• Home
  • What is Microsoft Secure Score and How Do I Improve It?

What is Microsoft Secure Score and How Do I Improve It?

Microsoft Support West Michigan IT
05Jun

What is Microsoft Secure Score and How Do I Improve It?

Microsoft Secure Score is a tool designed to help organizations assess and improve their cybersecurity posture.

It evaluates your company’s use of Microsoft’s security features and offers a score based on how well you’re aligning with best security practices.

The score, shown as a percentage in your Microsoft 365 Defender portal, does not measure your risk of getting breached. However, it does offer you:

  • Actionable insights: These suggestions are tailored to your current setup and are designed to be practical and impactful.
  • Cost-effective security planning: Secure Score helps identify security enhancements that can be made without additional costs, such as settings adjustments within your existing licenses.
  • Dynamic scoring: Your score can change over time, not only because of actions you take but also as new threats emerge and Microsoft updates its recommendations.
Microsoft Secure Score West Michigan IT

How Does Secure Score Work?

Microsoft awards points based on configuring recommended security features, doing security-related tasks, or addressing the recommended action with a non-Microsoft application or software, or an internal tool.

Some recommended actions only give points when fully completed, but some actions will award partial points if they are completed for some devices or users.

If there are actions you don’t want to take, you can choose to accept the risk or the remaining risk.

If you have a license for one of the supported Microsoft products, you’ll see recommendations for that product. You’ll also see a full list of recommendations for that product regardless of license edition, subscription or plan. This allows you to see how upgrading to a higher-level plan can change your Secure Score.

With that being said, not every organization is going to need to follow Microsoft’s recommendations to a T. Security should be balanced and work for your environment.

It generally takes 24 hours for your Secure Score to change after any actions you take.

Because there are hundreds of possible actions to implement, your IT staff or managed service provider can discuss ways to improve your Secure Score, some of which might require add-ons or a higher subscription level.

However, if your organization’s score is less than 70%, there are settings you can turn on for free — regardless of your subscription plan — to improve your score that will have almost zero disruption to your business workflow.

“There’s a lot that goes into security, and Microsoft’s Secure Score is a good way to determine what you are doing right and what could improve.”

How Can I Improve My Secure Score?

Not all actions require purchasing add-ons or upgrading to a higher subscription level. There are actions you can take right now that will improve your score immediately.

These actions — which will enhance authentication measures, improve email security, streamline access and sharing controls, empower your employees and strengthen ongoing security efforts — make up a solid baseline of security that every organization should follow.

They include:

  • Automate multifactor authentication (MFA) enforcement: Ensure every account is secured by multifactor authentication by default, minimizing the risk of misconfiguration and human error.
  • Anti-spam and anti-phishing policies: Reduces spam, phishing and malware by quarantining suspicious emails until released or blocked.
  • Safe links and safe attachments: Protects against sophisticated phishing and malware attacks from email links or attachments.
  • Email security enhancements: Secure sensitive emails through automatic encryption and disable auto-forwarding to external accounts, addressing a frequent method used by attackers to access sensitive information.
  • Block legacy authentications: Outdated authentication methods are a common attack vector; blocking these can significantly reduce an organization’s attack surface.
  • External sharing and access restrictions: Prevent unauthorized sharing of calendar details, restrict external guest access to company resources and ensure that admin sessions do not remain active indefinitely.
  • Unified audit log: Essential for security monitoring and incident response, offering visibility across various activities within the organization.
  • Mobile application management: Protect company data on employee mobile devices through application management policies.
  • Self-service password reset: Empower users with the ability to manage their own account recovery.
  • Location-based login security: Only allow access from within the United States.

If you have any questions about how to improve your Secure Score, your IT staff or managed service provider can discuss how to implement these features or settings.

Why Doesn’t Microsoft Enable These Security Suggestions by Default?

There are a few reasons why Microsoft does not enable most of the security suggestions by default, despite their potential to significantly improve an organization’s security.

  1. Diverse user base: Microsoft serves a wide array of users with distinct security needs, making it impractical to enable advanced security features by default without disrupting some users’ workflows or fitting poorly with certain operational needs.
  2. Compatibility issues: Enabling security features automatically could cause conflicts with older systems and third-party apps, risking operational disruptions for certain organizations.
  3. User experience and adoption: Security enhancements like multifactor authentication, while vitally important, may reduce convenience. Microsoft prefers to recommend, rather than mandate, these features to balance between improving security and maintaining user friendliness.

There’s a lot that goes into security, and Microsoft’s Secure Score is a good way to determine what you are doing right and what could improve.

Depending on the size and scope of your organization, you might not need to implement every security feature the Secure Score recommends.

Speak with your IT team or managed service provider if you have questions about specific ways to improve your Secure Score.

Find Out More Ways to Improve Your Secure Score

If you’re looking to improve organizational security while keeping your business running smoothly and increasing productivity, contact us here.

Did you like this blog? You can subscribe to our newsletter to receive a weekly email with our latest blog posts.

Get Support

Share this post

Related Posts

Take Advantage of Tax Benefits by Upgrading to Windows 11 Now
30Sep

Take Advantage of Tax Benefits by Upgrading to Windows 11 Now

The Windows 10 end date is nearly here. On Oct. 14,... read more

Why Do We Encourage Our Clients to Use Microsoft Edge Over Google Chrome?
25Sep

Why Do We Encourage Our Clients to Use Microsoft Edge Over Google Chrome?

Since releasing in 2008, Google steadily captured more and more... read more

23Sep

How to Access Clipboard History in Windows

If you use the copy and paste commands frequently, you’ve... read more

Committed vs. Uncommitted Microsoft 365 Licenses
09Sep

Committed vs. Uncommitted Microsoft 365 Licenses

You’ve probably heard of the different Microsoft 365 plans, which... read more

What To Do If Your Credentials Are Stolen
04Sep

What to Do if Your Credentials Are Stolen

Editor’s note: If you believe you just actively gave away... read more

Apple's Mail App Managed IT Cybersecurity
28Aug

4 Reasons Why Your Employees Should Stop Using Apple’s Mail App for Work Email

The iPhone Mail app allows users to access email from... read more

How to Use Outlook Archive to Keep Your Inbox Storage Smaller
26Aug

How to Use Outlook Archive to Keep Your Inbox Storage Smaller

Have you ever gotten so many emails that you exhaust... read more

Things to Consider Regarding Hotspots for Your Employees
19Aug

Things to Consider Regarding Hotspots for Your Employees

Hotspots are great for connecting devices to the internet when... read more

Did You Get a Scary Email? Here's What to Do
29Jul

Did You Get a Scary Email? Here’s What to Do.

Unexpected emails should raise red flags. Especially ones that ask... read more

Password vs Passphrase Which is Better?
24Jul

Password vs. Passphrase: Which One is Better?

Passwords and passphrases are used as authentication measures to access... read more