Exposure score

Applies to:

Want to experience Microsoft Defender ATP? Sign up for a free trial.

Your Exposure score is visible in the Threat & Vulnerability Management dashboard of the Microsoft Defender Security Center. It reflects how vulnerable your organization is to cybersecurity threats. Low exposure score means your devices are less vulnerable from exploitation.

  • Quickly understand and identify high-level takeaways about the state of security in your organization.
  • Detect and respond to areas that require investigation or action to improve the current state.
  • Communicate with peers and management about the impact of security efforts.

The card gives you a high-level view of your exposure score trend over time. Any spikes in the chart gives you a visual indication of a high cybersecurity threat exposure that you can investigate further.

Exposure score card

How it works

Threat & Vulnerability Management introduces a new exposure score metric, which visually represents how exposed your devices are to imminent threats.

The exposure score is continuously calculated on each device in the organization and influenced by the following factors:

  • Weaknesses, such as vulnerabilities discovered on the device
  • External and internal threats such as public exploit code and security alerts
  • Likelihood of the device to get breached given its current security posture
  • Value of the device to the organization given its role and content

The exposure score is broken down into the following levels:

  • 0–29: low exposure score
  • 30–69: medium exposure score
  • 70–100: high exposure score

You can remediate the issues based on prioritized security recommendations to reduce the exposure score. Each software has weaknesses that are transformed into recommendations and prioritized based on risk to the organization.

Reduce your threat and vulnerability exposure

Lower your threat and vulnerability exposure by remediating security recommendations. Make the most impact to your exposure score by remediating the top security recommendations, which can be viewed in the Threat & Vulnerability Management dashboard.