What's new in Microsoft Secure Score

Important

The improved Microsoft 365 security center is now available. This new experience brings Defender for Endpoint, Defender for Office 365, Microsoft 365 Defender, and more into the Microsoft 365 security center. Learn what's new.

To make Microsoft Secure Score a better representative of your security posture, we have made some changes. To learn about planned changes, see What's coming in Microsoft Secure Score?

Microsoft Secure Score can be found at https://security.microsoft.com/securescore in the Microsoft 365 Defender portal.

July 2021

  • Restrict dial-in users from bypassing a meeting lobby
  • Limit external participants from having control in a Teams meeting
  • Restrict anonymous users from starting Teams meetings
  • Require lobbies to be set up for Teams meetings
  • Configure which users are allowed to be present in Teams meetings
  • Fix Microsoft Defender for Endpoint sensor data collection for macOS
  • Fix Microsoft Defender for Endpoint impaired communications for macOS
  • Set minimum password length to 15 or more characters in macOS
  • Set 'Enforce password history' to '24 or more password(s)' in macOS
  • Set 'Maximum password age' to '90 or fewer days, but not 0' in macOS
  • Set account lockout threshold to 5 or lower in macOS
  • Turn on Firewall on macOS
  • Enable Gatekeeper
  • Enable System Integrity Protection (SIP)
  • Enable FileVault Disk Encryption
  • Set screen to lock when screensaver starts in macOS
  • Ensure screensaver is set to start in 20 minutes or less in macOS
  • Secure Home Folders
  • Turn on Microsoft Defender Antivirus real-time protection for macOS
  • Turn on Microsoft Defender Antivirus PUA protection in block mode for macOS
  • Enable Microsoft Defender Antivirus cloud-delivered protection for macOS
  • Update Microsoft Defender Antivirus definitions for macOS
  • Fix Microsoft Defender for Endpoint sensor data collection for Linux
  • Fix Microsoft Defender for Endpoint impaired communications for Linux
  • Unrestricted Access Accounts
  • Turn on Microsoft Defender Antivirus real-time protection for Linux
  • Turn on Microsoft Defender Antivirus PUA protection in block mode for Linux
  • Enable Microsoft Defender Antivirus cloud-delivered protection for Linux
  • Update Microsoft Defender Antivirus definitions for Linux

June 2021

  • Use Cloud App Security to detect anomalous behavior.

February 2021

Compatibility with Graph API

Microsoft Secure Score recommendations delivered via Graph API will look and be weighted the same as the recommendations you currently see in the Microsoft 365 Defender portal.

January 2021

Added our first security recommendation for Microsoft Teams

Microsoft Teams customers will see "Restrict anonymous users from joining meetings" as a new improvement action in Secure Score.

December 2020

  • Set 'Minimum password length' to '14 or more characters'
  • Set 'Enforce password history' to '24 or more password(s)'
  • Set 'Maximum password age' to '60 or fewer days, but not 0'
  • Set 'Minimum password age' to '1 or more day(s)'
  • Disable the built-in Administrator account
  • Disable the built-in Guest account

November 2020

Removed the ability to create ServiceNow tickets through Secure Score

The ability to create ServiceNow tickets through Secure Score by going to Share > ServiceNow is no longer available. Thank you for your feedback and continued support while we determine next steps.

  • Fix unquoted service path for Windows services
  • Change service executable path to a common protected location
  • Change service account to avoid cached password in windows registry

October 2020

  • Set Microsoft Defender SmartScreen Windows Store app web content checking to warn

August 2020

Updated improvement action for Azure Active Directory

  • Enable policy to block legacy authentication

Incompatibility with Identity Secure Score

In the recent release of Microsoft Secure Score, an improved scoring model has been released. These changes allow for a more flexible and accurate view of your security posture. However, these updates have made Microsoft Secure Score temporarily incompatible with Identity Secure Score.

In time, Identity Secure Score will adopt the new scoring model. Until then, customers will see differences in the scores reported by Microsoft Secure Score and the Identity Secure Score. We apologize for any inconvenience this causes, and are working to ensure these experiences are more compatible in the future.

Updated improvement actions

  • Added Azure Active Directory improvement actions
  • Added Microsoft Defender for Identity improvement actions
  • Support for Microsoft Defender for Endpoint Threat & Vulnerability Management security recommendations
    • All released security recommendations supplied by TVM are now available

Updated interface and functionality

  • All new metrics and trends views for CISO and lead level discussions
  • New ways to track and benchmark your score
  • Better tracking and understanding for score regressions
  • Filter, tag, search, and group your improvement actions
  • Manage towards your future goals using score projections and planned actions
  • And more!

We want to hear from you

If you have any issues, let us know by posting in the Security, Privacy & Compliance community. We're monitoring the community and will provide help.