Microsoft Secure Score for Devices
Welcome to Microsoft Defender for Endpoint, the new name for Microsoft Defender Advanced Threat Protection. Read more about this and other updates here. We'll be updating names in products and in the docs in the near future.
Configuration score is now part of threat and vulnerability management as Microsoft Secure Score for Devices.
Your score for devices is visible in the threat and vulnerability management dashboard of the Microsoft Defender Security Center. A higher Microsoft Secure Score for Devices means your endpoints are more resilient from cybersecurity threat attacks. It reflects the collective security configuration state of your devices across the following categories:
- Operating system
- Security controls
Select a category to go to the Security recommendations page and view the relevant recommendations.
Turn on the Microsoft Secure Score connector
Forward Microsoft Defender ATP signals, giving Microsoft Secure Score visibility into the device security posture. Forwarded data is stored and processed in the same location as your Microsoft Secure Score data.
Changes might take up to a few hours to reflect in the dashboard.
In the navigation pane, go to Settings > Advanced features
Scroll down to Microsoft Secure Score and toggle the setting to On.
Select Save preferences.
How it works
Microsoft Secure Score for Devices currently supports configurations set via Group Policy. Due to the current partial Intune support, configurations which might have been set through Intune might show up as misconfigured. Contact your IT Administrator to verify the actual configuration status in case your organization is using Intune for secure configuration management.
The data in the Microsoft Secure Score for Devices card is the product of meticulous and ongoing vulnerability discovery process. It is aggregated with configuration discovery assessments that continuously:
- Compare collected configurations to the collected benchmarks to discover misconfigured assets
- Map configurations to vulnerabilities that can be remediated or partially remediated (risk reduction)
- Collect and maintain best practice configuration benchmarks (vendors, security feeds, internal research teams)
- Collect and monitor changes of security control configuration state from all assets
Improve your security configuration
Improve your security configuration by remediating issues from the security recommendations list. As you do so, your Microsoft Secure Score for Devices improves and your organization becomes more resilient against cybersecurity threats and vulnerabilities.
From the Microsoft Secure Score for Devices card in the threat and vulnerability management dashboard, select the one of the categories. You'll view the list of recommendations related to that category. It will take you to the Security recommendations page. If you want to see all security recommendations, once you get to the Security recommendations page, clear the search field.
Select an item on the list. The flyout panel will open with details related to the recommendation. Select Remediation options.
Read the description to understand the context of the issue and what to do next. Select a due date, add notes, and select Export all remediation activity data to CSV so you can attach it to an email for follow-up.
Submit request. You'll see a confirmation message that the remediation task has been created.
Save your CSV file.
Send a follow-up email to your IT Administrator and allow the time that you've allotted for the remediation to propagate in the system.
Review the Microsoft Secure Score for Devices card again on the dashboard. The number of security controls recommendations will decrease. When you select Security controls to go back to the Security recommendations page, the item that you've addressed won't be listed there anymore. Your Microsoft Secure Score for Devices should increase.
To boost your vulnerability assessment detection rates, download the following mandatory security updates and deploy them in your network:
- 19H1 customers | KB 4512941
- RS5 customers | KB 4516077
- RS4 customers | KB 4516045
- RS3 customers | KB 4516071
To download the security updates:
- Go to Microsoft Update Catalog.
- Key-in the security update KB number that you need to download, then click Search.
- Threat and vulnerability management overview
- Supported operating systems and platforms
- Threat and vulnerability management dashboard
- Exposure score
- Security recommendations
- Remediation and exception
- Software inventory
- Configure data access for threat and vulnerability management roles