What's new in Microsoft Secure Score
Note
Want to experience Microsoft 365 Defender? Learn more about how you can evaluate and pilot Microsoft 365 Defender.
To make Microsoft Secure Score a better representative of your security posture, we continue to add new features and improvement actions.
The more improvement actions you take, the higher your Secure Score will be. For more information, see Microsoft Secure Score.
Microsoft Secure Score can be found at https://security.microsoft.com/securescore in the Microsoft 365 Defender portal.
August 2023
The following recommendations have been added as Microsoft Secure Score improvement actions:
Microsoft Information Protection:
- Ensure Microsoft 365 audit log search is enabled
Microsoft Exchange Online:
- Ensure modern authentication for Exchange Online is enabled
- Ensure Exchange Online Spam Policies are set to notify administrators
- Ensure all forms of mail forwarding are blocked and/or disabled
- Ensure MailTips are enabled for end users
- Ensure mailbox auditing for all users is enabled
- Ensure additional storage providers are restricted in Outlook on the web
Azure Active Directory:
To see the following new Azure Active Directory controls the Office 365 connector in Microsoft Defender for Cloud Apps must be turned on in the App connectors settings page.
- Ensure password protection is enabled for on-prem Active Directory
- Ensure 'LinkedIn account connections' is disabled
SharePoint:
- Ensure Safe Links for Office Applications is enabled
- Ensure Safe Attachments policy is enabled
- Ensure that an anti-phishing policy has been created
To see the following new SharePoint controls the Office 365 connector in Microsoft Defender for Cloud Apps must be turned on in the App connectors settings page.
- Ensure SharePoint external sharing is managed through domain allow lists / block lists
- Block OneDrive for Business sync from unmanaged devices
Microsoft Secure Score integration with Microsoft Lighthouse 365
Microsoft 365 Lighthouse helps Managed Service Providers (MSPs) grow their business and deliver services to customers at scale from a single portal. Lighthouse allows customers standardize configurations, manage risk, identify artificial intelligence (AI)-driven sales opportunities, and engage with customers to help them maximize their investment in Microsoft 365.
We've now integrated Microsoft Secure Score into Microsoft 365 Lighthouse. This integration provides an aggregate view of the Secure Score across all managed tenants, as well as Secure Score details for each individual tenant. Access to Secure Score is a available from a new card on the Lighthouse homepage or by selecting a tenant on the Lighthouse Tenants page.
Note
The integration with Microsoft Lighthouse 365 is available to Microsoft partners who use the Cloud Solution Provider (CSP) program to manage customer tenants.
Microsoft Secure Score permissions integration with Microsoft 365 Defender Unified role-based access control (RBAC) is now in Public Preview
Previously, only Azure Active Directory global roles (such as Global Administrators) could access Microsoft Secure Score. Now, you'll be able to control access and grant granular permissions for the Microsoft Secure Score experience as part of the Microsoft 365 Defender Unified RBAC model.
You can add the new permission and choose the data sources the user has access to by selecting the Security posture permissions group when creating the role. For more information, see Create custom roles with Microsoft 365 Defender Unified RBAC. Users will see Secure Score data for the data sources they have permissions to.
A new data source Secure Score – Additional data source is also available. Users with permissions to this data source, will have access to additional data within the Secure score dashboard. For more information on additional data sources, see Products included in Secure Score.
July 2023
The following Microsoft Defender for Identity recommendations will be added as Microsoft Secure Score improvement actions:
- Remove the attribute 'password never expires' from accounts in your domain
- Remove access rights on suspicious accounts with the Admin SDHolder permission
- Manage accounts with passwords more than 180 days old
- Remove local admins on identity assets
- Remove non-admin accounts with DCSync permissions
- Start your Defender for Identity deployment, installing Sensors on Domain Controllers and other eligible servers
The following Google workspace recommendation will be added as a Microsoft Secure Score improvement action:
- Enable multi-factor authentication (MFA)
In order to view this new control, Google workspace connector in Microsoft Defender for Cloud Apps must be configured via the App connectors settings page.
May 2023
A new Microsoft Exchange Online recommendation is now available as Secure Score improvement action:
- Ensure mail transport rules do not allow specific domains
New Microsoft SharePoint recommendations are now available as Secure Score improvement actions:
- Ensure modern authentication for SharePoint applications is required
- Ensure that external users cannot share files, folders, and sites they do not own
April 2023
New recommendations are now available in Microsoft Secure Score for customers with an active Microsoft Defender for Cloud Apps license:
- Ensure that only organizationally managed/approved public groups exist
- Ensure Sign-in frequency is enabled and browser sessions are not persistent for Administrative users
- Ensure Administrative accounts are separate, unassigned, and cloud-only
- Ensure third party integrated applications are not allowed
- Ensure the admin consent workflow is enabled
- Ensure DLP policies are enabled for Microsoft Teams
- Ensure that SPF records are published for all Exchange Domains
- Ensure Microsoft Defender for Cloud Apps is Enabled
- Ensure mobile device management policies are set to require advanced security configurations to protect from basic internet attacks
- Ensure that mobile device password reuse is prohibited
- Ensure that mobile devices are set to never expire passwords
- Ensure that users cannot connect from devices that are jail broken or rooted
- Ensure mobile devices are set to wipe on multiple sign-in failures to prevent brute force compromise
- Ensure that mobile devices require a minimum password length to prevent brute force attacks
- Ensure devices lock after a period of inactivity to prevent unauthorized access
- Ensure that mobile device encryption is enabled to prevent unauthorized access to mobile data
- Ensure that mobile devices require complex passwords (Type = Alphanumeric)
- Ensure that mobile devices require complex passwords (Simple Passwords = Blocked)
- Ensure that devices connecting have AV and a local firewall enabled
- Ensure mobile device management policies are required for email profiles
- Ensure mobile devices require the use of a password
Note
To view the new Defender for Cloud Apps recommendations, the Office 365 connector in Microsoft Defender for Cloud Apps must be toggled on via the App connectors settings page. For more information see, How to connect Office 365 to Defender for Cloud Apps.
September 2022
New Microsoft Defender for Office 365 recommendations for anti-phishing policies are now available as Secure Score improvement actions:
- Set the phishing email level threshold at 2 or higher
- Enable impersonated user protection
- Enable impersonated domain protection
- Ensure that mailbox intelligence is enabled
- Ensure that intelligence for impersonation protection is enabled
- Quarantine messages that are detected from impersonated users
- Quarantine messages that are detected from impersonated domains
- Move messages that are detected as impersonated users by mailbox intelligence
- Enable the 'show first contact safety tip' option
- Enable the user impersonation safety tip
- Enable the domain impersonation safety tip
- Enable the user impersonation unusual characters safety tip
A New SharePoint Online recommendation is now available as a Secure Score improvement action:
- Sign out inactive users in SharePoint Online
August 2022
New Microsoft Information Protection recommendations are now available as Secure Score improvement actions:
- Labeling
- Extend M365 sensitivity labeling to assets in Azure Purview data map
- Ensure Auto-labeling data classification policies are set up and used
- Publish M365 sensitivity label data classification policies
- Create Data Loss Prevention (DLP) policies
New Microsoft Defender for Office 365 recommendations are now available as Secure Score improvement actions:
Anti-spam - Inbound policy
- Set the email bulk complaint level (BCL) threshold to be 6 or lower
- Set action to take on spam detection
- Set action to take on high confidence spam detection
- Set action to take on phishing detection
- Set action to take on high confidence phishing detection
- Set action to take on bulk spam detection
- Retain spam in quarantine for 30 days
- Ensure spam safety tips are enabled
- Ensure that no sender domains are allowed for anti-spam policies (replaces "Ensure that there are no sender domains allowed for Anti-spam policies" to extend functionality also for specific senders)
Anti-spam - Outbound policy
- Set maximum number of external recipients that a user can email per hour
- Set maximum number of internal recipients that a user can send to within an hour
- Set a daily message limit
- Block users who reached the message limit
- Set Automatic email forwarding rules to be system controlled
Anti-spam - Connection filter
- Don't add allowed IP addresses in the connection filter policy
June 2022
New Microsoft Defender for Endpoint and Microsoft Defender Vulnerability Management recommendations are now available as Secure Score improvement actions:
- Disallow offline access to shares
- Remove share write permission set to Everyone
- Remove shares from the root folder
- Set folder access-based enumeration for shares
- Update Microsoft Defender for Endpoint core components
A new Microsoft Defender for Identity recommendation is available as a Secure Score improvement action:
- Resolve unsecure domain configurations
A new app governance recommendation is now available as a Secure Score improvement action:
- Regulate apps with consent from priority accounts
New Salesforce and ServiceNow recommendations are now available as Secure Score improvement actions for Microsoft Defender for Cloud Apps customers. For more information, see SaaS Security Posture Management overview.
Note
Salesforce and ServiceNow controls are now available in public preview.
April 2022
- Turn on user authentication for remote connections
December 2021
- Turn on Safe Attachments in block mode
- Prevent sharing Exchange Online calendar details with external users
- Turn on Safe Documents for Office clients
- Turn on the common attachments filter setting for anti-malware policies
- Ensure that there are no sender domains allowed for anti-spam policies
- Create Safe Links policies for email messages
- Create zero-hour auto purge policies for malware
- Turn on Microsoft Defender for Office 365 in SharePoint, OneDrive, and Microsoft Teams
- Create zero-hour auto purge policies for phishing messages
- Create zero-hour auto purge policies for spam messages
- Block abuse of exploited vulnerable signed drivers
- Turn on scanning of removable drives during a full scan
We want to hear from you
If you have any issues, let us know by posting in the Security, Privacy & Compliance community. We're monitoring the community to provide help.
Related resources
Tip
Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft 365 Defender Tech Community.
Feedback
Submit and view feedback for