“Enterprises experience 130 security breaches per year, per organization, on average.”
PurpleSec Cyber Security Stats
With more and more resources going to the cloud, enterprise security has become a prime concern for every organization. No amount of security seems enough. One of the key questions that enterprises struggle with is the age-old question – Is my network safe?
Microsoft attempts to help companies answer that question with Microsoft 365 Secure Score. In this blog, we will cover what it is and how you can use it to analyse the security profile of your company’s infrastructure.
What is Microsoft Secure Score
Microsoft Secure Score is an analytics tool that measures your organization’s current security state and gives it an easy-to-understand score. The score makes it easy for anyone to quantify the security state of your organization.
A higher score indicates that the company has better security policies and measures in place. A lower score means the company is at a greater risk of a security threat. The score is on a relative scale. So, it cannot be compared across organizations. You can only compare it with your own scores in the past.
A visual representation of Secure Score:
Source: Microsoft Secure Score website
The score is always shown as a percentage. The details are seen on the Microsoft 365 Defender portal. Along with the score, the dashboard shows a set of improvement actions.
Improvement scores
Each improvement action also gives a “Score impact” alongside. This is quite simply how much the score would increase if the action is taken.
So, as you keep acting on the improvement actions, the score will continue to increase. Each improvement actions give 10 points or less, but many are binary in nature. As such completion of a certain action will fetch 100% of the points, a partial completion fetches no points.
Products covered under Microsoft Secure Score
Microsoft Secure Score monitors a range of products within the Microsoft ecosystem, helping organisations assess their overall security. However, it only covers Microsoft products, so you will need other tools to monitor third-party systems. Here is an overview of the products included:
1. Microsoft 365 (including Exchange Online)
Microsoft 365 security is crucial, and Secure Score helps ensure key security measures, such as multi-factor authentication (MFA) and mailbox audit logs, are in place to protect your emails and documents.
2. Azure Active Directory (Azure AD)
Secure Score evaluates the security of your Microsoft 365 identities by checking your organisation’s access controls and identity protection strategies, such as enforcing conditional access policies and multi-factor authentication.
3. Microsoft Defender for Endpoint
This tool helps ensure a strong security posture for devices. Secure Score provides recommended actions such as enabling Microsoft Defender Antivirus and attack surface reduction rules to enhance your organisation’s security.
4. Microsoft Defender for Identity
This tool monitors suspicious activities with a focus on identity-based threats. Secure Score tracks how well you use it to prevent identity compromises and improve your overall security.
5. Defender for Cloud Apps
With the rise of cloud services, Defender for Cloud Apps helps secure your organisation’s cloud environment. Secure Score suggests actions like applying information protection policies to safeguard data in Microsoft 365 apps.
6. Microsoft Teams
As a vital collaboration tool, Microsoft Teams security is assessed by Secure Score, which recommends actions such as restricting guest access and ensuring encryption of shared content to reduce security risks.
Secure Score limitations
While Microsoft Secure Score provides valuable insights into your company’s security posture within the Microsoft ecosystem, it does not extend to non-Microsoft products. To fully protect your security infrastructure, it is crucial to implement other monitoring tools or work with a security service provider.
How to access Microsoft Secure Score
Only specific user roles in the Azure Active Directory can access Microsoft Secure Score.
If you wish to have read and write access to make changes and interact with Secure Score – you must be a global admin, security admin, exchange admin, or Sharepoint admin.
If you wish to have read-only access with no editing power – you can be a helpdesk/user/service support admin, a security reader/operator, or a global reader in the role.
Other dashboard insights
Apart from the Secure score, the dashboard provides many other insights. Let’s have a look at them.
Source: Microsoft Secure Score website
Track scores over time
Under the Metrics and Trends tab, you can see the change in scores over time and compare that for an organization like your own.
Source: Microsoft Secure Score website
Activity History
The History tab shows you all activities performed that have impacted the Secure score in any manner.
Source: Microsoft Secure Score website
Categories of Improvement actions
Source: Microsoft Secure Score website
All the improvement actions suggested by Microsoft Secure Score are put in one of 3 categories:
- Identity
These are actions related to the Active Directory accounts and roles. - Device
They assess and suggest action on the application “Microsoft Defender for Endpoint”. - Apps
These actions are for email and cloud apps. That includes Office 365 and Microsoft Defender for Cloud Apps.
The dashboard also shows a breakdown of points by category, i.e., how high a percentage of total points in the category has been achieved and how much is left to achieve.
How to improve your Microsoft Secure Score
Improving your Microsoft Secure Score involves adopting best practices to enhance your organisation’s security. The Microsoft 365 Security Centre dashboard provides recommended security actions to address vulnerabilities and improve your score. Here are effective ways to boost your security score:
1. Focus on high-impact actions
Prioritise tasks with the highest score impact, such as enabling multi-factor authentication (MFA) or configuring anti-phishing policies in Exchange Online. These steps will significantly strengthen your security across your organisation.
2. Complete binary tasks
Certain actions must be fully implemented to improve your score. For example, encrypting all devices in your Microsoft 365 environment is an all-or-nothing task that contributes fully only once completed.
3. Enhance identity and access management
Improving your security posture often starts with stronger identity controls. Secure Score helps by recommending actions in Azure Active Directory, such as enforcing stronger passwords and implementing role-based access controls.
4. Strengthen endpoint security
Enable security features like Microsoft Defender for Endpoint and apply attack surface reduction rules. Ensuring mobile and remote devices are fully secured helps reduce security risks and improve your Secure Score.
5. Monitor cloud app security
Cloud apps like Office 365 benefit from best security practices like conditional access policies. Regularly updating cloud security measures will improve your organisation’s cybersecurity score and help you stay safe.
6. Accept or address risks
For actions that do not pose a significant risk to your security framework, you can flag them as ‘Risk Accepted.’ This does not improve your cybersecurity score but ensures the score reflects your security posture.
7. Track your progress
The Secure Score dashboard makes it easy to measure your security progress over time. Regular reviews help you stay on top of new recommendations and improve your overall security.
Fixing an improvement action
You can click on each improvement action to view it in greater detail.
Source: Microsoft Secure Score website
On the flyout of the improvement action, you can perform 4 actions:
- Select “Manage in Microsoft 365 Defender”
This will take you to the configuration screen and help you make the desired change. If you complete the action, the points improvement shows up on the Secure score within 24 hours. - Select Share
This will allow you to copy the direct link to the improvement action. It is useful when you wish to collaborate with another team member and work on fixing the improvement action. - Add Notes
There is also an option to add notes, leave your comments, or keep track of progress. - Add tags
You can also add tags to the action and categorize them as per your preference.
On completing the improvement action, you will be able to improve your Secure Score and thus make your organization more secure.
Conclusion
Secure Score provides an easy way to analyze and act on some of the security policies in your Microsoft environment. Although the security analysis is limited to a few Microsoft products, it can be one of the small steps toward building a more secure enterprise infrastructure.
You can learn more about Secure Score from the video below or read more in their official docs.
FAQ
How can Microsoft Secure Score help improve my organisation’s security?
Microsoft Secure Score provides a clear metric to measure your organisation’s security across the Microsoft 365 environment. Evaluating key security controls and recommending actions helps you identify areas that need improvement. The higher the score, the more secure your infrastructure is, and taking these recommended actions can significantly reduce security risks and strengthen your overall security strategy.
How do I access Microsoft Secure Score, and what does it include?
You can access Microsoft Secure Score through the Microsoft 365 or Azure Security Centre. The score provides insights into various Microsoft-supported products, including Azure Active Directory, Microsoft Teams, and Defender for Endpoint. Secure Score also gives you a list of recommended actions to improve your security, making it easy to track and act on security improvements.
Can I compare my Secure Score with other organisations?
No, Microsoft Secure Score is a metric that evaluates your security posture based on Microsoft products within your environment. You cannot directly compare your score with other organisations, but you can track your progress over time to ensure continuous security improvement.
