Identity security enhancements

March 2026
Identity security enhancements: New identity security capabilities help you monitor and manage identity security for human and non-human identities:

• (Preview) Identity Security dashboard: The Identity Security dashboard provides summary cards for identity providers, on-premises identities, SaaS identities, PAM and IGA integrations, and non-human identities. For more information, see The Identity Security dashboard. The Identity Security dashboard is being rolled out gradually to customers, and might not yet be available in your organization.
• (Preview) Coverage and maturity page: The Coverage and maturity page shows your organization's identity security coverage with maturity levels, including Connected, Protected, Fortified, and Resilient, and prioritized setup tasks. For more information, see Coverage and maturity. The Coverage and maturity page is being rolled out gradually to customers, and might not yet be available in your organization. If you don't see this feature in your environment yet, check back soon.
• Identity inventory: The Identity inventory page now shows human and non-human identities in separate tabs. Insight cards help you classify critical assets, view highly privileged identities, identify critical Active Directory service accounts, and view cloud application accounts. For more information, see View the Identity inventory.
• (Preview) Non-human identities: The Non-human identities tab shows non-human identities, including Microsoft Entra ID apps, Active Directory service accounts, Google Workspace apps, and Salesforce apps. For more information, see Identity inventory and Investigate non-human identities.
• (Preview) Identity risk score: A new risk score for identities, ranging from 0 to 100, that indicates the likelihood of compromise and the potential impact based on criticality and privileged roles. The risk score is available in Microsoft Entra ID, where it can be used to inform conditional access policies and identity protection workflows. A new Risk score tab on the Identity page provides a detailed breakdown of the risk factors, including percentile comparison and risk trends. For more information, see Investigate an identity.
• (Preview) Domain investigation page: The Domain investigation page shows Active Directory domain security, including domain properties, deployment health, identity summary, service account breakdown, sensitive entities, active recommendations, group policies, and trust relationships. For more information, see Investigate a domain.
• (Preview)Identity security recommendations: View recommendations from Active Directory, Microsoft Entra ID, SaaS applications, and supported non-Microsoft identity providers. For more information, see Identity security recommendations.
• (Preview) The following advanced hunting schema tables are now available for preview:
• The CloudDnsEvents table contains information about DNS activity events from cloud infrastructure environments.
• To improve accuracy and better protect organizational identities, we've made updates to the Secure Score category calculations. Some security recommendations categorized as Cloud apps recommendations are now considered identity‑related and grouped under the Identity category. While the total Secure Score remains unchanged, individual identity and app scores may change.
• (Preview) Customers can now use filters on very large incidents with many alerts and entities or hide specific entities to simplify complex incident graphs. By simplifying the graphs, they can focus their investigations on what matters most. Learn more
• The proactive user containment (contain user) action as part of the predictive shielding feature is now generally available. This action infuses activity data with exposure data to identify exposed credentials at risk of being compromised and reused to conduct malicious activity.