Microsoft Secure Score Integration

Microsoft Secure Score is a measurement of an organization's security posture, with a higher number indicating more improvement actions taken. 

Navigation:  More Reports Microsoft Secure Score

 

 

The MS Secure Score in Lifecycle Insights is a read-only report based on your Secure Score data in Azure.   Microsoft makes the report data available on a daily basis, and as such we pull the data daily.  With this in mind, if you make any changes in Azure that affects your Secure Score, that data will not be available to LCI until the next day. 

 

How the MS Secure Score model works

You're given points for the following actions:

  • Configuring recommended security features
  • Doing security-related tasks
  • Addressing the improvement action with a third-party application or software, or an alternate mitigation

Some improvement actions only give points when fully completed. Some give partial points if they're completed for some devices or users. If you can't or don't want to enact one of the improvement actions, you can choose to accept the risk or remaining risk.

 

If you have a license for one of the supported Microsoft products, then you'll see recommendations for those products. We show you the full set of possible improvements for a product, regardless of license edition, subscription, or plan. This way, you can understand security best practices and improve your score.

 

 

How improvement actions are scored 

 

Each improvement action is worth 10 points or less, and most are scored in a binary fashion. If you implement the improvement action, like create a new policy or turn on a specific setting, you get 100% of the points. For other improvement actions, points are given as a percentage of the total configuration.

 

 

Products included in Secure Score 

Currently there are recommendations for the following products:

  • Microsoft 365 (including Exchange Online)
  • Azure Active Directory
  • Microsoft Defender for Endpoint
  • Microsoft Defender for Identity
  • Defender for Cloud Apps
  • Microsoft Teams

Secure Score Categories

Each action is categorized as one of the following three categories:

  • Apps
  • Identity
  • Device

Each Category is scored separately and contributes to the overall available secure score.  LCI will show categories that are applicable to the company you are looking at based on products utilized.

 

Using The Microsoft Secure Score Dashboard in LCI

 

 

The dashboard has three main components:

  • The Scoring Charts
  • User Tools
  • The Action Items Table

 

The Scoring Charts show the overall score as well as scoring by category.

 The current overall score is shown in the graph as percentage of the total score.   Hovering your cursor above the blue or grey porting of the graph will show total points opportunity or total points currently achieved.

 

The points by category chart shows the total points opportunity vs. total points currently achieved for each category available. 

 


The User Tools section allows you to search through the Search the Action Items Table.  Use the search bar to perform search actions in the table.

 

 

You can also modify columns within the Action Items Table

 


The Action Items Table shows each recommendation listed for licensed products registered with Microsoft.

The Category column shows which category the item will score against.  The Score column show the current score for the item.  Max Score show the highest attainable score you can achieve for the item.  Score Impact shows the percentage of the total score's value that this item will impact for the category and overall scoring.

 

 

The table can be sorted on any field by clicking the sort arrows next to each column heading.

Note:  Microsoft shows you the full set of possible improvements for a product, regardless of license edition, subscription, or plan.

 

MS Secure Score company reports can be exported to a PDF or MS Word file format.  Click the create document icon located at the top-right of the secure score window, then select your export options.

 

We have also added a new component in Report Builder that allows you to bring in your Microsoft Secure Score data.

 

 

How to Enable the Microsoft Secure Score within LCI

Requirements:

 

If you have NOT previously set up an App Registration for LCI in Azure (either thru Delegated or Direct Access method, please follow the instructions as outlined in one of the following help articles:

 

 

If you have previously set up an App Registration for LCI in Azure, you will need to adjust the App Registration by adding the necessary permissions that will allow LCI to pull Secure Score data.   To add the necessary permissions, please follow the instructions.

 

1. Log into Azure

2. Go to Azure Active Directory

3. In the left pane, select App registrations

 

4.  Click on the name of the App registration already configured for LCI

 

5. In the left pane, under Manage, click on API Permissions

 

 

6.  Click + Add a permission

 

7. Click the Microsoft Graph Tile

 

 

8. Click Application Permissions  (THIS IS IMPORTANT - DO NOT SELECT DELEGATED PERMISSIONS)

 

9.  Search for SecurityEvents

10. Check SecurityEvents.Read.All

11. Click Add Permissions

 

12.  Click Grant admin consent to <><></></>

 

 

If you utilize Delegated access to MS for your LCI customers, you are done.  There is no further work to do.  If you utilize Direct access to MS for your LCI customers, you will need to take this action for all MS tenants that you set up an App for.