Cyber Intelligence
Security Operations · 25% of exam

L18. Microsoft Security Score

Course outlineLesson 18 of 18

Microsoft Security Score measures your organisation's security posture across Microsoft 365, Entra ID, and Defender products. The AZ-500 tests score calculation, improvement actions, and the difference between score gaming and genuine hardening.

What Is Microsoft Security Score?

Microsoft Security Score is a measurement of your security posture based on your configuration across Microsoft 365 services, Entra ID, and Defender products. It lives at security.microsoft.com under Secure Score.

Score = (achieved points / total possible points) x 100

Improvement Actions

Each improvement action has:

  • Points: How much the action contributes to your score
  • Category: Identity, Data, Device, Apps, Infrastructure
  • Implementation status: To address / In progress / Risk accepted / Planned / Resolved through third party

Common high-value improvement actions the exam tests:

  • Require MFA for all users (Identity: highest point value)
  • Enable self-service password reset (Identity)
  • Block legacy authentication (Identity)
  • Enable audit log data (Data)
  • Enable Microsoft Defender for Office 365 (Apps)

Score vs Real Security

Exam trap: Actions such as "Mark as Risk Accepted" or "Resolved through third party" improve your score without implementing controls. A score of 80% does not mean 80% security: it means 80% of Microsoft's recommended controls are reported as addressed.

Score Relationships

ProductScore Feed
Entra IDIdentity actions (MFA, CA, PIM)
Microsoft 365Apps and data actions
Defender for EndpointDevice actions
Defender for CloudInfrastructure actions (separate Secure Score)
Exam tip: Defender for Cloud has its own Secure Score separate from Microsoft Security Score. These are different metrics. Microsoft Security Score covers M365/Entra; Defender for Cloud Secure Score covers Azure resources.

Exam Focus Points
  • Score = achieved points / total points x 100: spans M365, Entra ID, and Defender products
  • "Risk Accepted" and "Resolved through third party" improve the score without implementing controls
  • MFA for all users is typically the highest-point improvement action in the Identity category
  • Microsoft Security Score (M365/Entra) and Defender for Cloud Secure Score (Azure resources) are separate metrics
  • The score reflects self-reported and detected control states: it is a management KPI, not a security guarantee
Knowledge Check

1. How is Microsoft Security Score calculated?

2. An improvement action is marked 'Risk accepted'. What does this mean?

3. Microsoft Security Score covers improvement actions across which products?

Recommended: Pluralsight

This free course covers the theory. Pluralsight adds structured video courses, hands-on Azure labs, and timed practice exams to make it stick before exam day.

Start AZ-500 prep free10-day free trial available