What is your Microsoft Secure Score?

Managing your small business’ cybersecurity requires a multi-layered approach. One of the most important steps is being aware of your risk. If your business has adopted Microsoft 365, you are now provided with a security score. A Microsoft Secure Score is a real-time measurement of an organization’s security assigned by Microsoft to help organizations best understand their security posture and how to improve it. Having a strong Microsoft Secure Score is not just important for risk awareness and keeping on top of your cybersecurity roadmap, but it’s also now being requested for by some insurers for cyber liability insurance.  

Want to know your score? Simply login to the Microsoft 365 Defender portal to view and monitor your score and see all related recommendations. Knowing your score will help you understand: 

• Current security posture 

• How to improve your security 

• Monitor change over time 

In the Secure Score dashboard, you can view: 

• Your score (as well as a projected score) 
• A chart that shows your improvements or regressions in the last 90 days 
• A chart that illustrates the points you have accumulated versus points you can gain by taking recommended actions in specific categories 
• Actions to review section provides the number of recommendations that have regressed on or need to be addressed  
• A short list of the most important actions you need to take 
• Complete history with related completed improvements 
• Metrics and trends 
• Score comparison with similar organizations 
• And more! 

In the improvement actions section of the portal, you can view in depth guidance on each recommendation. A general summary of the issue is provided, exposed endpoints are listed, and implementation steps are also provided. 

How it Works 

The score is shown as a percentage; the higher the score, the stronger your security posture. Businesses are given points for:  

• Implementing recommended improvements 
• Completing security-related tasks 
• Addressing recommended actions with third party applications or software 

Each recommended action is worth 10 points or less. If you partially implement a recommendation, you will receive a partial number of points. For instance, if you have a recommendation to implement multifactor authentication for 60 users and you only implement it for 30 users, you will receive just 5 points.  

Products included in Secure Score 

Currently there are recommendations for the following products: 

• Microsoft 365 (including Exchange Online) 
• Azure Active Directory 
• Microsoft Defender for Endpoint 
• Microsoft Defender for Identity 
• Microsoft Defender for Cloud Apps
• Microsoft Teams 

Cyber Liability Insurance 

Some insurers in Canada are now requesting your Microsoft Security Score. This means that if your business is working within the Microsoft 365 ecosystem, you need to ensure that you are implementing the recommendations Microsoft has provided you with. The cost per breach continues to increase so insurers need to be certain that the businesses they insure are investing in baseline cybersecurity technologies and standards.   

How can Nucleus help? 

Cybersecurity is complex and while the score and dashboard provides you with a great deal of insight into your security posture, we recognize that many businesses leaders cannot implement the recommendations provided. This is where we come in! Nucleus Networks will review your secure score and Microsoft’s intelligent recommendations and integrate the findings into your roadmap, deliver further cyber assessments, and provide a Cybersecurity Scorecard. This Cybersecurity Scorecard shows where you align with best practices and where your cybersecurity posture currently is; it also acts as a high-level cybersecurity roadmap that we help you implement over time. 

If your business is concerned about your security posture and don’t know where to start to improve it, reach out to us to schedule a meeting!