Skip links

Microsoft Secure Score

What is Microsoft Secure Score?

The Microsoft Secure Score is a measure of an organization’s overall security posture. It can be found in the Security Portal of Microsoft 365. The Secure Score recommendations can help organizations protect themselves from threats. They can also monitor and secure their Microsoft 365 identities and devices.

Secure Score helps organizations:

  • Report on the current state of the organization’s security posture.
  • Improve their security posture by providing discoverability, visibility, guidance, and control.
  • Compare with benchmarks and establish key performance indicators (KPIs).

With the Microsoft Score, organizations can easily visualize and compare their various metrics and trends. It can also inform and recommend actions based on their recommendations.

How it works

You’re given points for the following actions:

Setting up recommended security features can be challenging, but it can be done with the help of third-party apps or software. Some improvement actions only provide points once all of them have been completed. Some partial points are given for certain devices or users.

If you have a license for a specific Microsoft product, then you will see recommendations for that product. These recommendations will show you the latest security improvements and help improve your score. A secure Score is an easy-to-use tool that displays all of the information presented on the Microsoft 365 Defender page.


How to utilize it

Check your current score

You can check your current score by going to the Secure Score overview page. You can also customize the number of views that appear on the graph next to your score. These views will be displayed in the point breakdown chart and the Score tile.

The following are scores you can add to your view of your overall score to give you a fuller picture of your overall score:

  • Planned score: Show projected score when planned actions are completed
  • Current license score: Show score that can be achieved with your current Microsoft license
  • Achievable score: Show score that can be achieved with your Microsoft licenses and current risk acceptance


Compare your score with organizations like yours

You can compare your current score with organizations like yours by going to the Secure Score overview page.

Comparison bar chart

The comparison bar chart is the Overview tab. Hover over the chart to view the score and score opportunity. The comparison data is anonymized so we don’t know exactly which others tenants are in the mix.

Organizations like yours

An average score of other tenants (provided we have at least five or more tenants to compare) that qualify with the following criteria:

  1. Same industry
  2. Same organization size
  3. All regions
  4. Microsoft products used are 80% similar
  5. Opportunity (max score that can be achieved by current license) within a 20% range from your tenant


View improvement actions and decide on an action plan

The Improvement actions tab shows the security recommendations that are intended to address possible attack surfaces.

When you select a specific improvement action, a full-page flyout appears.

On the General page, you can see the description of the action and the possible impact for the users after taking the action.

On the Implementation page, you can check the prerequisites of the action and it lets you know what plan or subscription is needed to enable the option if the prerequisites are not met.

You can view all history for that specific improvement action, select the history link in the flyout.

Products included in Secure Score

Currently, there are recommendations for the following products:

  • Microsoft 365 (including Exchange Online)
  • Azure Active Directory
  • Microsoft Defender for Endpoint
  • Microsoft Defender for Identity
  • Defender for Cloud Apps
  • Microsoft Teams


Security defaults

There are some default settings in Azure Active Directory to help protect your organization with pre-configured settings for common attacks.

If you turn on security defaults, you’ll be awarded full points for the following improvement actions:

  • Ensure all users can complete multi-factor authentication for secure access (9 points)
  • Require MFA for administrative roles (10 points)
  • Enable policy to block legacy authentication (7 points)

Just by enabling security defaults, it increases the secure score by 26 points. It is highly recommended to configure this at least when setting up the Microsoft 365 administrator account.


Required permissions

To have permission to access Microsoft Secure Score, you must be assigned one of the following roles in Azure Active Directory.

Read and write roles

With read and write access, you can make changes and directly interact with Secure Score. You can also assign read-only access to other users.

  • Global administrator
  • Security administrator
  • Exchange administrator
  • SharePoint administrator


For more IT tips & information, please visit our articles, such as:

IT Tips: Computer Security & Protection

Public Wi-Fi security 101: how to stay safe