Microsoft Secure Score: Lawyers Need to Know (and Improve) Their Score

June 30, 2021

Security should be top of mind for everyone today, especially given the tremendous increase of cyber attacks and ransomware infections since the pandemic. Lawyers hold a lot of confidential data that can be very valuable to attackers. It’s not just data for one client, but data for multiple clients, which provides a one-stop shop for cyber criminals. What is a lawyer to do?

The first step is to assess your current security situation. A good beginning is performing a vulnerability assessment. Vulnerability assessments are not that expensive – even for the solo and small firm lawyer. Make sure you a quoted a flat fee that includes a report of your vulnerabilities ranked by severity so you know what to fix first.

As most lawyers are now subscribed to Microsoft 365, determining your Secure Score is another item to investigate.

What exactly is the Microsoft Secure Score? Simply put, it is a measurement of your security posture. If you are a gamer, think of it as a technology security game. The higher the number the better the score. Secure Score is now shown as a percentage of your points as compared to the total number of points available. Microsoft makes it easy for you to determine your Secure Score by providing an improved Microsoft 365 security center ( Just login to the security center as an administrator and your secure score is shown right on the dashboard. Pretty nifty.

As Microsoft states, improvement actions are organized into groups.

  • Identity (Azure Active Directory accounts & roles)
  • Device (Microsoft Defender for Endpoint, known as Microsoft Secure Score for Devices)
  • Apps (email and cloud apps, including Office 365 and Microsoft Cloud App Security)

You accumulate points by configuring the recommended security features, performing security-related tasks, or improving interactions with third-party services and applications. The more items you can check off, the more points get added to your score. See, it really is like a game.

We won’t go into a lot of detail about specific items covered or which Microsoft products are included. At the present time, recommendations are provided for the following products.

  • Microsoft 365 (including Exchange Online)
  • Azure Active Directory
  • Microsoft Defender for Endpoint
  • Microsoft Defender for Identity
  • Cloud App Security
  • Microsoft Teams

Read the entire article here.