What Microsoft Secure Score does
Microsoft Secure Score aggregates recommendations across identity, devices, data, and applications within your Microsoft 365 tenant. It provides a single, easily understandable number reflecting your overall security posture. The score is driven by actionable recommendations, each with a suggested remediation step. It’s important to distinguish it from Defender for Cloud’s Secure Score, which focuses on cloud workloads, and Identity Secure Score, which focuses specifically on identity-related security. Each score assesses a different scope of your Microsoft 365 environment.
Microsoft Secure Score in Australian tenants today
For AU mid-market organisations, Secure Score offers a useful, board-friendly metric to communicate security progress. The ‘Recommendations’ list can become overwhelming; prioritisation based on business impact and regulatory obligations is crucial. While Secure Score provides valuable insights, it doesn't replace a dedicated Essential Eight implementation scorecard. The ACSC Essential Eight provides a structured framework, and Secure Score can be leveraged to demonstrate progress against specific controls. Alignment with APRA CPS 234 and OAIC Privacy Act 2024 requirements can be facilitated by addressing Secure Score recommendations that directly map to these obligations.