With your Secure Score increasing, your security posture will improve.įigure 1: Secure score in Microsoft Defender for Cloud dashboard As you start addressing each one of those recommendations and you successfully address all the recommendations in a particular security control, your Secure Score will increase by a certain number of points (highlighted in the Potential score increase column). When you select Secure Score in Microsoft Defender for Cloud it shows you a list of security controls, where each security control has a list of recommendations (see Figure 1). Secure Score is all about helping you improve your security posture with regards to your Azure resources (IaaS & PaaS) and even hybrid and multi-cloud workloads (i.e. Now, let’s dive into each one of these two scores! Secure Score in Microsoft Defender for Cloud Beyond protecting identities, you can treat these two scores as separate. will have a positive impact on both scores. Therefore, both scores place a high value on protecting your identities and enabling MFA. Protecting your organization's identities is key. Observation: With cloud adoption, identity has become the new perimeter – the control plane for your organization's infrastructure, regardless of the type of cloud computing services that is being used (IaaS, PaaS, SaaS or even on-premises). More information on this topic can be found here. Identity Secure Score), however this falls out of scope of this article. Important Note: Microsoft 365 Secure Score is broken down further for each category (i.e. The table below aims to highlight the high-level difference between the two scores. Microsoft Secure Score applicable for Microsoft SaaS workloads.Secure Score : applicable for PaaS, IaaS, hybrid and multi-cloud workloads.Hence, the need to have a different Secure Score for each scenario, which provides you a measurement for the specific type of cloud computing service that you are utilizing: On the other hand, you might be interested in a measurement for your PaaS and IaaS workloads in Azure (and even hybrid or multi-cloud scenarios). By implementing recommendations you’re adhering to best practices which will effectively increase the measurement and enhanceĭepending on the workloads in question, you might be interested in having a measurement solely for your Microsoft SaaS workloads. Meaning, as you take actions to increase your security posture or deploy new resources, these changes will be reflected in your Secure Score. Secure Score, continuously assesses your environment. As no two company environments are the same, the question becomes where do you start with improving your security posture? What actions should you prioritize? Here is where Secure Score comes into play! The idea behind the Secure Score functionality, is to provide you with a measurement that helps understand your current security posture as well as a list of actions you can take to improve your security posture. While companies might have existing solutions for their on-premises environment, security controls in the cloud differ from those on-premises. Secure Score FunctionalityĪs companies migrate more and more workloads to the cloud, it’s important to ensure that any resources in the public cloud are secured by adhering to industry standards and best practices. This article also touches briefly on the Identity Secure Scorein the Azure AD Portal and Microsoft Secure Score for Devices in the Microsoft 365 Security center but going into details on these products is outside of the scope of this article. The purpose of this article is to empower organizations to understand the difference between Secure Score in Microsoft Defender for Cloud and Microsoft Secure Scorein Microsoft 365 Security center. This article was written by Future Kortor ( and Bojan Magusic ( Magusic).