There’s a lot of overwhelm when it comes to cybersecurity. It’s difficult for business owners and management teams to know what they’re doing right or where the chinks in their armour lie.
It doesn’t help the anxiety levels when the threats are ever-present – whether it’s phishing or ransomware or stealing of credentials.
If you’re running on the Microsoft 365 Stack, there’s a feature in the Business Premium tier that helps you understand, monitor and improve your defences. It’s called Microsoft Secure Score, and we’re going to discuss it in depth below.
What is Microsoft Secure Score?
Microsoft Secure Score is designed to put a grade on your business’s cybersecurity posture. The security ranking tool is found in the Microsoft Defender portal – it provides a numerical score that gives you a ‘at-a-glance’ summary of where your defences are at.
It arrives at this number by evaluating your environment against its own recommended practices. It’ll take into account device security, passwords, authentication, encryption and other security parameters to do this. You can benchmark your organisation’s status, and monitor how you track over time and how you compare to industry standards.
Secure Score is a useful starting point to your cybersecurity journey. Through it, you can identify areas to improve and create and implement an action plan.
Why Use Secure Score
At Smile IT we advise security-conscious businesses using Microsoft 365 to upgrade to the Business Premium tier. If this is you, you’ll find that Secure Score helps plug the gaps in your security and improve the resilience across your defence surface. Here are some of the real benefits you’ll experience:
- Visibility: You get a clear picture of where you stand with a percentage-based numerical score.
- Prioritisation: Secure Score highlights the actions you can take that will have the most impact.
- Compare: Benchmark your Secure Score against those of industry peers.
- Compliance: Show your security efforts, improvements and compliance to industry regulators or auditors.
- Cyber Insurance: Many insurers now use Secure Score to help determine your cyber security insurance premiums. A better score could mean lower premiums for you.
- Risk reduction: Following the recommendations and improving your score isn’t just about looking good on paper. Your risk profile will decrease and your organisation will be more secure.
How Microsoft Secure Score Categories of Measurement
Secure Score has a solid place in the Microsoft security stack, providing scores for the Windows operating system and Microsoft 365 tenants. It’s constantly evolving too, getting improved and updated regularly.
These are the areas in which it breaks down your security:
- Identity: account protection, multi-factor authentication, privileged roles
- Devices: device management, patching, antivirus, compliance
- Apps: email, cloud apps, and permissions
- Data: information protection, data loss prevention, encryption
- Infrastructure: configurations in Azure, Entra, and hybrid environments
As well as an overall security posture grading, you’ll also get more targeted insights into the above categories.
What Secure Score Doesn’t Do
Secure Score is an assessment and guidance tool – it’s not an all-encompassing solution to your business cybersecurity problems. You need to know what the tool can do, but it’s also important to understand what it can’t do:
- It’s not a guarantee. A high score doesn’t mean you’re immune to cyberattacks. It just means you’ve implemented Microsoft’s recommended controls.
- It’s licence dependent. Your achievable maximum score depends on the Microsoft licences you hold. Some advanced recommendations require higher-tier subscriptions.
- It’s Microsoft-focused. There might be third-party tools and systems you use that it doesn’t take into account in arriving at your score.
Secure Score is an indicator – it’s not going to solve your cybersecurity problems for you. Further strategising and implementation will be required, depending on your business and its context.
What’s a Satisfactory Secure Score?
Image credit: Microsoft
This varies depending on the size of your organisation and the complexity of your systems. We wouldn’t say there’s a universal target you should be aiming for, but generally if you’re scoring above 80% that’s considered a decent outcome. If you’re coming in at around the 30 or 40% mark, it’s indicative of some serious holes in your defences that you need to get fixed ASAP.
If you’re concerned about your security score, speak to one of our techs. We can discuss where you should realistically be sitting and where you can improve.
How to Improve Your Microsoft Secure Score
The beauty of Secure Score is that it will identify vulnerabilities and outline the steps you need to take to plug the gaps. Some of these could include the following:
-
Enable Multi-Factor Authentication (MFA)
MFA is highly effective, to the point that it needs to be a prerequisite in your organisation.
-
Reduce Legacy Authentication
Older authentication protocols such as IMAP or POP3 are more vulnerable. Disabling them will help improve your score.
-
Apply Conditional Access Policies
Set rules for when and how users can access resources. For example, require MFA if someone signs in from an unfamiliar location.
-
Manage Devices with Intune or Endpoint Manager
Ensure all devices in your network are patched and compliant with your security policy.
-
Strengthen Data Protection
Implement encryption, data loss prevention (DLP) and information protection labels. You want to keep sensitive data within your organisation.
Upgrade to Business Premium with Smile IT
If you’re a cyber-aware business seeking more resilience across your operating environment, upgrading to Microsoft 365 Business Premium is the logical choice. It provides you with a range of security features, from Microsoft Defender to conditional access and Intune MDM.
You also get Access to Microsoft Secure Score, which helps you turn the overwhelm of cybersecurity into a set of measurable and practical actions. Hopefully the information above has helped you see the benefits of this insightful tool! It can guide you to reduced risk and improved compliance while helping you track and maintain your progress.
If you’d like to chat more about Secure Score or would like to learn about the security benefits of upgrading to Business Premium, get in touch with Smile IT. Our team is all about creating stronger and more resilient workplaces. We’d love to help you achieve that!
When he’s not writing tech articles or turning IT startups into established and consistent managed service providers, Peter Drummond can be found kitesurfing on the Gold Coast or hanging out with his family!