Management section in the Microsoft Defender portal is now located under Exposure management.

November 2025

• (Preview) The Vulnerability Management section in the Microsoft Defender portal is now located under Exposure management. This change is part of the vulnerability management integration to Microsoft Security Exposure Management, which significantly expands the scope and capabilities of the platform.
• (Preview) Microsoft Secure Score now includes new recommendations to help organizations proactively prevent common endpoint attack techniques.

1. Require LDAP client signing and Require LDAP server signing - help ensure integrity of directory requests so attackers can't tamper with or manipulate group memberships or permissions in transit.
2. Encrypt LDAP client traffic - prevents exposure of credentials and sensitive user information by enforcing encrypted communication instead of clear-text LDAP.
3. Enforce LDAP channel binding - prevents man-in-the-middle relay attacks by ensuring the authentication is cryptographically tied to the TLS session. If the TLS channel changes, the bind fails, stopping credential replay.

• (GA) These Microsoft Secure Score recommendations are now generally available:

1. Block web shell creation on servers
2. Block use of copied or impersonated system tools
3. Block rebooting a machine in Safe Mode