Microsoft Secure Score

Microsoft Secure Score: What Is it And How To Use It To Improve Your Security?

Cybersecurity risks are always changing, with new threats each year. Regularly assess your security measures to protect against vulnerabilities. One tool for this is Microsoft Secure Score.

This article will explain what Secure Score is, how it works in your IT setup, how to evaluate and how to increase your Secure Score.

What is Microsoft Secure Score?

Microsoft Secure Score, part of Microsoft 365, is a security analytics tool. It helps organisations improve their security by offering practical insights and suggestions. Secure Score evaluates an organisation’s Microsoft 365 setup and assigns a numerical rating with security recommendations based on industry standards.

The tool suggests changes to your current policies or new implementations to improve your Secure Score. These recommendations follow best practices endorsed by Microsoft and industry experts. Following these suggestions can improve your security and reduce the risk of potential attacks.

What Does Secure Score Help With?

Secure Score helps monitor and report an organisation’s security posture. It provides guidance, visibility, and control to improve security metrics and trends. You can compare your score with benchmarks to set key performance indicators.

Secure Score integrates with other Microsoft products and reflects the actions of third-party solutions. It also lets you compare your score with similar organisations.

How Microsoft Secure Score Works

You get points for:

  • Doing security-related tasks
  • Configuring recommended security features
  • Addressing recommended actions with non-Microsoft software or alternate mitigations

Some actions give points only when fully completed, while others give partial points for partial completion. If you can’t or don’t want to complete a recommended action, you can accept the risk or the remaining risk.

With a supported Microsoft product license, you’ll see recommendations for those products. We show all possible recommendations regardless of license details, so you can understand best practices and improve your score. Your Secure Score remains the same regardless of your specific product licenses. Security should always balance with usability and not every recommendation will fit your environment.

Your score updates in real time to reflect visualisations and recommended actions. Secure Score syncs daily to update your achieved points for each action.

How Recommended Actions Are Scored?

Each recommended action is worth up to 10 points and is usually scored in a binary way. You earn all the points if you complete the action, like creating a new policy or enabling a setting. Some actions are scored based on the percentage of completion.

Products Included in Microsoft Secure Score

Here are the recommended products:

  • Microsoft Entra ID
  • App governance
  • Citrix ShareFile
  • Microsoft Defender for Identity
  • Microsoft Defender for Endpoint
  • Microsoft Defender for Office
  • Exchange Online
  • Docusign
  • Microsoft Teams
  • GitHub
  • Microsoft Information Protection
  • Microsoft Defender for Cloud Apps
  • Salesforce
  • Okta
  • ServiceNow
  • Zoom
  • SharePoint Online

Recommendations for other security products will be available soon. They won’t cover all attack surfaces but will provide a good baseline. You can mark the recommended actions as covered by a third party or alternate mitigation.

Secure Score Permissions

Secure Score Permissions

Manage permissions with Microsoft Defender XDR Unified role-based access control (RBAC)

With Microsoft Defender XDR Unified role-based access control (RBAC), you can create custom roles with specific permissions for Secure Score. This lets you control which users can access Secure Score data and the products for which they’ll see this data, like Microsoft Defender for Endpoint, and their permission levels.

You can also manage user permissions to access Secure Score data from other supported products. For more details, see the Products included in Secure Score. View the Secure Score data from these sources either alone or combined with other data sources.

See Microsoft Defender XDR Unified role-based access control (RBAC) to manage your Secure Score permissions.

Microsoft Entra Global Roles Permissions

Microsoft Entra global roles (e.g., Global Administrator) can still access Secure Score. Users with these roles but not assigned to a custom role in Microsoft Defender XDR Unified RBAC can view and manage Secure Score data as follows:

Roles with read and write access:

  • Global administrator
  • Exchange administrator
  • Security administrator
  • SharePoint administrator

These roles can make changes, interact with Secure Score, and assign read-only access to others.

Roles with read-only access:

  • User administrator
  • Helpdesk administrator
  • Service support administrator
  • Security operator
  • Security reader
  • Global reader

These roles cannot edit status, notes, score zones, or custom comparisons.

Microsoft 365 Secure Score Improvement Actions

Many organisations find improving their Microsoft 365 Secure Score hard because they don’t understand how it works.

To improve your Security Score, start by focusing on high-impact areas identified by the tool. For example, prioritise fixing weak passwords and enabling multi-factor authentication. Tackling these simple tasks first can quickly increase your Security Score.

Use the security features available in Microsoft 365. Enable options like multi-factor authentication, data encryption, data backup, and access controls.

Implement policies to ensure consistent security across all users and devices in your organisation. This guide can help you create your cybersecurity policies.

What is a Good Microsoft 365 Secure Score?

Aiming for a 100% Secure Score is ideal for any business or individual. However, this can be challenging, especially if cyber security is not your expertise. An 80% Secure Score or above is also considered secure according to Microsoft standards.

A 60% Secure Score or below indicates vulnerability to security threats. Implementing industry-standard security practices is necessary to protect your data.

It’s crucial to improve your Security Score promptly to prevent threats. Your team will need technical knowledge and experience to strengthen your infrastructure. Engage with your IT team or cyber security service provider to find effective ways to raise your Security Score so you can focus on your goals.


How do I check my Microsoft secure score?

To check your current score, visit the Microsoft Secure Score overview page. Find the tile labelled “Your secure score.” Your score will be shown as a percentage, along with the points you’ve earned out of the total possible points.

How do I improve my Microsoft Secure Score?

  • To improve your organisation’s Microsoft 365 Secure Score, follow these steps:
  • Check the Secure Score dashboard for security recommendations.
  • Follow Microsoft’s guidelines for best security practices.
  • Educate users about security threats and safe practices.
  • Keep all software and systems updated with the latest security patches.
  • Enable multifactor authentication (MFA) for user accounts.
  • Ensure users have only the permissions they need for their role.
  • Monitor security alerts and respond promptly.
  • Apply security measures to all devices accessing your organisation’s resources.

How do I see my Microsoft Secure score?

To see your current score, visit the Microsoft Secure Score overview page. Look for the tile labelled “Your secure score.”

Scroll to Top