As cyber threats become more dangerous and sophisticated, Australian businesses must continually adapt their cybersecurity strategies to stay safe. You must implement advanced security measures and ensure your operations comply with data security regulations. However, achieving these can be challenging. Fortunately, Microsoft Secure Score makes it easy to measure and assess your company’s cybersecurity posture.

What is Microsoft Secure Score?

Microsoft Secure Score is a service that evaluates and rates the security measures your company put in place to protect the following elements:

  1. Identity – pertains to Azure Active Directory accounts, access privileges, and account security settings
  2. Device – focuses on endpoint security features like anti-malware, advanced threat detection, and vulnerability management.
  3. Apps – looks at email filtering, data loss prevention policies, and cloud app configurations like Microsoft Teams. 

Secure Score may give your company a low mark if you don’t meet specific baselines — for instance, if multifactor authentication is not enabled or if devices don’t have the latest updates.

Based on periodic assessments, Secure Score provides a list of recommended actions you can take to improve your company’s security posture. These may include setting up advanced ransomware protection, encrypting devices, enabling strict firewall policies, and so on. If you have a licence for Microsoft services like Microsoft 365 and Azure Active Directory, you’ll get security recommendations related to those services.

Moreover, completing recommendations will earn you points. These points are based on an action’s potential impact on your company’s security. This means certain activities will grant more points, helping you prioritise which safety measures to implement first. Secure Score writes the company’s total security score as a percentage and updates it in real-time. Overall, the higher the score, the more robust your company’s cybersecurity posture is.


MS Secure Score


How do you access your security score?

You can access Secure Score through the Microsoft 365 Defender dashboard. Look at the left navigation panel and select ‘Secure Score’. This service is available to enterprises with Microsoft 365 E5 subscriptions.

If you have the subscriptions but do not see the option to access Secure Score, you might not have the correct permissions. Only global, security, Exchange, and SharePoint administrators have read-and-write access to Secure Score. These administrators can also assign read-only access to a select few users, like security analysts.

What is a Good Secure Score?

How to interpret and understand your security strategy based on Microsoft Secure Score? We’ve compiled an industry-based benchmark that can be a good starting point.

  • A Secure Score of 30% and below needs more focus. Your data might be highly vulnerable at this point.
  • Anything between 50% means you have to check and implement best practices.
  • A Secure Score of around 65% tells that all security features are active and your company is doing well in terms of best security measures.
  • While 80% is a score that everyone should target. Additional configurations are required at this point. Above 80% is the industry-recommended score.

However, these numbers are just indicators to tell the business where to improve and to review policies. Ensure that you understand the risks.

You can always talk to Empower IT to review your secure score and suggest appropriate steps for applying security policies.

How does Secure Score enhance your security strategy?

Secure Score gives you a list of cybersecurity threats and the steps you can take to mitigate them. You can set statuses for each security action item from a central dashboard, such as planned, resolved, or risk accepted. This is useful for evaluating the potential impact of each recommendation and deciding what areas of your security framework need the most improvement.

Clicking on one of the recommended security actions will provide even greater detail, including which devices and users are exposed to the threat. You can click on Manage in Microsoft 365 Defender to select the specific configuration setting and make the appropriate changes. Alternatively, if a security risk involves particular users, you can send them an email notification directly from the Secure Score interface.

What’s more, you can produce detailed analytics on how your company’s security score has progressed over time. Secure Score can display trends and show you which actions significantly impacted your company’s overall security posture. It can also preview projected scores when you address all planned security actions, so your goals are always in sight. You can compare your security score against similar businesses and ensure you’re always ahead of the curve.

Microsoft Secure Score offers a comprehensive way to understand and mitigate your vulnerabilities. You will make the most of this powerful security tool by partnering with Empower IT. We’ll not only help you set up a highly secure Microsoft 365 environment, but we can also provide customised and professional cybersecurity services. Reach out to us to increase your Secure Score today.


Empower newsletter

Subcribe to stay in the know about all things IT, tech and business