Articles & E-Books


Do you know your Microsoft Secure Score?

Feb 27, 2019

Did you know that Microsoft is using artificial intelligence (AI) to analyze threats and help protect its users? To make this analysis available and actionable to administrators, Microsoft created Secure Score.

The Secure Score tool evaluates your organization’s security configuration and generates a benchmark security score. As an administrator, this helps you zero in on the controls that will provide optimum protection for your organization and its data.

How Does It Work?

The Secure Score looks at the Microsoft services your organization uses, analyzes your settings and activities, and compares that against a baseline score set by Microsoft. You can also see how your security compares with similarly sized companies.

Your Secure Score will fall within a range from Basic to Balanced to Aggressive. Depending on where you set your goal, the tool will provide a number of suggestions to help you reach your target. Recommendations are prioritized based on effectiveness as well as impact to the end user.

Based on your organization’s personalized information, Secure Score provides a list of recommended actions that help you score higher. The tool also comes with modeling capabilities so you can set your ideal score and reverse-engineer your action plan.

Or, you can drill down into recommended actions to see what actions an implementation would require and how your score would increase accordingly. You can search security actions by category, implementation cost, user impact and more to help guide your decisions.

Taking Action

The list of action items below includes recommendations that commonly appear in Secure Score results. These risk factors can have a significant impact on your Microsoft Secure Score and your organization’s data security.

1. Enable multi-factor authorization (MFA): This one action alone will significantly increase your score. Two-factor authentication requires users logging in to Office 365 go through a second verification. This ensures that a compromised password is not enough for a “bad actor” to steal information or damage your organization.

At a minimum, MFA should be enabled for all administrative accounts. Better yet, enable MFA for all user accounts to provide an additional security level. MFA can be inconvenient, but in our opinion, it’s a necessity.

2. Enable audit data recording: This security setting has no impact on end users, which makes it an easy implementation decision. This setting ensures activity within Office 365 gets logged. That way, if a security breach occurs, you can investigate and find out what happened.

3. Block forwarding rules: It’s a common practice for hackers to set up email forwarding so they can get copies of everything sent to a user’s mailbox. Even if the user’s password changes, the hacker continues to get sensitive email data right in their inbox. Using Secure Score, you can block automatic email forwarding to external email addresses.

4. Enable mailbox auditing: Mailboxes contain sensitive business data and personally identifiable information. Track who logs in and what they do so that if an incident occurs, you have information to inspect.

5. Reduce administrator exposure: Limit global admin accounts to as few users as possible. If you do have global admins, those users should have a dedicated account just for administrative functions, separate from the account they use for their day-to-day emails. If possible, create non-global admin roles, limiting administrator functions to distinct purposes such as Billing Administrator, Security Reader and Password Administrator. Each of these steps lowers your risk of a significant, widespread breach in an account with global access.

Wipfli Is Ready to Help

To get started reviewing your Secure Score, visit and sign in with your Office 365 credentials.

Your Secure Score review included ways to increase security for your organization — but there’s an art to balancing security with user productivity. Some recommended changes could disable functionality your users need.

Working with a specialist like those at Wipfli can help you interpret your Secure Score, decide how to make your Microsoft environment safe., assist with security implementations like MFA and even help with remediation in the event of an account compromise.

Contact me to get started, or learn about Wipfli’s technology services.


Ryan Peasley
Senior Technology Manager
View Profile

Technology Health Check