top of page
  • Patricia V Aguilar

Microsoft Defender Secure Score: Boosting Your Security Posture 🛡️🔐

Do you know what a "secure score" is?

Think of it like a fitness tracker for your organization’s cybersecurity. It provides a measurement of your security posture, with a higher score indicating that more recommended security actions have been taken. Think of it as your organization’s security health check-up!

For example, the organization below has a secure score of 52.58%, just 4.34% percent higher when compared to similar-sized organizations - just in case you wanted to compare it. Other important details, such as the total archived points, actions to review and top recommendations can be also seen in the Secure Score overview.

Why does secure score matter?

In today’s digital landscape, threats are as common as morning coffee ☕. From phishing attacks to sneaky malware, cyber adversaries are always lurking. But fear not! By following Secure Score recommendations, like shown above,  you can fortify your defenses and protect your digital resources. Some of these recommendations are about the most basic security configurations.


💡 The Microsoft Digital Defense Report 2023 discusses how basic security hygiene can protect against 99% of attacks.


How Does It Work?

In a simplified way:

  1. Points for Good Behaviour 🤝: Secure Score rewards you for doing the “right” things. You can earn earn points by:

  • Configuring Recommended Security Features: Enabling features like multi-factor authentication (MFA), encryption, setting a minimum password length or having a non-browser password manager.

  • Completing Security-Related Tasks: Regularly reviewing logs, patching vulnerabilities, and staying vigilant - pretty much keeping up to date! Interesting fact, according to Microsoft, 46% of the 78% of IoT devices with known vulnerabilities on customer networks, 46% cannot be patched.

  • Addressing Recommendations with Non-Microsoft Solutions: Even if you’re using third-party tools as many of us do, they count!  Did you know that 70-90% of the code used by developers is from Open Source Software? More of this can be found in page 93 the report mentioned above.

  1. Risk Awareness 🧐: Some actions give full points only when fully completed, while others offer partial points (still raising your secure score). If you can’t implement a recommendation, you can choose to accept the risk, address it later, or mitigate it by taking an alternative action.

  2. Balance and Usability ⚖️: Remember, security should be balanced with usability. Not every recommendation fits every environment. Additionally, depending on the type of Microsoft license that you have purchased some recommendations might not be available. Adapt them to your needs and budget!

Boost your Secure Score today

It does not have to be a daunting task. Some quick actions you can take today are (or at least this week or soonish):

  1. Enable Multi-Factor Authentication (MFA):

  • Why? MFA adds an extra layer of protection by requiring a second way of verification (like a text message or app notification) when logging in. This is mentioned twice because it is such an important component in basic security hygiene - especially for administrator users!

  • How? Watch the video below or go to this guide for all the nitty-gritty of it.

2. Keep Your Antivirus Software Updated:

  • Why? Your antivirus is like a vigilant knight guarding your devices. It is also recommended to bundle it up with antimalware as it specializes in newer exploits. If you want to read more about it see this article here.

  • How? Regularly update your antivirus software. A sharp sword is better than a rusty one! Or if you prefer, we recommend Microsoft Defender for Endpoint (devices). See the diagram below for an overview or read more about it here.

3. Device Hygiene Matters:

  • Why? Laptops, smartphones, and tablets are your digital armour. Any internet-exposed endpoint can be an entry point for malicious actors. Retire when no longer needed.

  • How? Lockdown devices, and maintain their software. Block known threats with Attack Surface Reduction rules (ASR) - which apply to many recommendations. In this way, you can increase your score in one shot! These are rules that target certain software behaviours, such as launching executable files and scripts that attempt to download or run files, running obfuscated or otherwise suspicious scripts, or performing behaviours that apps don’t usually initiate during normal day-to-day work. Microsoft Defender has various recommendations like the one below. Note how it provides implementation guidance and information about any exposed entities.

4. Embrace Zero Trust Principles:

  • Why? Zero Trust means verifying every user, device, and app—no blind trust.

  • How? By implementing the Zero Trust practices: Verify explicitly, Use least-privilege access, and Assume breach. Read more about it here. These principles can be applied at various layers as seen in the figure “Zero Trust security layers” below:


And just like that (easier said than done), you can begin by increasing your secure score. As a takeaway, focus your secure score efforts on user identity, device health, and access control to prevent lateral movement and privilege escalation in the network 🛜☁️.


Remember, your Secure Score reflects your efforts—not just the licenses you own. Balance security with usability, and you’ll be well on your way to fortifying your digital kingdom! 🚀🔒


bottom of page