Secure Score
Microsoft Secure Score measures your organization’s security posture. Higher scores indicate better protection. Track progress and implement recommendations to improve.
Score Overview
- 72% — Current Score (+3% from last month)
- 540 — Points Achieved (out of 750 possible)
- +85 — Points Available (from recommendations)
Score Categories
Identity — 85%
MFA, Conditional Access, PIM, identity protection policies
Device — 68%
Intune compliance, BitLocker, Defender for Endpoint, security baselines
Apps — 78%
OAuth app permissions, cloud app security, app consent policies
Data — 52%
DLP policies, sensitivity labels, information protection, encryption
Improvement Actions
Recommendations sorted by impact and implementation difficulty:
- Enable MFA for all users — Identity, High Impact, Easy — +15 pts (Quick Win)
- Block legacy authentication — Identity, High Impact, Medium — +12 pts
- Enable BitLocker on all devices — Device, Medium Impact, Medium — +10 pts
- Configure DLP policies for sensitive info — Data, High Impact, Complex — +18 pts
- Enable Safe Attachments for SharePoint — Apps, Medium Impact, Easy — +8 pts
Action Statuses
- 45 — Completed
- 12 — In Progress
- 8 — Planned
- 5 — Risk Accepted
Score History
Track score trends over time. The chart shows daily scores for the last 90 days. Use this to correlate score changes with security improvements or incidents.
Comparison
See how your score compares:
- Similar Organizations — Companies of similar size and industry
- All Microsoft 365 Tenants — Global percentile ranking
- Your Other Tenants — Compare across your customer portfolio (MSP)
Graph API Endpoints
GET /security/secureScoresGET /security/secureScoreControlProfilesPATCH /security/secureScoreControlProfiles/{id}
API Reference
GET /api/security-defender/secure-score— Get current secure score and historyGET /api/security-defender/secure-score/recommendations— List improvement actions with pointsPOST /api/security-defender/secure-score/actions/:actionId/status— Update action status (planned, in progress, risk accepted)
Last updated on