New recommendations (December)

Author: limwainstein

defender-vulnerability-management/whats-new-in-microsoft-defender-vulnerability-management.md

@@ -28,6 +28,12 @@ This article provides information about new features and important product updat
 > [!TIP]
 > Did you know you can try all the features in Microsoft Defender Vulnerability Management for free? Find out how to [sign up for a free trial](defender-vulnerability-management-trial.md).
 
+## December 2025
+
+(Preview) **Microsoft Secure Score now includes new recommendations** to help organizations proactively prevent common endpoint attack techniques:
+    - **Disable remote registry service on Windows**: Prevents remote access to the Windows registry, reducing attack surface and blocking unauthorized configuration changes, privilege escalation, and lateral movement.
+    - **Disable NTLM authentication for Windows workstations**: Helps prevent credential theft and lateral movement attacks by removing support for an outdated and insecure protocol. New Technology LAN Manager (NTLM) can be exploited with techniques like Pass-the-Hash and NTLM relay, allowing attackers to bypass password complexity and compromise domains.
+
 ## November 2025
 
 - (Preview) The **Vulnerability Management** section in the Microsoft Defender portal is now located under **Exposure management**. This change is part of the vulnerability management integration to Microsoft Security Exposure Management, which significantly expands the scope and capabilities of the platform. [Learn more](#microsoft-defender-vulnerability-management-and-microsoft-security-exposure-management-integration).