Skip to Content
SecurityImprovement Actions

Improvement Actions

Discover and track security improvement actions to increase your Microsoft Secure Score. Each action represents a specific security configuration that strengthens your organization’s security posture when implemented.

Note: Improvement actions are recommendations from Microsoft Secure Score. Completing actions increases your score and reduces risk. Actions are weighted by security impact.

Score Overview

  • 67% — Current Score
  • +15% — Potential Increase
  • 42 — Actions Available
  • 8 — In Progress

Action Categories

Identity

MFA enrollment, conditional access policies, password policies, admin role protection, and identity governance.

Progress: 72%

Data

Information protection, DLP policies, sensitivity labels, encryption settings, and data governance.

Progress: 58%

Device

Intune compliance policies, endpoint protection, BitLocker, application control, and device configuration.

Progress: 65%

Apps

OAuth app permissions, consent policies, app governance, and third-party application security.

Progress: 81%

Actions List

ColumnDescription
ActionTitle of the improvement action
CategoryIdentity, Data, Device, or Apps
PointsScore points earned when completed
StatusTo address, In progress, Completed, Resolved
User ImpactLow, Medium, or High impact on users
Implementation CostEffort required: Low, Medium, High

Top Recommendations

Require MFA for all users (+9 pts)

Enable multi-factor authentication for all users through Conditional Access or Security Defaults to protect against credential theft.

  • Category: Identity
  • User impact: Medium

Designate fewer than 5 global admins (+4 pts)

Reduce the number of global administrators to minimize the blast radius of a compromised admin account.

  • Category: Identity
  • User impact: Low

Turn on audit data recording (+3 pts)

Enable unified audit logging to track user and admin activities for security investigations and compliance.

  • Category: Data
  • User impact: Low

Enable BitLocker encryption (+5 pts)

Require BitLocker drive encryption on all Windows devices through Intune policy to protect data at rest.

  • Category: Device
  • User impact: Low

Action Status

To Address

Action has not been started. Represents a security gap that should be evaluated for implementation.

In Progress

Action is being implemented. Partially completed or in pilot phase. Track progress notes here.

Completed

Action is fully implemented. Automatically detected by Microsoft or manually marked as complete.

Resolved Through Third Party

Addressed through a non-Microsoft solution. Claim partial or full points with justification.

Planned

Scheduled for future implementation. Set target date and track in project planning.

Risk Accepted

Organization accepts the risk and chooses not to implement. Document risk acceptance rationale.

Action Details

Description

Detailed explanation of the security control and why it matters. Includes links to Microsoft documentation.

Implementation Steps

Step-by-step guidance for implementing the action. Links to relevant admin portals and configuration pages.

User Impact Analysis

Expected impact on end users. Communication recommendations and change management guidance.

Notes & History

Add custom notes, track implementation progress, and view status change history.

Filtering & Prioritization

By Category

Filter to Identity, Data, Device, or Apps categories based on your current security priorities.

By Points

Sort by point value to focus on high-impact actions that significantly increase your score.

By User Impact

Filter to low user impact actions for quick wins that don’t require extensive change management.

By Implementation Cost

Find low-effort actions to implement quickly or plan for high-effort projects.

Best Practices

  • Start with quick wins — Implement low user impact, low cost actions first to build momentum.
  • Prioritize identity actions — Identity is the primary attack vector — MFA and admin protection have high ROI.
  • Track progress over time — Set score improvement goals and review progress monthly.
  • Document risk acceptances — If not implementing an action, document the business justification.

API Reference

  • GET /api/security/improvement-actions — List all improvement actions
  • GET /api/security/improvement-actions/:id — Get action details and implementation steps
  • PUT /api/security/improvement-actions/:id/status — Update action status
  • POST /api/security/improvement-actions/:id/notes — Add notes to an action
  • GET /api/security/improvement-actions/summary — Get score summary by category
Last updated on
Session PoliciesInformation Barriers