Increasing Your Secure Score


The Microsoft Secure Score is a measurement of your organization’s proactive security posture, providing insight to your current level of protection. The score is calculated by analyzing the security of your Microsoft 365 identities, apps, and devices. These factors show how aligned your organization is with Microsoft’s best security practices by providing recommended steps to improve your security position.

In today’s world cybercrime is no longer something you occasionally hear about on the news, it now more frequent than ever. It’s not just limited to government facilities, hospitals, and large businesses. If your organization has a connection to the internet, then you are a potential target.

The average small and medium business’ secure score is only 43% and anything below 30% is considered vulnerable. Any and all business’ should strive for a score between 60%-80%, which is achievable with Microsoft’s best practices implemented to harden your network against cyberattacks.

Achieving a score of 80% or higher is much more difficult. Achieving a high score requires an attention to detail that goes beyond what is simply common best practices. RSG’s team of cyber experts can help your organization achieve a score of 80% or higher and help secure your cyber presence, giving you peace of mind.

Approach to Increase RSG’s Secure Score

To achieve a high secure score three main items must be addressed:

· Identity (Azure Active Directory accounts & roles)

· Devices (Microsoft Defender for Endpoint, known as Microsoft Secure Score for Devices)

· Apps (email and cloud apps, including Office 365 and Microsoft Cloud App Security)

To address the first aspect, identity, we started off by implementing the principles of least privilege. Which grants our users access to the files and apps they need to complete their work, while at the same time restricting access to areas outside of their job duties. To further address the identity item, MFA (Multi-Factor Authentication) was implemented on all users account with a risky-user, risky-sign in, and geo-regional lock policies to further protect the network and our users.

For devices (Windows, MacOS, IOS, Android, Linux), all company assets were enrolled or registered into Intune to be managed. We then created compliancy and configuration policies to be pushed out to the devices which handled, for example: device health, device properties, system security, Defender ATP, Firewalls, exploit guard, anti-virus, etc. Registry edit packets were also configured and rolled out to harden our users computer OS. This also included configuring for our users the Windows 10 update rings.

Finally, for apps protection, we implemented EOP (Exchange Online Protection) with custom policies to guard against malware, viruses, and phishing emails. This was followed up with various packages built in Intune to roll out software installs and patch updates (Office 365, Adobe, Chrome, etc.) This was further expanded through the Company Portal app for IOS and Android devices to segregate company data and apps from personal data on mobile device.


Through implementing the examples listed in our approach, plus others. We were able to achieve for our network a 100% secure score for our Azure subscriptions and an 86% for our Microsoft secure score.


In conclusion a secure score reflects one’s cyber fitness. A high secure score can be achieved by anyone through careful planning and an attention to detail. It is important to keep in mind though that one’s secure score is not static. As time goes on and new vulnerabilities are found your score will decrease. One must be vigilant of these changes and ready to adapt their network to keep it secure.

Written by Ready Services Group Cyber Experts

9 views0 comments