Microsoft 365 Secure Score

As a part of the Microsoft Security Center, Secure Score automatically rates your Office 365 and Windows 10 environment. By following its recommendations, it can help protect your organization from threats. The score is calculated every 24 hours, and it takes up to 48 hours for every change to a measured action to show in the results.

Every Microsoft 365 / Office 365 admin, or a user with required permissions, can reach an organization’s score via the Microsoft Security Center. There are two types of permissions: read & write (global administrator, security administrator, exchange administrator), and read-only roles (security operator, user administrator, helpdesk administrator, etc.).

In the overview page, score points are divided into these groups:

  • Identity: Azure AD
  • Data: Information Protection
  • Device: Defender ATP
  • App: Office 365 email and applications + Cloud App Security
  • Infrastructure: Azure resources

It also shows the total score, graph with benchmark comparisons, and a list of prioritized improvement actions.

How to improve your score?

Security recommendations are located in the improvement actions tab. They show the status of each action, for example: completed, not completed, resolved through the third party, and ignored.

“Not Scored” actions are not tracked by Secure Score. If a certain action becomes tracked and if you already completed it, the secure score will reflect the change.

Multi-factor authentication action updates

For secure access, new improvement actions require registering your users or admins for multi-factor authentication.

Solutions included in Secure Score

Secure Score is available for SharePoint Online, Exchange Online, OneDrive for Business, Information Protection, etc. Other solutions that can be tracked are Intune, Azure AD, and Cloud App Security.

Also, Microsoft recently announced that tracking for Azure ATP and Microsoft Defender will be available soon.

Keep in mind that there is no online service that is 100% immune from security breaches, and increasing the Secure Score is not a guarantee against these breaches.