Where can I find quick details for each recommendation for Security Score of MS Defender?
Posted by Liuk_4@reddit | sysadmin | View on Reddit | 13 comments
We have a low level of security score in our company (57%), and we are now aiming to improve overall, and MS Defender is one of them.
As of now, there are so many recommendations by MS to improve it, but it is not very easy to understand what each involves, what impact, and so on.
Could you please advise on how I should move to understand these?
Are there some systems that can help me? Are AI good enough to give me some hints or not?
KavyaJune@reddit
Each recommendation provides a Learn more link along with the relevant configuration steps.
Also, remember that you do not need to chase a perfect score. The key is to strike the right balance between security and productivity.
Psiuyo@reddit
Export your recommendation list and ask Copilot? It can help prioritize and can suggest items that have minimal risk for most people, but you still need to vet it and you still need to understand your systems to know the scope of impact for your business. If you don't know or don't understand the recommendation don't push buttons at random.
"Quick" is not the name of the game here. Some of those changes may seriously disrupt workflows, right or wrong you need work with business and process owners on those tougher changes.
Sab159@reddit
If only each recommendation was linked to an explanation tab or documentation page. Oh wait it is. Else there is google. What kind of post is this.
Liuk_4@reddit (OP)
What is not clear about "quick"?
Sab159@reddit
The part where you make it a reddit post and wait for people to take you by the hand.
GeeGeeMachine@reddit
Sorry OP, but most securescore items involve understanding what each item refers to, understanding impacts of each potential changed item, and working with teams that these changes would affect. AI is not an excellent tool here besides giving you another source of text to read, which Microsoft already does. You need to fully understand the systems involved, and communicate.
titlrequired@reddit
The controls have a reasonable explanation about what they’re scoring.
Do you have an example you’re struggling with?
Liuk_4@reddit (OP)
Is not about struggling, is more about being worried about cross impact with other system or services.
thortgot@reddit
Each will have different effects. If you have an example that would be useful.
Knock on impact is one of the trickier aspects.
Microsoft secure score is only one way to look at risk though it is a fairly good one.
teriaavibes@reddit
Well, you are kind of supposed to know how the products work before you start pressing random buttons. Not sure I quite follow here.
Liuk_4@reddit (OP)
I am and we are, we won't activate randomly settings just to improve a score
bitslammer@reddit
No outside part is going to be able to provide good scoring on potential impact since they don't know the business function of what you are working on. You could be looking at a server that runs a business critical app or one that just runs the menu screen in the lunchroom.
OkEmployment4437@reddit
57% by itself doesn't tell you much, Secure Score is decent for prioritization but its a bad target on its own. If you open each recommendation in Defender, the detail pane usually gives you the impacted devices/users, the implementation steps, and a Microsoft Learn link, that's the fastest way to see what it's actually asking for without guessing.
What I'd do is sort for the recommendations with meaningful score gain, then sanity check effort and blast radius before touching anything, because a 3 point win that flips a safe control on for half the company can still be the wrong first move. AI is fine for translating Microsoft wording into plain English, but I wouldn't trust it as the source of truth for what a setting does or whether it will break something