Security (Defender)

MFA, Conditional Access, threat protection, and identity security management.

Secure Score

Path: Security → Secure Score

Microsoft Secure Score provides a measurement of your organization's security posture.

Current Score

Points achieved vs maximum

Categories

Identity, Data, Device, Apps

Improvements

Actionable recommendations

History

Score trend over time

MFA Status

Path: Security → Identity Protection → MFA Status

MFA Enabled

Users with MFA configured

MFA Disabled

At-risk accounts

Auth Methods

Authenticator, SMS, FIDO2

Conditional Access

Path: Security → Identity Protection → Conditional Access

Control access to apps based on conditions like user, device, location, and risk.

ComponentOptions
AssignmentsUsers, Groups, Roles, Guest users
ConditionsLocations, Device platforms, Client apps, Risk levels
Access ControlsGrant, Block, Require MFA, Require compliant device
SessionSign-in frequency, Persistent browser, App restrictions
Named Locations

Define trusted network locations for Conditional Access policies:

IP Ranges

Corporate office IP addresses, VPN ranges

Countries/Regions

Allow or block by geographic location

Admin Roles

Path: Security → Privileged Access → Admin Roles

Global Admin
User Admin
Security Admin
Exchange Admin
Teams Admin
Intune Admin
Billing Admin
Custom Roles
Data Protection

DLP Policies

Path: Security → Data Protection → DLP

Create and manage DLP policies
Define sensitive information types
View DLP incident reports
Configure policy tips and notifications

Sensitivity Labels

Information protection labels with encryption and access control settings for documents and emails.

Security Alerts

Path: Security → Alerts

High Severity

Immediate action required

Medium Severity

Review within 24 hours

Low/Informational

Awareness items