The Microsoft Secure Score is a measurement of an organisation’s security position, with a higher number indicating more improvement actions taken. Following the Security Score recommendations can help protect your organisation from threats. From a centralised dashboard in the Microsoft 365 security centre, organisations can monitor and work on the security of their Microsoft 365 identities, data, apps, devices, and infrastructure.
Secure Score helps organisations:
- Report on the current position of the organisation’s security.
- Improve their security position by providing visibility, guidance, and control.
- Compare with benchmarks and establish key performance indicators (KPIs).
Organisations can view robust visualisations of their metrics and trends, integration with other Microsoft products, compare their score with organisations of a similar size, like the two seat Office 365 Tenant below that scores significantly higher than other organisations of a similar seat count and shockingly well above the global average.
How it works
You achieve points for configuring recommended security features like enabling MFA for users, performing security-related tasks (such as viewing reports), or taking action to address an improvement action using a third-party application or software. Some improvement actions will only give points when fully completed, and some give partial points if they are completed for some devices or users. Security should be balanced with usability, and not every recommendation can work for your environment.
Your score is updated in real time to reflect the information presented in the visualisations and improvement action pages. Secure Score also syncs daily to receive system data about your achieved points for each action.
How improvement actions are scored?
Most are scored in a binary fashion – if you implement the improvement action, like create a new malware policy or turn on a specific setting, you get 100% of the points. For other improvement actions, points are given as a percentage of the total configuration. For example, if the improvement action states you get 30 points by protecting all your users with multi-factor authentication and you only have 5 of 10 total users protected, you would be given a partial score of around 15 points (15 protected / 10 total * 30 max points = 15 points partial score).
What products included in Secure Score?
Currently there are recommendations for Office 365 (including SharePoint Online, Exchange Online, OneDrive for Business, Microsoft Information Protection, and more), Azure AD, Intune, and Cloud App Security. Recommendations for other security products, like Azure ATP and Microsoft Defender ATP, are coming soon. The recommendations will not cover all the attack surfaces that are associated with each Microsoft Office 365 product but they are a good start.
