The Microsoft Secure Score service has reached “general availability” commercial-release status worldwide, Microsoft announced on Monday.
Microsoft Secure Score, which surfaces within the Microsoft 365 Security Center portal for subscribers, shows an organization’s overall security score relative to similar organizations. Scores are given for identity, data, devices, apps and infrastructure. Scores can be viewed in graph form over time, demonstrating improvement or a drift from goals. Organizations can see the amount of security tasks that are yet to be addressed.
This release is the general availability release of the “new” Microsoft Secure Score, a product that has long since evolved from an older Office 365 Secure Score product, which had just monitored Office 365 solutions. The new Microsoft Secure Score monitors both Microsoft 365 and Azure workloads. Organizations get so-called “Improvement Actions” to take to improve their security posture.
Back in February, during the preview of the new Microsoft Secure Score, Microsoft had promised support for Azure Active Directory, Cloud App Security and Microsoft Defender Advanced Threat Protection. The Monday announcement admitted that some of Microsoft’s products and services are not yet fully aligned with Secure Score. For instance the Identity Secure Score still needs some alignment.
Microsoft also tightened some of its criteria for generating Improvement Actions. An Improvement Action now must reduce risk and must be measurable through automation. Microsoft temporarily removes those Improvement Actions that don’t meet the new criteria.
Microsoft also claimed that Microsoft Secure Score can be helpful for organizations with remote workers and devices that may not be in compliance. This view, which also seems to depend using on the Microsoft 365 Advanced Threat Protection service, is outlined in this Microsoft Mechanics video.