Microsoft Entra Boosts Security with New Identity Secure Score Recommendations

Microsoft has rolled out several new Identity Secure Score Recommendations in public preview within Microsoft Entra Recommendations. These recommendations are designed to help organizations more effectively detect and mitigate identity-based cyberattacks.

The Microsoft Entra Recommendations feature helps administrators enhance security by providing tailored suggestions based on an analysis of their identity environment. It continuously reviews tenant configurations, compares them with Microsoft’s best practices, and offers clear, actionable guidance to address issues such as reducing unnecessary admin privileges. These insights are integrated with the Identity Secure Score, which makes it easier to prioritize and track improvements over time.

What’s new in Microsoft Entra’s Identity Secure Score Recommendations?

Microsoft has introduced 12 new Identity Secure Score recommendations aimed at strengthening organizational security by addressing common misconfigurations and vulnerabilities. These include editing the misconfigured enrollment agent certificate template, removing unsafe permissions from Entra Connect accounts, and eliminating reversible passwords stored in Group Policy Preferences. Other recommendations focus on stopping the exposure of clear-text credentials, removing dormant accounts from sensitive groups, and disabling weak cryptographic ciphers that attackers could exploit.

Additional recommendations include editing misconfigured certificate template access control lists (ACLs), modifying insecure Kerberos delegations to prevent impersonation, and implementing Microsoft Local Administrator Password Solution (LAPS) to manage local administrator passwords securely. Microsoft also advises rotating passwords for Entra Connect connector accounts regularly and replacing overly privileged accounts to adhere to the principle of least privilege. Lastly, integrating VPN data with Microsoft Defender for Identity enhances visibility into user activity and helps detect abnormal behavior.

Getting started with the new Microsoft Entra Recommendations

To access the new Identity Secure Score Recommendations, IT admins will need to head over to the Microsoft Entra Admin Center, and navigate to Overview > Recommendations. From there, they can access the new security controls for various scenarios, including Agentic AI, network access, as well as identity threat detection and response.

Later this year, Microsoft plans to roll out additional Defender for Identity Recommendations to help organizations enhance their visibility and control over the overall security posture. The company will also introduce Microsoft Entra Suite recommendations designed to align with the Zero Trust approach of businesses.