Microsoft Secure Score is like a fitness tracker for your Microsoft 365 environment. It gives you a score based on your current security posture and suggests actions that you can take to improve it. The higher your score, the healthier and more secure your environment is. It provides a score between 0 and 100, based on your implementation of recommended security best practices and configuration settings in Microsoft 365. Following the Secure Score recommendations can protect your organization from threats and help you achieve a higher level of security.
In this blog post, I will show you how to use your organization’s Microsoft Secure Score to assess your current security posture, identify potential improvements, and implement them in your environment. I will also share some tips and best practices to maintain and monitor your security posture over time.
Assess your current security posture
The first step is to access your environment’s Microsoft Secure Score in the Microsoft 365 Defender portal at https://security.microsoft.com/securescore. You will see a dashboard that shows your current score, the maximum possible score, and the average score of organizations like yours. The dashboard additionally contains a breakdown of your score by different categories: identity, data, and apps.
You will see a list of recommended actions that you can take to improve your security posture in that category. Each action has a description, a point value, and an impact level. You can also see the status of each action, such as whether it is completed, partially completed, not applicable, or ignored. Some actions won’t be possible because your environment lacks the proper licensing. To see your current license score, click on the Include drop down and check the box for “Current license score.” This shows the score that can be achieved with the current Microsoft licensing in place.
Identify potential improvements
The next step is to evaluate each recommendation and decide which ones you want to implement in your environment. You can use the embedded guidance and the links to the product documentation to understand the benefits and the risks of each action. You can also use the impact level to prioritize the actions that have the most effect on your security posture. Determine your plan by deciding what recommendations you will implement and to what extent you will implement them.
Implement the improvements in your environment
The final step is to execute your plan and put in place the improvements in your environment. You can use the implementation tab in each recommended action to identify the license requirement and the next steps provided to configure the recommended security features and settings in your Microsoft 365 environment. If you decide you want to address the concern but with a method not defined by Microsoft, you can edit the status of the recommendation to state it is address by using either a third-party solution or alternate mitigation method.
As you implement the improvements, you will see your Secure Score increase and reflect the changes in your security posture. You will also see the status of each action in your plan change to completed or partially completed, depending on the level of implementation.
Maintain and monitor your security posture
Improving your security posture is not a one-time activity, but a continuous process. You need to maintain and monitor your security posture over time and keep up with the changes in your environment and the threat landscape. Here are some tips and best practices to help you do that:
- Review your Secure Score regularly and check for any new or updated recommendations. Microsoft Secure Score syncs daily to receive system data and updates the recommendations based on the latest security best practices and threat intelligence.
- Use the history, metrics, and trends to track and measure your progress and identify any regressions. Use the comparison feature to benchmark your score against other organizations and see how you rank in terms of security posture.
Microsoft Secure Score is a powerful tool that can help you assess and improve your security posture in Microsoft 365. By following the Secure Score recommendations, you can protect your organization from threats and achieve a higher level of security.
This publication contains general information only and Sikich is not, by means of this publication, rendering accounting, business, financial, investment, legal, tax, or any other professional advice or services. This publication is not a substitute for such professional advice or services, nor should you use it as a basis for any decision, action or omission that may affect you or your business. Before making any decision, taking any action or omitting an action that may affect you or your business, you should consult a qualified professional advisor. In addition, this publication may contain certain content generated by an artificial intelligence (AI) language model. You acknowledge that Sikich shall not be responsible for any loss sustained by you or any person who relies on this publication.