Unit 7: Monitor security posture with Identity Secure Score
Microsoft Entra Identity Secure Score is a measurable indicator that shows how closely your tenant aligns with Microsoft’s recommended identity security best practices. It is expressed as a percentage, where a higher score indicates stronger alignment with recommended security configurations.
Each improvement action within Identity Secure Score is tenant-specific, meaning recommendations are tailored to your current Microsoft Entra ID configuration.
What is Identity Secure Score?
Identity Secure Score provides an objective, data-driven view of your organization’s identity security posture. It focuses specifically on identity-related security controls, rather than general infrastructure or device security.
The score helps organizations to:
- Objectively measure their identity security posture.
- Plan and prioritize identity security improvements.
- Track progress and validate the effectiveness of security changes over time.
Identity Secure Score dashboard
You can view your identity secure score and all related insights from the Identity Secure Score dashboard.
The dashboard includes:
- Current secure score percentage for your tenant.
- Comparison graph, showing how your score compares with:
- Organizations in the same industry.
- Tenants of a similar size.
- Trend graph, showing how your score has changed over time.
- List of improvement actions, ranked by impact and effort.
These views help security teams understand both where they stand today and how their posture is evolving.
Why improvement actions matter
Each improvement action represents a specific security control or configuration that Microsoft recommends. By completing these actions, you can:
- Improve your organization’s identity security posture.
- Increase your identity secure score.
- Better utilize identity security features already included in your Microsoft Entra licensing.
Improvement actions often include controls such as:
- Enabling or expanding multifactor authentication (MFA).
- Reducing excessive administrator privileges.
- Improving monitoring and logging practices.
How to access Identity Secure Score
The identity secure score is available in all editions of Microsoft Entra ID.
Follow these steps to access it:
- Open the Azure portal.
- Navigate to Microsoft Entra ID.
- Select Security.
- Select Identity Secure Score.
How controls are scored
Not all security controls are scored the same way. Identity Secure Score uses two scoring models:
1. Binary scoring
- You receive 100% of the available points if the control is fully implemented.
- You receive 0% if it is not implemented.
- Example:
- Enabling a specific security feature exactly as recommended.
2. Percentage-based scoring
- You receive partial credit based on how fully the recommendation is implemented.
- Example:
- If protecting all users with MFA gives a maximum of 10.71%, and:
- 5 out of 100 users are protected,
- Your score contribution is approximately 0.53%
(5 ÷ 100 × 10.71).
This approach encourages incremental improvement, rather than all-or-nothing progress.
How to interpret your secure score
Your identity secure score improves when you:
- Configure recommended security features.
- Perform security-related tasks (such as reviewing reports).
- Increase coverage of controls like MFA across users.
Important considerations when interpreting the score:
- The score reflects only Microsoft identity security services you are using.
- A higher score generally means stronger security, but:
- Security must be balanced with usability.
- Some controls affect user experience more than others.
- Controls with minimal user impact typically have little effect on daily operations.
- Controls with stronger lock-down may require change management and user communication.
Identity Secure Score should be used as a guidance and prioritization tool, not as a strict compliance mandate.
Exam-focused summary (Unit 7)
- Identity Secure Score measures alignment with Microsoft identity security best practices.
- Expressed as a percentage.
- Available in all Microsoft Entra ID editions.
- Accessed via Microsoft Entra ID → Security → Identity Secure Score.
- Dashboard shows:
- Current score.
- Industry comparison.
- Score trends.
- Improvement actions.
- Controls are scored:
- Binary (all or nothing).
- Percentage-based (partial credit).
- Score should be balanced against user experience and usability.