Skip links

Microsoft Secure Score

Leverage Industry Best Practices To Enhance Your Protection Against Cyber Threats.

Understanding Microsoft Secure Score

A comprehensive security analytic tool, Microsoft Secure Score evaluates and rates the overall security posture of an organization’s digital environment by analyzing various factors such as:

By keeping an eye on your Microsoft secure score, and implementing security score best practices you can help reduce your organization’s risk. The Secure Score dashboard within Microsoft 365’s platform will allow you to monitor Identities, apps, and devices from one central location.

Boardroom Meeting

Why Should You Care About Microsoft Secure Score?

Investing in Microsoft Secure Score can bring numerous benefits to your organization, making it a wise decision for several reasons:

Cyber insurance rates can be affected by your organization's security practices, and investing in Microsoft Secure Score can provide the necessary information to insurers, potentially reducing insurance premiums.

Clients or vendors may request information about your organization's cyber security posture. A high secure score demonstrates a commitment to robust security practices, enhancing your reputation.

Improving your secure score helps lower the risk of cyber events, as a significant majority of incidents (80%) originate from user vulnerabilities. Microsoft Secure Score offers recommendations to mitigate these risks.

Secure Score provides actionable recommendations and best practices to strengthen your organization's security measures, ensuring the protection of sensitive data and maintaining a secure environment.

Is Achieving A 100% Score Realistic Or Impossible?

Achieving a Secure Score of 100% is a near impossible task due to various challenges that organizations must face along the way.


Obtaining the necessary licenses and ensuring compliance can be a cumbersome and time-consuming process.


As new vulnerabilities emerge and cyber threats evolve, maintaining your secure score requires constant monitoring and updates.

Changing Threats

Moreover, the complexity of modern IT systems, including diverse hardware and software makes it challenging to ensure complete security.

Our Secure Score Packages

We offer comprehensive 365 packages designed to enhance the Secure Score of typical businesses, and we are eager to promote these options to our valued clients.

Our focus is on highlighting the potential for significant improvements to you Secure Score, taking into account that each organization starts from a different baseline, and showcasing the essential policies we enforce and why they play a crucial role in bolstering your security.

365 Basic


Requires M365 Active Directory P1 for all users (included in Business Premium)

Includes policies for:

Enable Policy to Block Legacy Authentication

Ensure all users can complete MFA

Do not allow users to grant consent to unreliable applications

Enable self-service password reset

Require MFA for admins

Do not expire passwords

Designate more than one global admin

Use least privileged admin roles

Labor Base 2.5 hours + 20 minutes per user

Estimated implementation cost:

Base $500 + $50/user

Minimum $1000

365 Recommended Security


Prerequisites: 365 Basic Security

Requires M365 Defender for Office P1

 (Included in Business Premium)

All policies from basic, plus:

Create Safe Links policies for email messages

Turn on Safe Attachments in block mode

Set the phishing email level threshold at 2 or higher

Enable the ‘show first contact safety tip’ option

Create zero-hour auto purge policies for malware

Turn on Defender for 365 in SharePoint, OneDrive, and Teams

Turn on the common attachments filter for anti-malware policies

Create Data Loss Prevention (DLP) policies

Do not allow calendar details to be shared with external users

Set action to take on high confidence spam detection

Set action to take on phishing detection

Set action to take on high confidence phishing detection

Set action to take on spam detection

Create zero-hour auto purge policies for phishing messages

Set action to take on bulk spam detection

Ensure spam safety tips are enabled

Estimated Implementation Cost:

$500 base includes up to 15 users
Users 16+ – $10 each.

365 Advanced


Prerequisites: 365 Basic and Recommended

Requires M365 Defender for Office P1 + Azure Active Directory P2 + Microsoft Defender for Cloud Apps (Included in E5 Security)

All policies from basic & recommended, plus:

Ensure that intelligence for impersonation protection is enabled

Move messages that are detected as impersonated users

Enable impersonated domain protection

Enable impersonated user protection

Protect all users with a sign-in risk policy

Protect all users with a user risk policy

Quarantine messages that are detected from impersonated domains

Quarantine messages that are detected from impersonated users

Create an app policy to notify you about new OAuth applications

Enable the domain impersonation safety tip

Enable the user impersonation safety tip

Enable the user impersonation unusual characters safety tip  

Ensure that mailbox intelligence is enabled

Turn on Safe Documents for Office Clients 

Estimated Implementation cost:

$500 base includes up to 15 users
Users 16+ – $10 each.

What Secure Score is Right for Your Business?

30% and under means you are highly vulnerable and need to address your network as soon as possible.

Below a score of 50% indicates that best practices have not been fully applied.

67% is a score you can expect for a tenant that is configured to practices with all security features enabled.

80% and up is the score that separates your company from its competition in terms of your protection stance.

Unlock the potential to fortify your defenses against cyber threats.

JP 1.png