Capture Secure Score
Implementation Effort: Medium – Capturing and monitoring secure score requires configuration and ongoing review by security teams, especially in multicloud environments.
User Impact: Low – This is a monitoring and reporting activity handled by administrators; end users are not directly affected.
Overview
The Secure Score in Microsoft Defender for Cloud is a key metric that helps organizations assess and improve their cloud security posture. It aggregates security findings into a single percentage-based score, reflecting how well your environment aligns with the Microsoft Cloud Security Benchmark (MCSB). A higher score indicates a lower level of risk.
Secure Score is calculated based on built-in recommendations from the MCSB standard. It is updated every eight hours per Azure subscription or per AWS/GCP connector. The score is visible in the Defender for Cloud Overview dashboard, and can be filtered by environment (Azure, AWS, GCP, Azure DevOps). You can drill down into specific subscriptions or accounts to view unhealthy resources and relevant recommendations.
Only recommendations that are not in preview affect the score. While preview recommendations don’t count toward the score, they should still be remediated to prepare for future enforcement.
This capability supports the Zero Trust principle of "Verify Explicitly" by continuously evaluating the security posture of your cloud environments and providing actionable insights to reduce risk.