AB-900, Cybersecurity, Microsoft Certification, security

Interpret Identity Secure Score in Microsoft Entra ID (AB-900 Exam Prep)

 
This post is a part of the AB-900: Microsoft 365 Copilot and Agent Administration Fundamentals Exam Prep Hub.
This topic falls under these sections:
Identify the core features and objects of Microsoft 365 services (30–35%)
   --> Identify the core security features of Microsoft 365 services
      --> Interpret Identity Secure Score in Microsoft Entra ID

Note that there are 10 practice questions (with answers) at the end of each section to help you solidify your knowledge of the material. Also, there are 4 practice tests with 30 questions each available from the hub's main page below the exam topics section.

Introduction

Modern organizations face increasing identity-related threats such as password attacks, credential theft, phishing, and unauthorized access attempts. To help organizations measure and improve their identity security posture, Microsoft provides Identity Secure Score within Microsoft Entra ID.

Identity Secure Score gives administrators a numerical representation of how well identity security best practices are being implemented. It also provides actionable recommendations that can strengthen security and reduce risk.

For the AB-900: Microsoft 365 Copilot and Agent Administration Fundamentals exam, you should understand:

  • What Identity Secure Score is.
  • Where it is located.
  • How scores are calculated.
  • What recommendations are provided.
  • How administrators can use the score to improve identity security.

What Is Identity Secure Score?

Identity Secure Score is a feature in Microsoft Entra ID that measures the effectiveness of an organization’s identity security controls.

It:

  • Evaluates current identity configurations.
  • Assigns points for implemented security controls.
  • Provides recommendations for improvements.
  • Helps organizations prioritize security actions.
  • Tracks progress over time.

Identity Secure Score focuses specifically on identity-related security rather than overall Microsoft 365 security.

Purpose of Identity Secure Score

The primary goals are to:

  • Reduce identity-based risks.
  • Encourage adoption of security best practices.
  • Provide visibility into security weaknesses.
  • Help administrators prioritize improvements.
  • Measure progress over time.

Identity Secure Score serves as both an assessment tool and a roadmap for improving identity security.

Where to Find Identity Secure Score

Identity Secure Score is available in the Microsoft Entra admin center.

Administrators can:

  1. Open Microsoft Entra admin center.
  2. Navigate to Protection.
  3. Select Identity Secure Score.

The dashboard displays:

  • Current score
  • Maximum possible score
  • Percentage achieved
  • Improvement actions
  • Trends over time

How the Score Is Calculated

The score is based on the implementation of recommended identity security controls.

Examples include:

  • Enabling multifactor authentication (MFA)
  • Using Conditional Access policies
  • Eliminating legacy authentication
  • Protecting privileged accounts
  • Registering authentication methods
  • Using passwordless authentication

Each completed recommendation contributes points toward the overall score.

Example

Suppose an organization:

  • Enables MFA for administrators.
  • Disables legacy authentication.
  • Implements Conditional Access.

These completed actions increase the Identity Secure Score.

Understanding the Score

A higher score generally indicates stronger identity protection.

However:

  • Identity Secure Score is not a guarantee of security.
  • A lower score does not necessarily mean the organization is compromised.
  • The score should be viewed as guidance rather than a compliance requirement.

The goal is continuous improvement rather than achieving a perfect score.

Improvement Actions

Identity Secure Score provides recommendations called improvement actions.

Each action includes:

  • Description of the recommendation.
  • Security benefits.
  • Number of points available.
  • Current implementation status.
  • Links to documentation.

Administrators can prioritize actions with the greatest security impact.

Examples of Improvement Actions

Common recommendations include:

Enable MFA for Administrators

Protects highly privileged accounts from compromise.

Enable MFA for Users

Reduces risks associated with stolen passwords.

Require Authentication Method Registration

Ensures users can complete MFA challenges.

Block Legacy Authentication

Prevents older protocols that bypass modern security controls.

Use Conditional Access Policies

Provides risk-based access control.

Protect Privileged Roles

Adds additional protection to administrator accounts.

Score Categories

Recommendations are grouped into categories such as:

Identity Protection

Improves defenses against compromised identities.

Authentication

Strengthens user sign-in methods.

Privileged Access

Secures administrative accounts.

Access Control

Implements Conditional Access and related protections.

Device Security

Ensures devices meet required standards.

These categories help administrators focus on specific security areas.

Trending and Historical Views

Identity Secure Score tracks changes over time.

Administrators can:

  • Monitor improvements.
  • Measure progress after implementing controls.
  • Demonstrate security enhancements to leadership.
  • Identify periods when scores decreased.

Historical trends support long-term security planning.

Comparing with Similar Organizations

Microsoft may provide benchmark information showing how an organization’s score compares with similar tenants.

This allows organizations to:

  • Understand industry averages.
  • Identify areas needing attention.
  • Set realistic improvement goals.

These comparisons are informational and should not replace security requirements specific to the organization.

Relationship to Microsoft Secure Score

Students often confuse these two tools.

Identity Secure Score

Focuses specifically on:

  • Users
  • Authentication
  • Identity protection
  • Conditional Access
  • Privileged access

Microsoft Secure Score

Measures security across Microsoft 365 services, including:

  • Identity
  • Devices
  • Applications
  • Data
  • Email
  • Collaboration services

Identity Secure Score is therefore a subset of overall security improvement efforts.

Identity Secure Score and Microsoft 365 Copilot

Microsoft 365 Copilot relies on Microsoft Entra identities for access.

Weak identity controls can increase the risk of:

  • Unauthorized access to Copilot.
  • Exposure of sensitive organizational data.
  • Compromised accounts using AI tools improperly.

Improving Identity Secure Score indirectly strengthens the security posture of Microsoft 365 Copilot environments.

Best Practices

Enable Multifactor Authentication

MFA is one of the most valuable security controls.

Protect Administrator Accounts

Privileged users should have additional safeguards.

Eliminate Legacy Authentication

Older protocols often bypass modern protections.

Use Conditional Access

Apply adaptive access policies based on risk.

Review Recommendations Regularly

Identity threats evolve continuously.

Focus on High-Impact Actions First

Not all recommendations provide equal security value.

Important Exam Tips

For AB-900, remember:

  • Identity Secure Score is found in Microsoft Entra ID.
  • It measures identity security posture.
  • Scores increase when recommended controls are implemented.
  • Improvement actions provide guidance and point values.
  • Identity Secure Score is different from Microsoft Secure Score.
  • MFA and Conditional Access commonly improve the score.
  • The score helps prioritize security improvements.
  • Historical trends show progress over time.
  • A perfect score is not required.
  • Microsoft 365 Copilot security depends on strong identities.

Practice Exam Questions

Question 1

What is the primary purpose of Identity Secure Score?

A. Measure and improve identity security posture
B. Track SharePoint storage usage
C. Monitor Exchange mailbox size
D. Manage Teams channels

Correct Answer: A

Explanation: Identity Secure Score evaluates identity security controls and provides recommendations for improvement.

Question 2

Where can administrators access Identity Secure Score?

A. Teams admin center
B. Exchange admin center
C. Microsoft Entra admin center
D. SharePoint admin center

Correct Answer: C

Explanation: Identity Secure Score is located within the Microsoft Entra admin center under Protection.

Question 3

Which action would typically increase Identity Secure Score?

A. Deleting Teams channels
B. Enabling multifactor authentication
C. Creating additional mailboxes
D. Increasing OneDrive storage

Correct Answer: B

Explanation: MFA is a recommended identity security control and contributes points to the score.

Question 4

What does a higher Identity Secure Score generally indicate?

A. Increased mailbox capacity
B. Stronger identity security posture
C. More SharePoint sites
D. Better Teams performance

Correct Answer: B

Explanation: Higher scores reflect the implementation of more recommended identity protections.

Question 5

Which information is provided with an improvement action?

A. Available point value and security benefit
B. Teams meeting recordings
C. Exchange message traces
D. OneDrive storage quotas

Correct Answer: A

Explanation: Improvement actions include descriptions, benefits, and associated points.

Question 6

Which recommendation commonly appears in Identity Secure Score?

A. Increase mailbox size limits
B. Add Teams emojis
C. Disable legacy authentication
D. Create more SharePoint libraries

Correct Answer: C

Explanation: Legacy authentication is a common attack vector, and disabling it improves security.

Question 7

What is one benefit of historical trend information?

A. It increases license counts automatically.
B. It allows organizations to track security improvements over time.
C. It creates Conditional Access policies automatically.
D. It backs up SharePoint sites.

Correct Answer: B

Explanation: Historical trends help administrators measure progress and evaluate changes.

Question 8

How does Identity Secure Score differ from Microsoft Secure Score?

A. Identity Secure Score measures device storage.
B. Microsoft Secure Score only evaluates Exchange Online.
C. Identity Secure Score focuses specifically on identity security controls.
D. Microsoft Secure Score only applies to Copilot.

Correct Answer: C

Explanation: Identity Secure Score concentrates on authentication and identity protection, while Microsoft Secure Score covers broader Microsoft 365 security.

Question 9

Which statement about a perfect Identity Secure Score is correct?

A. It guarantees the organization cannot be compromised.
B. It is legally required for Microsoft 365 tenants.
C. It automatically enables all security features.
D. It is not required; continuous improvement is the goal.

Correct Answer: D

Explanation: Secure Score is intended as guidance and a tool for ongoing security enhancement.

Question 10

Why is Identity Secure Score important for Microsoft 365 Copilot?

A. Copilot stores Secure Score values inside Word documents.
B. Copilot uses Microsoft Entra identities for access to organizational data.
C. Copilot disables Conditional Access policies.
D. Copilot replaces Microsoft Entra authentication.

Correct Answer: B

Explanation: Strong identity controls help protect Copilot and the data it can access.

Go to the AB-900 Exam Prep Hub main page

Leave a comment