Sep 24, 2020


Cloud & Infrastructure


Todd Knapp

According to Cisco’s 2018 Security Capabilities Benchmark Study, budget constraints were found to be the biggest obstacle to improving organizational security. With the increasingly large pool of endpoints entering environments, coupled with the complexity of managing cloud data and infrastructure, it’s easy to see why budget could quickly become a roadblock. Fortunately, if you’re a Microsoft 365 subscriber, there’s a tool available that may serve to significantly enhance your current cybersecurity efforts. The best part? It’s comes complimentary with your subscription.

The Power of Microsoft Secure Score

Microsoft’s “Secure Score” is a security analytics tool offered as a part of the Microsoft 365 security center. To view your organization’s Secure Score, you must be assigned one of the following roles in Azure Active Directory: Global Administrator, Security Administrator, or Security Reader. Upon logging into the platform, the tool analyzes your Microsoft 365 environment, provides unique numerical scores, and suggests refinements to your environment that will help to reduce the risk of a cyber incident.

Secure Score dashboard improvement actions

Your score is calculated based on the sum of security controls that you have/have not implemented already. The suggestions provided are prioritized based on both the effectiveness of the action, as well as that action’s impact on end users. Thus, actions that are highly effective in terms of boosting security, but have low impact on users, will appear at the top of the list. In the same fashion, actions that are both less effective and more disruptive to users will be placed near the bottom of the list.

Recommendations & Scoring Breakdown

Secure Score dashboard improvement actions

The recommendations provided by Microsoft are organized into the following groups to help users focus their security efforts:

  1. Identity
  2. Data
  3. Device
  4. Apps
  5. Infrastructure (coming soon)

Upon clicking an improvement action recommended by the tool, the Secure Score dashboard provides you with the following options:

  • View settings
  • Resolve through third party
  • Ignore
  • Review

Based on the action that you select, the total number of Secure Score points you can achieve will either increase or decrease. While some controls are scored in a binary fashion (you’ll receive 100% of the points associated with the recommendation item upon completion), others are calculated as a percentage of the total allotted points available based upon your progress with a particular action.

Tracking & Comparing

Score Analyzer tab on Secure Score dashboard

The “Score Analyzer” tab on the Secure Score dashboard allows you to track your score over time and see how the suggestions you’ve applied in the past have impacted your overall score. The Analyzer tool provides timelines for the past 7 days, 30 days, and the last 3 months. One of the newer features of this tab is the “Compare Scores” option, which allows you to select two dates to compare the scores on.

Another helpful tracking feature can be found in the “History” tab. This tab allows you to view the global and industry averages of the Secure Scores for all Microsoft 365 users. In a recent update, Microsoft also added the “Similar Seat Count” comparison option. This provides a more relevant comparative score based on organizations that have a similar number of Office 365 active seats.

Leveraging this Dynamic Tool

This blog just scratches the surface of all that Microsoft Secure Score can do to improve the security posture of your organization. While the Secure Score dashboard is a helpful tool for monitoring and managing your Microsoft infrastructure, identities, data, and devices, it should be just one small part of your overall security plan. If you have concerns about your organization’s security, or if you have questions about Secure Score, we can help. Connect with our security experts today to learn how we can help you protect your people and your company.

Explore our cybersecurity services to find out how you can further protect your organization and its people.