Security (Defender)
MFA, Conditional Access, threat protection, and identity security management.
Secure Score
Path: Security → Secure Score
Microsoft Secure Score provides a measurement of your organization’s security posture.
- Current Score — Points achieved vs maximum
- Categories — Identity, Data, Device, Apps
- Improvements — Actionable recommendations
- History — Score trend over time
MFA Status
Path: Security → Identity Protection → MFA Status
- MFA Enabled — Users with MFA configured
- MFA Disabled — At-risk accounts
- Auth Methods — Authenticator, SMS, FIDO2
Conditional Access
Path: Security → Identity Protection → Conditional Access
Control access to apps based on conditions like user, device, location, and risk.
| Component | Options |
|---|---|
| Assignments | Users, Groups, Roles, Guest users |
| Conditions | Locations, Device platforms, Client apps, Risk levels |
| Access Controls | Grant, Block, Require MFA, Require compliant device |
| Session | Sign-in frequency, Persistent browser, App restrictions |
Named Locations
Define trusted network locations for Conditional Access policies:
- IP Ranges — Corporate office IP addresses, VPN ranges
- Countries/Regions — Allow or block by geographic location
Admin Roles
Path: Security → Privileged Access → Admin Roles
- Global Admin
- User Admin
- Security Admin
- Exchange Admin
- Teams Admin
- Intune Admin
- Billing Admin
- Custom Roles
Data Protection
DLP Policies
Path: Security → Data Protection → DLP
- Create and manage DLP policies
- Define sensitive information types
- View DLP incident reports
- Configure policy tips and notifications
Sensitivity Labels
Information protection labels with encryption and access control settings for documents and emails.
Security Alerts
Path: Security → Alerts
- High Severity — Immediate action required
- Medium Severity — Review within 24 hours
- Low/Informational — Awareness items
Last updated on