Microsoft Defender for Identity's security posture assessments

Typically, organizations of all sizes have limited visibility into whether or not their on-premises apps and services could introduce a security vulnerability to their organization. The problem of limited visibility is especially true regarding use of unsupported or outdated components.

While your company may invest significant time and effort on hardening identities and identity infrastructure (such as Active Directory, Active Directory Connect) as an on-going project, it's easy to remain unaware of common misconfigurations and use of legacy components that represent one of the greatest threat risks to your organization. Microsoft security research reveals that most identity attacks utilize common misconfigurations in Active Directory and continued use of legacy components (such as NTLMv1 protocol) to compromise identities and successfully breach your organization. To combat this effectively, Microsoft Defender for Identity now offers proactive identity security posture assessments to detect and recommend actions across your on-premises Active Directory configurations.

What do Defender for Identity's security posture assessments provide?

  • Detections and contextual data on known exploitable components and misconfigurations, along with relevant paths for remediation.
  • Defender for Identity detects not only suspicious activities, but also actively monitors your on-premises identities and identity infrastructure for weak spots, using the existing Defender for Identity sensor.
  • Accurate assessment reports of your current organization security posture, enabling quick response and effect monitoring in a continuous cycle.

How do I get started?


Defender for Identity security assessments are available using the Microsoft Secure Score dashboard. The assessments are available in the Identity category in Microsoft Secure Score.

What is Microsoft Secure Score?

Microsoft Secure Score is a measurement of an organization's security posture, with a higher number indicating more recommended actions taken. It can be found at in the Microsoft 365 Defender portal.


A Defender for Identity license is required.

Identity security posture assessments

Defender for Identity offers the following identity security posture assessments. Each assessment is a downloadable report with instructions for use and tools for building an action plan to remediate or resolve.

Assessment reports

To access identity security posture assessments:

  1. Open the Microsoft Secure Score dashboard.

  2. Select the Recommended actions tab. You can search for a particular recommended action, or filter the results (for example, by the category Identity).

    Recommended actions.

  3. For more details, select the assessment.

    Select the assessment.

Next steps