How Secure is Your Office 365? Find Out & Fix It with Microsoft Secure Score

Office 365 the most popular cloud platform in the world based upon user count. One of the benefits of the platform is that you have a lot of flexibility for a variety of administrative settings to match your office needs. But, if you’re not careful with the security settings, you could be leaving your business open to a cyberattack.

58.4% of all sensitive data that’s stored in the cloud is stored in Microsoft Office documents, which makes the platform a valuable target for hackers. If you’re not doing things like reviewing email forwarding rules regularly or enabling MFA for global admins, it means your Office 365 application is less secure.

But, how do you know what you should be doing to safeguard your Microsoft services? What settings are the best for security that won’t cause your users to have accessibility issues? A tool called Microsoft Secure Score will tell you.

Microsoft Secure Score (formerly known as Office 365 Secure Score) gives you visibility into all your security settings for Office 365 in a variety of areas. It scores you based upon how secure your configuration is and offers suggestions for improving your security score.

Read on for an overview of how to use Secure Score to beef up your IT security for your Microsoft applications.

How Does Microsoft Secure Score Work?

Hackers often rely on the victim to help them gain access to a device or network. Phishing, which requires the user to download a dangerous attachment or click on a malicious link, is by far the most popular method of perpetrating a data breach.

99% of cyberattacks need the victims’ assistance to be successful.

Microsoft Secure Score helps you become fully informed about your Office 365 platform security, so you can make smart decisions about settings and regular activities that will help you prevent attacks rather than facilitate them.

Secure Score does three main things for organizations:

  • Reports on the current state of your security posture
  • Makes it easy to improve security by providing discoverability, visibility, guidance, and control
  • Compares your score with benchmarks that help you gain insight into industry standards and KPIs

How Points are Scored

Microsoft Secure Score gives you points based upon multiple security settings and whether or not they’re enabled as well as how often you review various reports that increase platform security.

The system uses benchmarks to compare your score to others to see if yours is average, below average, or above average. You can compare your score with:

  • The Office 365 user average score
  • The average score for those with a similar number of seats
  • The average score for your industry

Say the total number of points you can score are 512, and you only have 305, then performing one of the suggested actions to improve security will immediately award you a designated number of points and increase your score.

The number of points an item is awarded is congruent with how much it improves the security of your Office 365 application.

Reviewing Secure Score Suggestions

Microsoft is continually expanding the programs that Secure Score covers and currently you can get security suggestions for:

  • Office 365 (The main applications, plus SharePoint Online, Exchange Online, OneDrive for Business, Microsoft Information Protection, and more)
  • Azure AD
  • Intune
  • Cloud App Security

Azure ATP and Microsoft Defender ATP are coming to Secure Score soon.

The recommended improvement suggestions are displayed in the Secure Score interface and grouped by categories:

  • Identity
  • Data
  • Device
  • App
  • Infrastructure

Next to the suggestion, you’ll have a link that will take you to the appropriate setting to implement the suggested fix. An example of some of the security improvements you’ll receive are:

  • Enable MFA (multi-factor authentication) for all users
  • Review roll changes weekly
  • Enable Data Loss Prevention policies
  • Store user documents in OneDrive for Business
  • Review sign-ins after multiple failures report weekly

Next to each suggestion you’ll also see how many points each item will increase your score, and thus how important it is to your security.

How Do You Access Microsoft Secure Score?

You can access Secure Score by signing in at or by clicking the Secure Score widget in the Office 365 Security and Compliance Center home page. Another way to access your score is through the Microsoft Graph API.

Not just any user can access Microsoft Secure Score, you need to be assigned certain permissions.

If you have read and write access for the following roles, you can make the suggested changes in Secure Score and also assign read-only access to other users.

  • CompanyAdministrator
  • SecurityAdministrator
  • ExchangeAdmin
  • SharePointAdmin

Those with read-only access, can see the suggestions in Secure Score, but won’t be able to take any actions.

Monitor Your Security History

You can monitor changes and your security over time in the Secure Score panel as well, which can help you gain valuable insights into how changes to your settings have impacted your overall user experience and IT security.

Improve Security & Get the Most Out of Microsoft Products

C Solutions can help guide you through the Microsoft Secure Score panel so you can beef up your platform security and stay protected.

Contact us today and let’s take your office to another level of productivity. Schedule a free consultation by calling 407-536-8381 or reaching out online.