Updated October 29, 2025: We have updated the timeline. Thank you for your patience.
[Introduction:]
We’re enhancing Microsoft Secure Score by introducing new improvement actions based on Microsoft Defender for Identity posture recommendations for PingOne. These updates provide a more accurate reflection of your organization’s identity security posture and help strengthen your overall security configuration.
[When this will happen:]
- Public Preview: Rollout begins in late November 2025 (previously late October) and completes by mid-December 2025 (previously mid-November).
- General Availability (Worldwide, GCC, GCC High, and DoD): Rollout begins in late January 2026 (previously late November 2025) and completes by late February 2026 (previously mid-December 2025).
[How this affects your organization:]
Who is affected: Tenants with a PingOne connector configured for Microsoft Defender for Identity.
What will happen:
New posture recommendations will appear in Microsoft Secure Score as improvement actions:
- Limit the number of PingOne accounts with organization admin role
- Assign multi-factor authentication for PingOne privileged user accounts:
- Change password for PingOne privileged user accounts
- Remove stale PingOne privileged accounts
- High number of PingOne accounts with a privileged role assigned
These recommendations are enabled by default and require no configuration changes.
[What you can do to prepare:]
- No admin action is required before or after rollout.
- Review your current identity configuration to assess potential impact.
- Notify relevant administrators and update internal documentation as needed.
- Regularly review Microsoft Secure Score to monitor and act on new improvement suggestions.
[Compliance considerations:]
No compliance considerations identified, review as appropriate for your organization.