Microsoft 365 Secure Score remains a valuable security analytics tool designed to assess and improve an organisation’s security posture within a single tenant. It uses a score-based approach to provide actionable recommendations aligned to Microsoft best practices.
However, for MSPs operating at scale, Secure Score still presents challenges, particularly when it comes to multi-tenant environments, workflow efficiency and adapting to real-world client scenarios.
While Microsoft has significantly expanded the surrounding ecosystem in recent years – including Microsoft Entra, Defender, Lighthouse, and improved APIs – the core mechanics of Secure Score itself have remained largely unchanged. As a result, IT service providers should view Secure Score as one input within a broader security strategy, rather than the central tool.
M365 Secure Score benefits for single-tenant assessment
Secure Score evaluates security configurations, policies and user-related signals/flags, then assigns a numerical score representing an organisation’s overall security posture.
It continues to provide value in several areas:
- Assessing security posture
Secure Score highlights areas where security settings can be improved, identifies vulnerabilities and suggests best practices across identity, data protection, and threat management. - Proactive security improvements
It enables organisations to track progress over time and measure the impact of security changes, helping demonstrate improvement to stakeholders. - Security prioritisation
It provides a structured way to prioritise security actions, making it easier to focus on high-impact improvements.
That said, Secure Score is now just one data point. With the evolution of Microsoft Defender and broader security telemetry, overall tenant health is increasingly measured across multiple signals – not just a single score.
Analysing shortcomings with M365 Secure Score for MSPs
Despite improvements in the Microsoft ecosystem, several limitations remain relevant for MSPs:
1. Limited native multi-tenant orchestration
Secure Score is still fundamentally designed for single-tenant visibility.
Microsoft has partially addressed this gap through Lighthouse and APIs, enabling better aggregation and automation. However, native multi-tenant orchestration remains limited, and managing multiple clients still requires stitching together multiple tools and workflows.
2. Challenges with exceptional security circumstances
MSPs often need to tailor security configurations based on client-specific risk profiles, compliance requirements or operational realities.
Secure Score still lacks flexibility in adjusting scoring logic or weighting, making it difficult to reflect real-world exceptions.
3. No in-built remediation
Secure Score continues to act as a recommendation engine rather than an execution tool. While it guides what should be done, remediation must still be performed manually or via other tools, adding operational overhead.
4. Limited alerting capabilities
Secure Score itself does not provide real-time alerting. Microsoft has strengthened this area significantly through Defender and Sentinel, which now play a much larger role in detection and response. This reinforces that Secure Score is not intended to be a standalone monitoring solution.
5. Evolving but incomplete security coverage
Coverage has expanded significantly with the introduction of Microsoft Entra and deeper integration across the Microsoft security stack, however, it still does not represent a complete view of an organisation’s security posture. Many controls, configurations, and third-party risks remain outside its scope.
6. Microsoft-centric recommendations
Secure Score continues to align closely with Microsoft’s own security offerings. While this promotes best practices, it can also bias recommendations toward additional Microsoft licencing, rather than providing a neutral, environment-wide assessment.
The bigger shift: ecosystem vs. core tool
The most important change we have seen recently is not Secure Score itself, but the ecosystem around it. Microsoft has significantly enhanced its security platform through Defender, Entra, and improved APIs, enabling better visibility, automation, and integration.
However, Secure Score remains largely the same at its core. It has evolved from being positioned as a central metric to becoming one component within a broader security posture framework.
How can MSPs better evaluate a client’s security posture?
To address these gaps, MSPs should adopt a layered approach to security posture management using tools that offer:
- Centralised multi-tenant visibility
- Workflow automation and remediation
- Customisable baselines and exception handling
- Integrated alerting and monitoring
- Broader coverage beyond Microsoft-native controls
This is where third-party platforms continue to differentiate – not just in capability, but in workflow, abstraction and MSP-centric design.
One platform to operationalise security posture
Octiga addresses these challenges by providing scalable, multi-tenant security posture management tailored for MSPs.
Its baseline-driven approach allows us to define and enforce best practices across all clients while accommodating real-world exceptions where scoring is aligned to what the client actually has licenced, not what they could purchase.
Octiga also integrates alerting and remediation directly into the platform, enabling MSPs to detect deviations and resolve issues efficiently without relying on multiple tools.
By combining customisable baselines, automated workflows, and multi-tenant visibility, MSPs can move beyond static scoring and towards operational security management.
Real security maturity now comes from combining multiple data sources, automating workflows, and applying context across tenants.
Microsoft has strengthened the ecosystem—but third-party tools remain essential for turning insight into action at scale.
This article was adapted from Octiga’s blog post: https://www.octiga.io/insights/m365-secure-score-limitations-for-msps
