Edit

Misconfiguration recommendations support in Microsoft Defender for Endpoint

Note

The Vulnerability Management section in the Microsoft Defender portal is now located under Exposure management. With this change, you can now consume and manage security exposure data and vulnerability data in a unified location, to enhance your existing Vulnerability Management features. Learn more.

These changes are relevant for Preview customers (Microsoft Defender XDR + Microsoft Defender for Identity preview option).

Having accurate and up-to-date information about security misconfigurations that could expose your organization to risk, and information on steps to help remediate them, is essential for maintaining your organization's security posture.

The Misconfigurations tab in the Recommendations page under Exposure management lists the configuration issues your devices are exposed to and provides prioritized recommendations to help remediate or mitigate them.

If you come across missing or incorrect misconfiguration data for your organization, you can use the report inaccuracy capability available for recommendations to report false positives, inaccuracies, or incomplete information.

This article provides information on inaccuracies that have been reported. You can use it to determine if new or updated recommendation support has been added, or if support isn't currently available.

For vulnerability assessment inaccuracies, such as detection logic, Common Vulnerability Scoring System (CVSS) scores, and affected version details, see Vulnerability assessment support.

Note

Assessment accuracy depends on successful Defender for Endpoint data collection. PowerShell Constrained Language Mode, AppLocker, WDAC, or similar application control policies can restrict required Defender for Endpoint collection scripts and affect assessment accuracy. To learn how to configure allow rules that let these scripts run, see Allow Microsoft Defender for Endpoint scripts with WDAC script enforcement.

Note

The tables may also include updates based on security recommendation support queries or in response to customer requests.

The following tables present the relevant security recommendation information organized by month.

January 2026

Inaccuracy report ID Description Fix date
127527 Fixed remediation steps for "Disable NT LAN Manager (NTLM) authentication for Windows" recommendation 15-Jan-26

December 2025

Inaccuracy report ID Description Fix date
105683
107460
104824
Excluded Windows 365 Cloud PCs (personal computers) from the applicable devices for BitLocker related recommendations as these devices don't support BitLocker 28-Dec-25