Active Directory & Office 365 Reporting Tool

Azure AD Security Assessment: Evaluate Azure AD Security Score. Are you responsible for the assessment and improvement of Azure AD security for your organization? This article is for you.

Azure Active Directory has a tool called “Secure Score for Identity,” which displays an organization’s identity security score. This article begins by explaining “Secure Score for Identity.”

After that, we discuss the licensing and role prerequisites for accessing this feature. Then, we explain how to improve the security score based on the identity Secure Score.

What is Azure Active Directory Secure Score for Identity?

The “identity secure score” indicates how well an organization’s Azure AD security settings align with Microsoft’s recommended best practices.

There are 2 indicators on the Secure Score for Identity page. Importantly, the page includes “Improvement actions,” which Microsoft AD recommends to improve the score.

It is vital to note that the secure identity score is one of the categories of the Microsoft Secure Score. Equally important is mentioning the Microsoft 365 services included in the Microsoft Secure Score:

  1. *Azure Active Directory
  2. Microsoft 365 and Exchange Online
  3. Microsoft Defender for Endpoint
  4. Microsoft Defender for Identity
  5. Microsoft Defender for Cloud Apps

We highlighted Azure Active Directory because this article discusses improving its score

Licensing and Permission Requirements

Users with all Azure Active Directory subscriptions, including the free subscription, view the Identity Secure Score for their organization. However, a user must be assigned the required Azure AD roles to access the page.

Specifically, users assigned the following roles can interact with and edit features to improve the identity secure score:

  1. Global admin
  2. Security admin
  3. Exchange admin
  4. SharePoint admin

But users with the following roles only view the improvement actions but cannot change any feature to improve the score:

  1. Helpdesk admin
  2. User admin
  3. Service support admin
  4. Security reader
  5. Security operator
  6. Global reader

How to Improve Your Organization's Azure AD Security Score

1. Perform an Assessment of Your Organization's Azure AD Security Posture

The first step to improving your security score is to review the score in Azure Active Directory. Follow these steps:

1. Sign in to portal.azure.com and open Azure AD Security. 

2. Once the page opens, click “Identity Secure Score” on the Manage section of the menu.

The Secure Score for Identity has 2 elements. The first you need to review is your organization’s score in percentage. 

Secondly, review how your organization’s score compares to businesses of comparable sizes. 

The screenshot above shows that our Azure AD identity score is 9.9%! This is very low and indicates that we need to take serious action to improve my Azure AD security posture. 

The assessment of your organization’s Azure AD security posture is not just about the numbers. Instead, the score provides actions required to improve it. 

The page indicates these actions under “Improvement actions.” The default columns are shown in our screenshot below.

You can modify these columns by clicking the “Columns” icon. Then, select or deselect the columns you require and click Apply

We modified the report’s columns to display the Score Impact, Current Score, Max Score, and Status. The Score Impact indicates how much the current score increases if the recommended improvement action is completed.

Try our Active Directory & Office 365 Reporting & Auditing Tools

Try us out for Free.  100’s of report templates available. Easily customise your own reports on AD, Azure AD & Office 355.

2. Identify and Implement Recommended Improvement Actions

After the assessment of your organization’s Azure AD security posture, the next step is performing an in-depth review of the Improvement actions.

In addition to reviewing the recommended improvement actions, you must plan how to implement them. Also, consider incorporating implementation cost and impact on users in your implementation plan. 

We recommend sorting the Improvement actions report by the highest Score Impact. Sorting the recommended actions by score impact helps you in two ways.

Firstly, you get quick wins by improving the recommendations that improve your score the most. Secondly, you fix the problems that pose the most significant risks to your Azure AD infrastructure. 

Once the report is sorted, click on an improvement action to review some important details about it. Information in the flyout provides all you need to plan and implement the recommendation. 

Start by reading the description. It explains the benefits of configuring the recommended security feature. 

Additionally, Microsoft provides actions required to set up the features in improvement action. You can read these in the “WHAT AM I ABOUT TO CHANGE?” section. 

Use the steps in this section to plan your implementation. 

Another critical piece of information in the flyout is how your intended changes affect your users. Read this in the “HOW WILL IT AFFECT MY USERS?” section. 

The information here helps your user impact analysis and complete the change request if your organization requires it. 

When you’re ready to start configuring the recommended changes, click the “Get Started” link. 

Azure AD Security Assessment: Evaluate Azure AD Security Score Conclusion

Ensuring a strong security posture is crucial for organizations using Azure Active Directory (Azure AD). In this article, we explored the process of evaluating and improving Azure AD security through the use of the “Secure Score for Identity” tool.

By understanding the significance of Azure AD Secure Score for Identity, organizations gain valuable insights into their current security status. This tool provides a comprehensive overview of identity security and offers actionable recommendations for improvement.

However, accessing and utilizing Secure Score for Identity requires the appropriate licensing and permissions. To help organizations with this evaluation, we explained the licensing and role requirements of this Azure AD security tool.

Then, we explained how to use the tool to evaluate and improve the security posture of your Azure AD security. The process includes conducting a thorough assessment of the organization’s current security posture, identifying vulnerabilities, and implementing the recommended improvement actions.

Improving Azure AD security is an ongoing process that demands continuous evaluation and adaptation. By following the steps outlined in this article, organizations proactively enhance their Azure AD security posture and minimize the chances of cyber attacks.


Try InfraSOS for FREE

Try InfraSOS Active Directory, Azure AD & Office 365 Reporting & Auditing Tool

Victor Ashiedu

Victor Ashiedu

Victor is an IT pro based in Manchester, UK. With over 22 years of experience managing Windows Server, Active Directory, and Powershell, and 7 years of expertise in Azure AD and Office 365, he's a seasoned expert in his field. When he's not working, he loves spending time with his family - a wife and a 5-year-old. Victor is passionate about helping businesses succeed in today's fast-changing tech landscape.

Leave a comment

Your email address will not be published. Required fields are marked *