What is Microsoft SecureScore?

Microsoft Secure Score is part of the Microsoft 365 Security Centre, and gives a representative indication of an organisation’s security across key areas.

Secure Score shows you a relative security ‘score’ as a percentage against a set of defined security defaults- the more security controls and practices your environment includes, the higher your score.

Microsoft base your score against a baseline level of security that you can use to assess your company’s current level of security and risk awareness. Alongside your current score, it provides ways you can increase your score- and the security of your Cloud-based environments- by enabling or applying certain features or policies, for example:
– Enabling Multi-Factor Authentication for all users, and mandating it for Admin accounts
– Restricting access to admin functions
– Blocking outdated or less-secure methods of authentication
– Enabling Bitlocker on all supported devices

Taking into account security policies and settings applied to all Microsoft 365 solutions such as Exchange Online and Azure Active Directory, as well as other cloud-based or cloud-managed tools such as Defender and Teams, your Secure Score is a useful indicator of security practices but not proof that your organisation is ‘secure’.

It is intended as a tool to show you how you can become more secure against common threats and to guard against insecure configurations, but does not replace the standard security processes and policies that you should have in place for your business. Secure Score should be used to evaluate and validate to some extent your pre-existing security practices- and can help you define such policies and practices, helping you ensure they are still fit for purpose in a Cloud environment.