Microsoft Secure Score can mainly be used for calculating security principles in your environment. For example, if you have modern authentication, your score will increase by 1%. If you have legacy authentication, your score will decrease by 0.5%. If you have your admin account as a cloud-only account, you receive a certain score. If you are blocking access from different countries where your business is not operating, you will get 0.1%. In Exchange, when modern authentication is used instead of legacy versions, the score increases. In all Microsoft 365 aspects, Microsoft provides recommendations for security controls, and based on how much we implement these recommendations, the score increases. The biggest advantage of the product is that all security principles come in M365. There are numerous benefits as all data, communication, and business operations exist in M365. All security tools are useful to cover data inside M365, including access, Windows sign-in, and everything else. It serves as an all-in-one solution. Regarding reporting, in one view we can determine our current security posture. In one overall report, we get all security principles recommendations, what we have done, and the benefits. Microsoft Secure Score is not only for identity and access protection but for the whole M365 environment. The score is available for Exchange, Purview, Data Loss Prevention, EDR, XDR solution, Entra, InTune, SharePoint, and everything else.
Microsoft Cybersecurity specialist at a tech services company with 51-200 employees
Real User
Jan 8, 2024
The product helps us with incorporating a mix of industry standards such as ISO and company-specific benchmarks. It amalgamates best practices for various aspects, including devices, applications, identities, workloads, and configurations.
Find out what your peers are saying about Microsoft, Amazon Web Services (AWS), BitSight and others in IT Vendor Risk Management. Updated: February 2026.
IT Vendor Risk Management helps organizations manage and minimize risks associated with third-party vendors, ensuring business continuity and compliance. This involves assessing vendor reliability, security practices, and performance metrics. Effective techniques are critical in reducing vendor-related risks that can impact an enterprise's operational effectiveness. Organizations incorporate these solutions to streamline risk assessments, oversee compliance, and automate risk evaluation...
Microsoft Secure Score can mainly be used for calculating security principles in your environment. For example, if you have modern authentication, your score will increase by 1%. If you have legacy authentication, your score will decrease by 0.5%. If you have your admin account as a cloud-only account, you receive a certain score. If you are blocking access from different countries where your business is not operating, you will get 0.1%. In Exchange, when modern authentication is used instead of legacy versions, the score increases. In all Microsoft 365 aspects, Microsoft provides recommendations for security controls, and based on how much we implement these recommendations, the score increases. The biggest advantage of the product is that all security principles come in M365. There are numerous benefits as all data, communication, and business operations exist in M365. All security tools are useful to cover data inside M365, including access, Windows sign-in, and everything else. It serves as an all-in-one solution. Regarding reporting, in one view we can determine our current security posture. In one overall report, we get all security principles recommendations, what we have done, and the benefits. Microsoft Secure Score is not only for identity and access protection but for the whole M365 environment. The score is available for Exchange, Purview, Data Loss Prevention, EDR, XDR solution, Entra, InTune, SharePoint, and everything else.
The product helps us with incorporating a mix of industry standards such as ISO and company-specific benchmarks. It amalgamates best practices for various aspects, including devices, applications, identities, workloads, and configurations.