What is Microsoft Secure Score and How Do I Improve It?

Microsoft Support West Michigan IT

What is Microsoft Secure Score and How Do I Improve It?

Microsoft Secure Score is a tool designed to help organizations assess and improve their cybersecurity posture.

It evaluates your company’s use of Microsoft’s security features and offers a score based on how well you’re aligning with best security practices.

The score, shown as a percentage in your Microsoft 365 Defender portal, does not measure your risk of getting breached. However, it does offer you:

  • Actionable insights: These suggestions are tailored to your current setup and are designed to be practical and impactful.
  • Cost-effective security planning: Secure Score helps identify security enhancements that can be made without additional costs, such as settings adjustments within your existing licenses.
  • Dynamic scoring: Your score can change over time, not only because of actions you take but also as new threats emerge and Microsoft updates its recommendations.
Microsoft Secure Score West Michigan IT

How Does Secure Score Work?

Microsoft awards points based on configuring recommended security features, doing security-related tasks, or addressing the recommended action with a non-Microsoft application or software, or an internal tool.

Some recommended actions only give points when fully completed, but some actions will award partial points if they are completed for some devices or users.

If there are actions you don’t want to take, you can choose to accept the risk or the remaining risk.

If you have a license for one of the supported Microsoft products, you’ll see recommendations for that product. You’ll also see a full list of recommendations for that product regardless of license edition, subscription or plan. This allows you to see how upgrading to a higher-level plan can change your Secure Score.

With that being said, not every organization is going to need to follow Microsoft’s recommendations to a T. Security should be balanced and work for your environment.

It generally takes 24 hours for your Secure Score to change after any actions you take.

Because there are hundreds of possible actions to implement, your IT staff or managed service provider can discuss ways to improve your Secure Score, some of which might require add-ons or a higher subscription level.

However, if your organization’s score is less than 70%, there are settings you can turn on for free — regardless of your subscription plan — to improve your score that will have almost zero disruption to your business workflow.

“There’s a lot that goes into security, and Microsoft’s Secure Score is a good way to determine what you are doing right and what could improve.”

How Can I Improve My Secure Score?

Not all actions require purchasing add-ons or upgrading to a higher subscription level. There are actions you can take right now that will improve your score immediately.

These actions — which will enhance authentication measures, improve email security, streamline access and sharing controls, empower your employees and strengthen ongoing security efforts — make up a solid baseline of security that every organization should follow.

They include:

  • Automate multifactor authentication (MFA) enforcement: Ensure every account is secured by multifactor authentication by default, minimizing the risk of misconfiguration and human error.
  • Anti-spam and anti-phishing policies: Reduces spam, phishing and malware by quarantining suspicious emails until released or blocked.
  • Safe links and safe attachments: Protects against sophisticated phishing and malware attacks from email links or attachments.
  • Email security enhancements: Secure sensitive emails through automatic encryption and disable auto-forwarding to external accounts, addressing a frequent method used by attackers to access sensitive information.
  • Block legacy authentications: Outdated authentication methods are a common attack vector; blocking these can significantly reduce an organization’s attack surface.
  • External sharing and access restrictions: Prevent unauthorized sharing of calendar details, restrict external guest access to company resources and ensure that admin sessions do not remain active indefinitely.
  • Unified audit log: Essential for security monitoring and incident response, offering visibility across various activities within the organization.
  • Mobile application management: Protect company data on employee mobile devices through application management policies.
  • Self-service password reset: Empower users with the ability to manage their own account recovery.
  • Location-based login security: Only allow access from within the United States.

If you have any questions about how to improve your Secure Score, your IT staff or managed service provider can discuss how to implement these features or settings.

Why Doesn’t Microsoft Enable These Security Suggestions by Default?

There are a few reasons why Microsoft does not enable most of the security suggestions by default, despite their potential to significantly improve an organization’s security.

  1. Diverse user base: Microsoft serves a wide array of users with distinct security needs, making it impractical to enable advanced security features by default without disrupting some users’ workflows or fitting poorly with certain operational needs.
  2. Compatibility issues: Enabling security features automatically could cause conflicts with older systems and third-party apps, risking operational disruptions for certain organizations.
  3. User experience and adoption: Security enhancements like multifactor authentication, while vitally important, may reduce convenience. Microsoft prefers to recommend, rather than mandate, these features to balance between improving security and maintaining user friendliness.

There’s a lot that goes into security, and Microsoft’s Secure Score is a good way to determine what you are doing right and what could improve.

Depending on the size and scope of your organization, you might not need to implement every security feature the Secure Score recommends.


Speak with your IT team or managed service provider if you have questions about specific ways to improve your Secure Score.

Find Out More Ways to Improve Your Secure Score

If you’re looking to improve organizational security while keeping your business running smoothly and increasing productivity, contact us here.

Did you like this blog? You can subscribe to our newsletter to receive a weekly email with our latest blog posts.

Share this post