Did you know that Microsoft offers you a quick and easy way to identify how effective your security settings are? If you are a Microsoft 365 user, you can capture a real-time glance at how secure your business is against the ever-changing myriad of cyber threats that are emerging every day.

As Ipswich’s leading IT support service, we aim to empower local businesses by providing the knowledge they need to protect themselves online. Understanding and improving your security settings is not just a task; it’s a way to take control of your business’s security. We can all actively work together to stop the dangers of cybercrime from affecting businesses across the East of England through education and awareness.

What is Microsoft Secure Score?

Microsoft Secure Score is a security monitoring tool. You can discover your security score through the Microsoft 365 Defender dashboard.

It will provide you with a numerical figure out of 100. The higher your score, the more secure your business is.

Secure Score helps organisations:

Report on the current state of the organisation’s security posture.

Improve their security posture by providing discoverability, visibility, guidance, and control.

Compare with benchmarks and establish key performance indicators (KPIs).

Source: Microsoft

By monitoring your Microsoft Secure Score, you can see in real-time how effective your security settings are. You can benchmark your progress and set specific key performance indicators to track what you want to achieve and the improvements you want to make.

Your security score will also allow you to compare your progress against your peers. You will receive comparative progress against businesses of similar size and structure in your sector. This gives you an added level of context and validation that you are continuously making the right decisions to protect your business.

Why is your Microsoft Secure Score important?

We all know that data breaches and cyberattacks are expensive and disruptive. Reacting to a data breach will always be more expensive than proactive preparations to safeguard your data.

That’s why we need to make sure that we take every step possible to protect ourselves and reduce the risk of being affected by a cyberattack.

The Microsoft security score is not just a number; it’s a valuable tool that provides a clear and visual representation of your business’s security. It allows you to identify how secure your business is and understand your progress. As a visual aid, it’s a clear identifying marker that helps you to put your security settings into context, giving you a sense of reassurance and clarity.

With real-time tracking as well as historical data, you can use your score to monitor your progress. You can visually see how changes to your infrastructure could impact your score (positively or negatively), and you can identify where you need to make improvements.

What is a good Microsoft secure score?

In an ideal world, you want to aim for as high a score as possible. That way, you can feel highly confident that you’re doing everything you can to protect yourself.

However, Microsoft secure scores are complex.

It should also be noted that your scores may be limited, depending on the capabilities of your current Microsoft licence.

The Lucid Systems approach to Microsoft Secure Scores

Less than 40% – You should take immediate action to improve your security settings. Your data may be vulnerable to cyberattacks or data loss.

40% – 65% – You are making an effort with your security settings, but you could benefit from additional support to check that all best practice features are being implemented.

Over 65% – All security features are being actively used. Your business is likely doing well in terms of security measures. You will be well protected in the event of a potential security breach.

Over 80% – This is an industry-recommended score and suggests that you are making ample efforts to protect your business.

While we’ve provided a baseline indication of scores in the table above, we refrain from making specific recommendations for individual scores. This is because every business is unique and requires tailored security settings. Microsoft may also limit your score potential based on your licence. As a leading IT support service in Ipswich, we understand the intricacies of the SME sector in Suffolk, Norfolk, and Essex. We are best positioned to guide you on the licences you need and why.

When you engage with us about your MS secure score, we don’t just provide recommendations; we take the time to get to know your business and your wider sector. This collaborative approach ensures that the score we recommend reflects your unique needs and circumstances, making you feel supported and part of a community that values your business’s security.

As Microsoft themselves state, “Keep in mind that security should be balanced with usability, and not every recommendation can work for your environment.”

As part of our score-setting KPIs, we’ll examine the comparison scores for similar-sized organisations (all of which are defined through anonymised data) to give you the additional context behind what your score means.

For example, suppose we aim for a score of 65+. In that case, you may feel that there is still plenty of room for improvement (which there always is – after all, cybersecurity settings will never have a definitive endpoint). However, your peers may be hovering between the 20–40% range. That’s when you can demonstrate to your senior leadership teams or board members that you are making considerable progress above and beyond the current expectations of your sector.

How do you improve your Microsoft secure score?

The good news is that, as part of the security scoring features, Microsoft will provide you with clear recommendations of what steps you need to take to improve your score. It will also confirm what scores are available within your current Microsoft licence.

Those recommendations will be clearly defined within four distinct categories:

  • Identity (Microsoft Entra accounts & roles)
  • Device (Microsoft Defender for Endpoint, known as Microsoft Secure Score for Devices)
  • Apps (email and cloud apps, including Office 365 and Microsoft Defender for Cloud Apps)
  • Data (through Microsoft Information Protection)

Within each category, you’ll be able to see where your secure score points are coming from. You’ll see what points are available and what remedial actions you should take to gain more points. The more points you achieve, the higher your overall security score.

How the Microsoft Secure Score works

You’re given points for the following actions:

  • Configuring recommended security features
  • Doing security-related tasks
  • Addressing the recommended action with a non-Microsoft application or software or an alternate mitigation

Some recommended actions only give points when fully completed. Some give partial points if they’re completed for some devices or users. If you can’t or don’t want to enact one of the recommended actions, you can choose to accept the risk or the remaining risk.

Source: Microsoft

Ranking makes it easy to achieve quick improvements

Your recommended improvements will be ranked in a way that makes it easy to see where your quick wins may lie.

Each improvement will depend on the level of complexity, how difficult it is to implement, and the overall impact on the end user.

By identifying the easy-to-implement/high-user impact improvements, you can make immediate rectifications to improve your MS security score. This might include investing in more robust password management services, setting up multi-factor authentication, reviewing your access settings or setting up data backups or encryption services.

Once you have made any specific changes, you should see an update to your secure score within 28-48 hours.

Which products are included within the secure score?

Microsoft is continually adding new products to their secure score system. By outlining the ideal security settings for each product, you can feel confident that they are integrated in a way which protects your business.

Currently, there are security recommendations for the following products:

  • App governance
  • Microsoft Entra ID
  • Citrix ShareFile
  • Microsoft Defender for Endpoint
  • Microsoft Defender for Identity
  • Microsoft Defender for Office
  • DocuSign
  • Exchange Online
  • GitHub
  • Microsoft Defender for Cloud Apps
  • Microsoft Information Protection
  • Microsoft Teams
  • Okta
  • Salesforce
  • ServiceNow
  • SharePoint Online
  • Zoom

Will the MS secure score include improvements from third-party software?

Yes, you can improve your security score by improvements from third-party software. You will need to tick that you have completed the remedial action by a third party or alternate mitigation.

Microsoft secure score is an ever-changing figure, but you can use it to track progress.

It is essential to know that each month, Microsoft is adding new features and improvement actions to its secure score calculations. That’s why you may see your score fluctuate over different months, even when you’ve invested significantly in cybersecurity improvements.

Here at Lucid Systems, this is a positive thing. Cybersecurity settings will always be a fluctuating process to monitor actively, with new threats emerging every single day. There is no end point to having the perfect cybersecurity defences, so it is essential to think about your score as an ever-evolving insight into how strong your defences are.

The great news is that your Microsoft Secure Score can be used as an opportunity to track how well you are doing, and this can make it much easier to plan for a Cyber Essentials certificate. At a glance, you will know which areas you need to invest in, so you can maximise your IT budget, giving you the best chance for success with any Cyber Essentials or Cyber Essentials Plus application.

If you’d like to know more about your Microsoft security score or you want to find out how you can improve your current score, please get in touch. We can assess your strengths and weaknesses and help you make the improvements you need to keep your business safe from harm.



Karl Wilkinson

Technical Director

About The Author

As Technical Director, Karl is our most senior engineer and responsible for delivering solutions and providing support to our 2nd and 3rd line engineers ensuring that they can resolve any technical issues reported by our clients.