Microsoft offers multiple Secure Scores (Office 365 Secure Score, Identity Secure Score, Microsoft Secure Score) to give customers a better view of their security posture. Based on predefined metrics and rule sets you can gain a score for your configuration settings in your tenant. Microsoft gives you pretty handy suggestions on how to improve your security and to increase your score. It also and compares the results with those of other tenants in your industry and company size and should help you to understand how the tenant configuration compares to others.
For example, the image suggests that multi-factor authentication should be enabled for privileged roles.
Once you have implemented a recommendation, it can take up to 48 hours for the changes to flow into the Secure Score. Optimizations of the Identity Secure Score pay for your tenant’s general Secure Score and improve the rating there as well.
Optimization with a sense of proportion
Microsoft itself points out that not all recommendations need to be meaningful for every organization. Besides, Microsoft advises keeping an eye on the impact on the user experience and carefully weighing up the activation of additional features. An improvement in the Secure Score is therefore desirable – but it is not very likely to achieve a full score. As in this example, you will not enable all accounts for MFA; at least one break glass account will be left without MFA. Also, some Service Accounts might require an exception, as long as we cannot use Azure AD Service Principals everywhere.