps limit possible data exfiltration attempts during compromised sessions.

Secure Score will reflect implemented protections

Microsoft Secure Score will update automatically based on whether organizations implement the recommended security actions.

However, these settings are disabled by default, meaning administrators must review the recommendations and enable the protections manually if they choose to apply them.

Microsoft confirmed that existing configurations will not change automatically unless administrators explicitly implement the recommended settings.

Administrators are encouraged to review the new Secure Score recommendations regularly and decide which actions fit their organization’s security policies.

Organizations that track security posture through Secure Score may also need to update internal documentation and inform security teams when adopting the new recommendations.

Public preview rollout expected to finish in March

The new Secure Score recommendations entered Public Preview in late February, and Microsoft expects the rollout to complete by mid-March.

The company has not yet confirmed when the feature will become generally available.

The update arrives at a time when organizations face growing cybersecurity threats, including campaigns conducted by state-backed threat actors.

Microsoft has previously warned that attackers increasingly combine traditional intrusion techniques with AI-assisted tools to accelerate cyberattacks and improve phishing campaigns.

Other recent security updates

In related security news, Microsoft recently released the KB5084597 out-of-band update for Windows 11 LTSC 2024 to patch remote code execution vulnerabilities in the Routing and Remote Access Service (RRAS).

Meanwhile, Google recently issued a Chrome security update addressing two vulnerabilities in the browser engine.

The continued rollout of Secure Score recommendations shows Microsoft’s ongoing effort to help organizations proactively strengthen endpoint defenses.

Via Neowin