What is the Office 365 Secure score?

The Office 365 Secure Score is a security analytics tool that will help you understand what you have done to reduce the risk to your data in Office 365, and show you what you can do to further reduce that risk.


Think of it as a credit score for security. The approach to this experience is very simple:

  1. Microsoft created a full inventory of all the security configurations and behaviors that customers can do to mitigate risks to their data in Office 365.
  2. Microsoft evaluated the extent to which each of those controls mitigated a specific set of risks and awarded the control some points. More points means a more effective control for that risk.
  3. Microsoft measures the extent to which your service has adopted the recommended controls, add up your points, and present it as a single score.

The core idea is that it is useful to rationalize and contextualize all of your cloud security configuration and behavioral options into one simple, analytical framework, and to make it very easy for you to take incremental action to improve your score over time. Rather than constructing a model with findings delineated into critical, moderate, or low severity, we provided you a non-reactive way to evaluate your risk and make incremental changes over time that in turn,  add up to a very effective risk mitigation plan.

The Office 365 Secure Score is a preview experience, so you may find some issues, and you will note that not all of the controls are being measured. Please share any issues on the Office Network Group for Security.

The Secure Score does not express an absolute measure of how likely you are to get breached. It expresses the extent to which you have adopted controls which can offset the risk of being breached. No service can guarantee that you will not be breached, and the Secure Score should not be interpreted as a guarantee in any way.

Your Office 365 Secure Score Summary

The first, most important piece of the Office 365 Secure Score experience is the Score Summary. This panel gives you your current Secure Score, and the total number of points that are available to you, given your subscription level, the date that your score was measured, as well as a simple pie chart of your score. The denominator of your score is not intended to be a goal number to achieve. The full set of controls includes several that are very aggressive and will potentially have an adverse impact on your users’ productivity. Your goal should be to optimize your action to take every possible risk mitigating action while preserving your users’ productivity.

Click here to read the article in its entirety: New Security Analytics Service: Finding and Fixing Risk in Office 365

Was this article helpful?