How to Use Microsoft Secure Score to Improve Data Security

Using cloud-based platforms, like Office 365, offers much more flexibility and mobility than the older computer-based software. But, with that increased ease of use comes the challenge of keeping a platform that can be logged into from anywhere secure.

While there are multiple security settings in the Office 365 program, how do you know which ones to set and if your application is as secure as it should be? That’s what Microsoft Secure Score – formerly known as Office 365 Secure Score – is designed to do. To let you know how you score when it comes to your platform’s security and what to do to better protect yourself from breaches.

As a Microsoft Silver Partner, GKM2 helps multiple small and medium businesses in the Sydney area with cloud and IT solutions to transform their offices into well-tuned and efficiently running machines. An important aspect of all those connected devices is security to ensure data and networks are safe and protected.

If you’re unfamiliar with Microsoft Secure Score or how to use it, read on to learn how you can easily employ this tool to improve your data security.

How Does Microsoft Secure Score Work?

You may have first heard of this security tool by the name Office 365 Secure Score. To expand the tool’s capabilities and scope, Microsoft changed the name to Microsoft Secure Score in 2018. A big bonus of this expansion was that instead of only getting a security score and suggestions for the Office 365 applications, you now also get one for the Windows operating system too.

Microsoft Secure Score helps you understand your security settings, know which are enabled, and how your overall score compares to other organizations.

The comparison is extremely helpful so you can see if your business is more or less secure than it should be based upon industry and user averages. You get three comparison metrics that are based upon:

  • Office 365 seat size average
  • Industry type average
  • Overall Office 365 user average

Secure Score Works on a Points System

In order to aggregate a total security score for your organization, Secure Score uses a point system, awarding you points for things like:

  • Performing security-related tasks (like regularly viewing reports)
  • Configuring recommended security features (such as multi-factor authentication (MFA))
  • Taking improvement actions with a third-party application

Secure score takes you well beyond just the initial scores and divides their security recommendations into five different categories to make them easier to review and address.

  • Identity (security of accounts and roles)
  • Data (security of Office 365 documents)
  • Device (security of devices)
  • App (security of email and cloud apps)
  • Infrastructure (security of Azure resources – they note this is “coming soon”)

Using Microsoft Secure Score to Beef Up Your Cybersecurity

The trick to using the application well is to balance usability with security, and the detailed reporting in Microsoft Secure Score helps you do that. As with most offices, you want your data and network as secure as possible, but you don’t want to employ unnecessary burdens that are going to decrease user productivity.

Secure Score will give you recommendations that are both scored and not scored, which gives you a better understanding of all your options and those which are more critical to security than others.

How to Access Secure Score

You can access your Microsoft Secure Score at and log in with your administrative credentials.

Only users that are assigned one of the following roles can access it:

  • Global Administrator
  • Security Administrator
  • Security Reader

You can also find it by accessing the Secure Score widget on the Office 365 Security and Compliance Center home page.

Suggestions Examples

When clicking in to view each category of your overall security score, you’ll see recommendations based upon your current settings and how they can be improved to increase the platform’s security.

Here are some examples of what you might see as recommendations:

  • Enable MFA for all users
  • Enable Mailbox auditing for all users
  • Review sign-ins after multiple failures report weekly
  • Do not allow anonymous calendar sharing
  • Require mobile devices to use passwords

How to Address a Secure Score Recommendation

Next to each recommendation, you’ll see an arrow to click for more details. When you click on an improvement action a flyout box appears and will give you a few options:

  • View Settings: Takes you to the configuration screen to make the change (It takes up to 24 hours for your score to update)
  • Resolve through Third Party: Used if you’re using a third-party application to address the issue
  • Ignore: If you’ve chosen not to act upon this recommendation; your overall secure score points that can be achieved are reduced
  • Review: This is for recommendations that require reviewing security-related reports regularly

Monitoring Your Progress

Microsoft Secure Score allows you to map your progress over time so you can see how your security improves and see which actions have been taken. You can access this through the History tab. Additionally, you can view by category and a customized data range.

Understand Your Office 365 Security Better by Consulting a Pro

It’s not always easy to know how a security recommendation is going to impact your users. GKM2 can help you gain insight into Secure Score’s recommendations and which are the most vital to your data security.

Contact us today to go through your Microsoft Secure Score results at 1800 934 204 or +61 2 9161 7171 or through our contact form.