What Is A Microsoft Secure Score? (And How to Improve It)

A Microsoft Secure Score is a measurement of your organisation’s security position across Microsoft 365. It analyses your settings, user behaviour, and device configurations, then provides a score and recommended actions to improve your protection against cyber threats. You, or your IT support provider, can improve your score by enabling security features like multi-factor authentication, applying device protection policies, and resolving identified risks within Microsoft Defender and Entra ID.

Microsoft Secure Score is essentially a security benchmark for your Microsoft 365 and Azure Active Directory (Entra ID) environment. It evaluates how well your organisation’s identities, devices, apps, and data are secured by checking your settings against Microsoft’s recommended best practices. The score is presented as points (up to a maximum that represents 100%) and is updated continuously – if you strengthen a setting or policy, your score increases accordingly.

For example, enabling a crucial feature like MFA for all users might be worth 10 points; if you’ve only enabled it for half your users, you’d get partial points (e.g. 5 out of 10). This gives IT managers clear, quantifiable insight into security gaps.

Importantly, Microsoft Secure Score is free with your Microsoft 365 subscription – it’s not an add-on product, but a built-in feature designed to help organisations proactively improve security.

If you’re responsible for IT security — or even if you’re just trying to understand how secure your Microsoft 365 setup is — Secure Score is a great repseresentation of your current position within Microsoft 365.

How to Find Your Microsoft Secure Score

To view your Secure Score:

  1. Go to the Microsoft 365 Defender portal: https://security.microsoft.com/securescore

  2. Sign in with admin credentials.

  3. You'll land on a dashboard showing:

    • Your current score

    • Industry averages for comparison

    • Top recommended actions

    • A list of completed and pending improvements

You will need admin access to view your Secure Score whcih is likely to be held by you IT Manager/Director (if you have one) or your IT support provider.

Why is Your Microsoft Secure Score Important?

In today’s threat landscape, staying ahead of cyber attacks is critical – especially for small and mid-sized enterprises that may not have dedicated security teams. Microsoft Secure Score provides a clear focal point for improving security. A high Secure Score means you’re taking advantage of the built-in security features of Microsoft 365, which helps to:

Reduce the Risk of Data Breaches: Strong security settings make it harder for attackers to gain access to your sensitive data.

Protect Against Malware and Viruses: Secure configurations help prevent malware and viruses from infecting your systems.

Comply with Regulations: Many regulations have data security requirements and a high Secure Score can demonstrate your compliance efforts.

What We Do to Help Your Microsoft Secure Score

At The HBP Group, we don’t just monitor your Secure Score – we help you improve it! All settings are checked against Microsoft’s Security Score to ensure all settings have been set up in line with Microsoft’s current recommendations and that security scores are acceptable. In our experience, most organisations will have a security score of 30-40% before our changes and 70-80% after. This may involve enabling multi-factor authentication, implementing data encryption or following best practices for device management.

As a result, we can ensure your Microsoft environment remains secure and your data is protected.

How to Improve Your Microsoft Secure Score

You can raise your Secure Score by following Microsoft’s security recommendations – enabling important features, tightening configurations, and addressing any flagged risks. Key steps include turning on multi-factor authentication (MFA) for users, disabling outdated legacy authentication, applying email threat protection, keeping devices updated, and continually reviewing the Secure Score dashboard for new suggestions. By implementing these best practices, UK SMEs can significantly boost their score (often from a 30-40% range to 70-80% or higher after improvements) and, more importantly, enhance their protection against cyber threats. The next sections break down what Secure Score means for an IT manager and practical ways to increase it.

Here are some of the most effective ways to increase your Microsoft Secure Score — and more importantly, strengthen your organisation’s security:

Enable Multi-Factor Authentication (MFA) and Disable Legacy Authentication

Ensuring all users (especially administrators) must use MFA to log in is one of the biggest wins for security. MFA adds an extra verification step (such as a code or app approval) on top of passwords, which drastically reduces the risk of account compromise. At the same time, turn off legacy authentication protocols (like basic SMTP/POP/IMAP and older Office clients) that bypass MFA and are frequently abused by attackerslearn.microsoft.com. Microsoft’s guidance assigns significant Secure Score points to these actions – for example, requiring MFA for all users and admins, and blocking legacy auth are high-value improvementslearn.microsoft.com. Tip: If you’re not sure where to start, consider enabling Azure AD Security Defaults, which automatically enforces MFA and other baseline protections across your tenant (instantly giving you full points for those items)learn.microsoft.com.

Limit Administrative Privileges and Use Role-Based Access

Review who has admin access in your Microsoft 365 tenant and minimise the number of Global Administrators. Every admin account is a high-value target, so follow the principle of least privilege – use specific role-based admin roles (for Exchange, SharePoint, etc.) and only grant the elevated access users actually need. Microsoft Secure Score rewards you for having fewer than a certain number of global admins and for using more granular roles, reflecting a lower risk profile. Additionally, ensure all admin accounts have MFA enforced (even if user accounts are still being rolled out to MFA). By tightening admin privileges, you contain potential damage if an account is breached and you demonstrate strong control over your IT environment.

Turn On Advanced Threat Protection for Email and Office Apps

A lot of cyber-attacks, like phishing and malware, arrive via email or malicious links. Microsoft 365 includes Defender for Office 365 features that can greatly enhance protection here. Enable features such as Safe Links and Safe Attachments in Exchange Online to automatically block or detonate suspicious links and files. Set up anti-phishing policies (for example, to detect impersonation of your domain or executives) and enable junk mail filtering and spoof intelligence. These configurations not only increase your Secure Score by covering recommended email security actions, but they actively shield your users from clicking on dangerous content. Similarly, enable Protected Documents/Safe Documents for Office applications and consider using Microsoft Purview (information protection) to encrypt sensitive data. All these built-in tools contribute to a higher score and a safer digital workplace by proactively reducing threats.


Secure Your Devices and Endpoints

Microsoft Secure Score also evaluates device security if you use services like Defender for Endpoint or Intune. Make sure that all company PCs and mobile devices are covered by antivirus/antimalware protection (Microsoft Defender Antivirus is built into Windows 10/11 and provides excellent protection when managed properly). Keep operating systems and software up to date with patches – outdated systems are a common vulnerability. If you manage devices through Intune or Endpoint Manager, enforce compliance policies such as requiring BitLocker disk encryption on laptops, strong password/PIN policies, and automatic screen lock. Even if you don’t have advanced endpoint licensing, basic measures like ensuring Windows Firewall and antivirus are enabled will count toward your Secure Score. A secure device fleet means attackers have a much harder time exploiting known weaknesses, and Microsoft’s scoring reflects that by giving points for things like device encryption, device health attestation, and having anti-malware active.


Monitor Secure Score and Address New Recommendations Regularly

Improving security is an ongoing process, not a one-off project. Make it a habit to review your Secure Score dashboard periodically (for example, monthly) to check for any new recommendations or regressions. Microsoft often adds or updates recommended actions as new threats emerge or new features become available. For instance, recent updates have introduced recommendations for Microsoft Teams configuration, Azure AD (Entra ID) settings, and third-party SaaS app integrations. By keeping an eye on these changes, you can proactively implement them and keep your score from dropping. Use the comparison and history features to track how your score improves over time and to celebrate progress with your team. Also, consider setting a target score for your organisation (e.g. aim for 80% or above, which is an excellent level for an SME without needing perfection) and create an action plan to get there step by step. Remember that even if you can’t act on certain recommendations (due to business constraints or license limitations), you can often mark them as “accepted risk” or “alternative mitigation” in the portal to acknowledge them – this helps keep your score calculation realistic. By actively managing your Secure Score, you ensure that security stays on the leadership agenda and that your company’s defenses keep pace with the evolving threat landscape.


By implementing the above measures, you should see a noticeable improvement in your Secure Score. More importantly, each step directly translates to better security for your organisation – reducing the likelihood of breaches, downtime, and data loss. For IT managers, the Secure Score actions serve as a practical to-do list for strengthening your Microsoft 365 environment. If certain recommendations are unclear or complex (for example, configuring OAuth app consent policies or advanced compliance settings), don’t hesitate to reach out for expert guidance or consult Microsoft’s documentation. The investment in time and effort to raise your Secure Score is well worth the payoff in risk reduction.

What Is a “Good” Microsoft Secure Score?

There’s no official pass or fail, but as a general guide:

  • Above 70% is strong for SMEs with good cyber hygiene, but ideally aim for 805 or higher

  • 40–69% is average — room for improvement

  • Below 40% means your organisation could be exposed

Comparing your score to industry benchmarks (shown in the dashboard) is a great way to contextualise where you stand.

Need Help Improving Your Score?

Many businesses struggle to make sense of the recommendations or to prioritise changes. That’s where we come in.

At The HBP Group, we help businesses across the UK assess and improve their Microsoft Secure Score as part of our IT support and Microsoft 365 services. We can review your current posture, explain the options in plain English, and implement the changes that make the most sense for your organisation.

Next Steps

At The HBP Group, we understand that managing IT security can be complex and time-consuming. That’s why we take a proactive approach to securing your Microsoft environment. We continuously monitor your Microsoft Secure Score and implement the necessary changes to ensure it remains high. This frees you to focus on running your business with the peace of mind that your data is protected.

If you’re ready to take your cyber security seriously, partnering with an expert Managed IT Support partner like The HBP Group is the natural next step. Speak to one of our experts today!