Print this chapterPrint this chapter

How Microsoft Secure Score works

4. Security defaults

Microsoft Secure Score includes recommended actions to support security defaults in Microsoft Entra ID. This design makes it easier to help protect your organization with preconfigured security settings for common attacks.

If you turn on security defaults, Secure Score awards you with full points for the following recommended actions:

  • Ensure all users can complete multifactor authentication for secure access (9 points)
  • Require MFA for administrative roles (10 points)
  • Enable policy to block legacy authentication (7 points)

Important

Security defaults include security features that provide similar security to the "sign-in risk policy" and "user risk policy" recommended actions. Instead of setting up these policies on top of the security defaults, Microsoft recommends updating their statuses to "Resolved through alternative mitigation."