A new service has been rolled out for Microsoft Defender ATP that now rates your security configuration, helping weed out unneeded administrator accounts before attackers can find them.
Redmond calls the configuration score the Microsoft Secure Score for Devices, and it is visible in the Threat and Threat and Vulnerability Management service dashboard component of Microsoft Defender Security Center.
As noted, the tool now gives your devices and network a security score that lets admins know at a glance the health of their environment, based on how it is configured.
The higher the score, the better the state of the collective security configuration across applications, operating systems, network, accounts, and security controls.
Microsoft promises that the data in the score card is the product of meticulous and ongoing vulnerability discovery that involves the comparison of collected configurations from collected benchmarks, as well as best-practice benchmarks from vendors, security feeds, and internal research.
Microsoft Defender ATP users will also see a list of recommendations based on what the scan finds.
The software titan does warn that there may be some false alarms related to only partial support for its Intune mobile device management platform. As a result, configurations that have been set through the service may show up as misconfigured.
But on the whole, the tool will be very useful for security operations center to scour a network for vulnerabilities that could be mitigated via appropriate configuration changes.