Microsoft Secure Score

Microsoft Secure Score

Security Assessment of your MS 365 environment

Microsoft Secure Score is a measurement of an organization’s security posture, with a higher number indicating more improvement actions taken. It can be found at https://security.microsoft.com/securescore in the Microsoft 365 Defender portal.

 

Following the Secure Score recommendations can protect your organization from threats. From a centralized dashboard in the Microsoft 365 Defender portal, organizations can monitor and work on the security of their Microsoft 365 identities, apps, and devices.

Secure Score helps organizations:

  • Report on the current state of the organization’s security posture.
  • Improve their security posture by providing discoverability, visibility, guidance, and control.
  • Compare with benchmarks and establish key performance indicators (KPIs).

Secure Score | Microsoft 365 Defender

In Microsoft 365 Defender, Secure Score assesses and measures your organization’s security posture, or how well you’re protected from threats, and then provides intelligent guidance and prioritized actions to strengthen your posture and improve your score.

Learn more: https://aka.ms/MSSecureScore

For more about Microsoft Security: https://msft.it/6002T9HQY

Organizations gain access to robust visualizations of metrics and trends, integration with other Microsoft products, score comparison with similar organizations, and much more. The score can also reflect when third-party solutions have addressed recommended actions.

 

microsoft secure score

 

History Microsoft Secure Score

Best Practices for Improving Your Secure Score | Azure Security Center Webinar

To ensure you hear about future Microsoft Azure Security Center webinars and other developments, make sure you join our community by going to https://aka.ms/SecurityCommunity

How it works

You’re given points for the following actions:

  • Configuring recommended security features
  • Doing security-related tasks
  • Addressing the improvement action with a third-party application or software, or an alternate mitigation

Some improvement actions only give points when fully completed. Some give partial points if they’re completed for some devices or users. If you can’t or don’t want to enact one of the improvement actions, you can choose to accept the risk or remaining risk.

If you have a license for one of the supported Microsoft products, then you’ll see recommendations for those products. We show you the full set of possible improvements for a product, regardless of license edition, subscription, or plan. This way, you can understand security best practices and improve your score. Your absolute security posture, represented by Secure Score, stays the same no matter what licenses your organization owns for a specific product. Keep in mind that security should be balanced with usability, and not every recommendation can work for your environment.

Your score is updated in real time to reflect the information presented in the visualizations and improvement action pages. Secure Score also syncs daily to receive system data about your achieved points for each action.

Products included in Secure Score

Currently there are recommendations for the following products:

  • Microsoft 365 (including Exchange Online)
  • Azure Active Directory
  • Microsoft Defender for Endpoint
  • Microsoft Defender for Identity
  • Defender for Cloud Apps
  • Microsoft Teams

Recommendations for other security products are coming soon. The recommendations won’t cover all the attack surfaces associated with each product, but they’re a good baseline. You can also mark the improvement actions as covered by a third party or alternate mitigation.

Risk Awareness

Microsoft Secure Score is a numerical summary of your security posture based on system configurations, user behavior, and other security-related measurements. It isn’t an absolute measurement of how likely your system or data will be breached. Rather, it represents the extent to which you have adopted security controls in your Microsoft environment that can help offset the risk of being breached. No online service is immune from security breaches, and secure score shouldn’t be interpreted as a guarantee against security breach in any manner.