Using Microsoft Secure Score to Understand Your Security Posture
If your business is using Microsoft 365, you already have access to a built-in tool that gives a quick, clear view of your security posture – at no additional cost. It’s called Microsoft Secure Score. You can login here. https://security.microsoft.com/securescore
What is Microsoft Secure Score?
Secure Score is a tool available through your Microsoft 365 admin center. It scans your environment and gives a score based on how your settings align with Microsoft’s recommended security best practices. It covers areas like user access, device protection, data controls, and cloud app security.
It’s updated automatically and is available to any business using Microsoft 365—no extra licenses or technical setup required.
What does the score mean?
Scores vary based on how much of the Microsoft 365 environment you’re using and how tightly it’s configured. A score in the 60–80 range is typical for businesses that have enabled MFA and a few other key controls. Very few businesses achieve a perfect 100, and that’s not necessarily the goal. What’s more useful is using the score to see where you stand and track progress over time.
Why It’s Worth Checking
Secure Score isn’t just a number. It’s a signal. A low score doesn’t just mean settings are misaligned—it often means your exposure to real business risk is higher than it needs to be.
- It could affect your ability to qualify for or renew cyber insurance
- It might point to gaps your IT provider or department has missed
- It could lead to increased costs down the road when gaps need to be urgently fixed
- And in many cases, it reflects conditions that make security incidents more likely – like missing MFA or over-permissioned users
Think of it as a business risk indicator, not just an IT health check.
It’s especially helpful for:
- Business leaders who want to ask better questions about their IT environment
- Companies with remote or hybrid teams
- Growing businesses that haven’t reviewed their security settings in over a year
Check out What Counts as “Good Enough” IT Security Depends on Your Business Risk for some perspective on where your security priorities should be.
What Does It Measure?
Secure Score looks at multiple areas, including:
- Whether Multi-Factor Authentication (MFA) is enabled for users
- How admins are assigned and managed
- Whether email forwarding is restricted
- Device health and compliance
- Data sharing settings across OneDrive and SharePoint
Each recommendation includes a description, an impact score, and an action plan.
What Secure Score Doesn’t Cover
While it’s a useful tool, Secure Score only measures your Microsoft 365 environment. It doesn’t tell you about:
- Firewall or network configuration
- Backup and recovery readiness
- Security practices in third-party apps
- Endpoint protection outside of Microsoft Defender
It’s a good starting point—but not a full audit. To learn more about what should be on your security priority list, check out Business Security Checklist 101
How to Use It
- Log into your Microsoft 365 Admin Center
- Navigate to the Security & Compliance area
- Open the Secure Score dashboard
- Review your current score and recommendations
- Focus on high-impact, low-effort items first (e.g., enabling MFA for all users)
Even reviewing the list with your IT provider can spark better conversations about what’s being done – and what’s being assumed.
Don’t have access to the Admin Center?
Ask your internal IT team or managed service provider to run the Secure Score for you. They can walk you through the results and help you prioritize next steps based on your business needs.
How Horizon Helps
If you’re not sure how to interpret your Secure Score results – or how your score compares to other businesses like yours – we can walk you through it.
