Track secure score
You can find your overall secure score, and your score per subscription, through the Azure portal or programmatically as described in the following sections:
Tip
For a detailed explanation of how your scores are calculated, see Calculations - understanding your score.
Get your secure score from the portal
Defender for Cloud displays your score prominently in the portal. When you select the secure score tile on the overview page, you're taken to the dedicated secure score page, where you'll see the score broken down by subscription. Select a single subscription to see the detailed list of prioritized recommendations and the potential effect that remediating them will have on the subscription's score.
Your secure score is shown in the following locations in Defender for Cloud's portal pages.
In a tile on Defender for Cloud's Overview (main dashboard):
In the dedicated Secure score page you can see the secure score for your subscription and your management groups:
Note
Any management groups for which you don't have sufficient permissions, will show their score as “Restricted.”
At the top of the Recommendations page:
Get your secure score from the REST API
You can access your score via the secure score API. The API methods provide the flexibility to query the data and build your own reporting mechanism of your secure scores over time. For example, you can use the Secure Scores API to get the score for a specific subscription. In addition, you can use the Secure Score Controls API to list the security controls and the current score of your subscriptions.
For examples of tools built on top of the secure score API, see the secure score area of our GitHub community.
Get your secure score from Azure Resource Graph
Azure Resource Graph provides instant access to resource information across your cloud environments with robust filtering, grouping, and sorting capabilities. It's a quick and efficient way to query information across Azure subscriptions programmatically or from within the Azure portal. Learn more about Azure Resource Graph.
To access the secure score for multiple subscriptions with Azure Resource Graph:
From the Azure portal, open Azure Resource Graph Explorer.
Enter your Kusto query (using the following examples for guidance).
This query returns the subscription ID, the current score in points and as a percentage, and the maximum score for the subscription.
SecurityResources | where type == 'microsoft.security/securescores' | extend current = properties.score.current, max = todouble(properties.score.max) | project subscriptionId, current, max, percentage = ((current / max)*100)
This query returns the status of all the security controls. For each control, you'll get the number of unhealthy resources, the current score, and the maximum score.
SecurityResources | where type == 'microsoft.security/securescores/securescorecontrols' | extend SecureControl = properties.displayName, unhealthy = properties.unhealthyResourceCount, currentscore = properties.score.current, maxscore = properties.score.max | project SecureControl , unhealthy, currentscore, maxscore
Select Run query.
Tracking your secure score over time
Secure Score Over Time report in workbooks page
Defender for Cloud's workbooks page includes a ready-made report for visually tracking the scores of your subscriptions, security controls, and more. Learn more in Create rich, interactive reports of Defender for Cloud data.
Power BI Pro dashboards
If you're a Power BI user with a Pro account, you can use the Secure Score Over Time Power BI dashboard to track your secure score over time and investigate any changes.
Tip
You can find this dashboard, as well as other tools for working programmatically with secure score, in the dedicated area of the Microsoft Defender for Cloud community on GitHub: https://github.com/Azure/Azure-Security-Center/tree/master/Secure%20Score
The dashboard contains the following two reports to help you analyze your security status:
Resources Summary - provides summarized data regarding your resources’ health.
Secure Score Summary - provides summarized data regarding your score progress. Use the “Secure score over time per subscription” chart to view changes in the score. If you notice a dramatic change in your score, check the “detected changes that might affect your secure score” table for possible changes that could have caused the change. This table presents deleted resources, newly deployed resources, or resources that their security status changed for one of the recommendations.
Next steps
This article described how to access and track your secure score. For related material, see the following articles: