Microsoft Secure Score gives your Microsoft 365 environment a security rating and shows exactly which steps you can take to improve it. Free and included with M365, but most administrators have never opened it. Here is how to get started today.
Do you know how secure your Microsoft 365 environment is? Most IT administrators have a feeling about the answer, but no concrete number. Microsoft Secure Score gives you that number. It is a free dashboard built into the Microsoft 365 Security Center that measures the security configuration of your tenant across hundreds of checkpoints.
Go to security.microsoft.com and log in with an admin account. In the left menu you will find Secure Score. You immediately see your current score, the maximum score for your environment, and a percentage showing how secure your configuration is relative to the maximum. You also see how your score compares to similar organisations in the same sector and of the same size.
Multi-factor authentication for all users is by far the most impactful measure and also one of the easiest to enable. Microsoft research shows that MFA blocks more than 99 percent of account compromise attacks. Yet a large proportion of SMBs have still not fully enabled this.
In second place is disabling legacy authentication protocols. POP3, IMAP and Basic Auth are not supported by MFA and are therefore a direct backdoor for attackers. They are still active in many environments that were once migrated from an on-premises Exchange server.
Secure Score is not only useful for IT administrators but also as a reporting tool for management. You can export the score to a report and show which improvements have been made in the past quarter. That makes security tangible for decision makers without a technical background.
Secure Score only measures the configuration of your Microsoft 365 environment, not the security of your entire IT infrastructure. A high score means your M365 settings are good, but says nothing about your firewall, on-premises servers or the security of third-party applications. Treat Secure Score as one part of your broader security strategy, not the only measure.
Open security.microsoft.com, navigate to Secure Score and note your current score. Then look at the list of recommendations, sort by point value, and choose the three measures that deliver the most and are immediately actionable. Implement those this week.
Want help interpreting your Secure Score and prioritising the right measures for your organisation? Contact Zarioh for a free security scan.
