SKILL.md— paste into Microsoft 365 Copilot or ClaudeDownload▸ View skill file▾ Hide skill file
---
name: Microsoft Secure Score Improvement Plan
description: Benchmark Microsoft Secure Score across identity, device, app and data and produce a prioritised improvement plan mapped to the Essential Eight.
---
# Microsoft Secure Score Improvement Plan
> **TL;DR:** This skill reads your Microsoft Secure Score across identity, device, app and data, ranks the open improvement actions by impact and effort, and produces a prioritised plan mapped to the Essential Eight so you fix the highest-value gaps first.
## What Microsoft Secure Score measures
Microsoft Secure Score is the security posture benchmark in the Microsoft Defender portal that scores your tenant against recommended controls across Microsoft Entra identity, Microsoft Intune device management, Microsoft 365 apps and Microsoft Purview data protection. Each improvement action carries an achievable point value, a current attained value and a category, so the aggregate percentage reflects how close your organisation is to the Microsoft-recommended baseline. This skill reads those signals together with related Conditional Access and DLP coverage to explain where the score is being lost. It treats the cloud tenant as the single source of truth, with no on-premises agents involved.
## When should you run this skill?
- "What is our current Microsoft Secure Score and which controls are dragging it down?"
- "Give me a prioritised list of the highest-impact security actions we have not done yet."
- "How does our posture map to the Essential Eight maturity model?"
- "Which improvement actions give the most points for the least effort?"
- "We have a board security review next week and need a benchmark of our Microsoft 365 posture."
- "Show me the identity, device, app and data categories side by side."
- "Has our Secure Score regressed since the last quarter?"
## How this skill works, step by step
1. Read the current aggregate Microsoft Secure Score and the maximum achievable score for the tenant.
2. Retrieve the score breakdown by category across identity, device, app and data control groups.
3. Enumerate all improvement actions, capturing each action's status, attained points, achievable points and remediation impact.
4. Inspect related Microsoft Entra Conditional Access and Microsoft Purview DLP coverage to confirm whether controls are genuinely enforced.
5. Calculate a prioritisation score for each open action by weighting achievable points against implementation effort and user impact.
6. Map each high-value action to the relevant Essential Eight mitigation strategy and maturity level where a genuine match exists.
7. Rank the open actions from highest to lowest priority and group them by category.
8. Compile the benchmark, the ranked plan and the Essential Eight mapping into a single read-only report.
9. Summarise quick wins and longer-term remediation themes for stakeholders.
## Output format
The skill produces a posture benchmark followed by a prioritised improvement plan.
| Improvement action | Category | Points available | Effort | Essential Eight mapping | Priority |
| --- | --- | --- | --- | --- | --- |
| Require multifactor authentication for administrative roles | Identity | 9 | Low | Multi-factor authentication (ML2) | Critical |
| Ensure DLP policies cover sensitive data in SharePoint and OneDrive | Data | 6 | Medium | Not directly mapped | High |
| Block legacy authentication protocols via Conditional Access | Identity | 8 | Low | Multi-factor authentication (ML2) | Critical |
| Enforce Intune compliance policies on all managed devices | Device | 5 | Medium | Patch operating systems (ML1) | Medium |
Summary highlights:
- Current aggregate Microsoft Secure Score and percentage of the maximum achievable score.
- Category breakdown across identity, device, app and data with attained versus achievable points.
- Quick wins: low-effort, high-point actions to action first.
- Essential Eight coverage notes, including controls with no direct Secure Score equivalent.
## Scope and safety
This skill is read-only by default and makes no changes to your tenant, policies or configuration. It only reads Secure Score data and related posture signals to build the benchmark and plan.
This skill does NOT:
- Remediate, enable or modify any improvement action or security control.
- Create, edit or delete Conditional Access, DLP or Intune policies.
- Alter user accounts, role assignments or licence assignments.
- Export or move any customer content or sensitive data outside the reporting context.
## Licensing and permissions
### Licences and add-ons
| Capability used | Minimum licence |
| --- | --- |
| Microsoft Secure Score in the Microsoft Defender portal | Microsoft 365 E3 (or Microsoft Entra ID P1 for identity controls) |
| Conditional Access posture signals | Microsoft Entra ID P1 |
| Microsoft Purview DLP coverage signals | Microsoft 365 E5 Compliance (or E5) |
### Least-privilege roles
- Security Reader (read-only access to Microsoft Secure Score and improvement actions)
- Global Reader (read-only visibility across Conditional Access, DLP and Intune posture)
### Microsoft Graph permissions (read-only)
- `SecurityEvents.Read.All` — reads the aggregate Microsoft Secure Score, category breakdown and improvement actions
- `Policy.Read.All` — reads Microsoft Entra Conditional Access policies to confirm enforced identity controls
- `DeviceManagementConfiguration.Read.All` — reads Microsoft Intune compliance and configuration posture
- `InformationProtectionPolicy.Read.All` — reads Microsoft Purview data protection policy posture used in the benchmark
## Sources and compliance
- [Microsoft Secure Score](https://learn.microsoft.com/en-us/defender-xdr/microsoft-secure-score)
- [Microsoft Secure Score improvement actions](https://learn.microsoft.com/en-us/defender-xdr/microsoft-secure-score-improvement-actions)
- Mapped to the [ASD Essential Eight Maturity Model](https://www.cyber.gov.au/resources-business-and-government/essential-cyber-security/essential-eight/essential-eight-maturity-model), particularly multi-factor authentication, patch operating systems and restrict administrative privileges.
- Aligned to ISM controls for system hardening and privileged access management where a genuine mapping exists.
- Output in Australian English.
How to use this skill
- Get the file. Download or copy the
SKILL.mdfrom the panel above. - Load it into your host:
- Microsoft 365 Copilot / Copilot Studio — add it as the instructions of a declarative agent or Copilot Studio agent.
- Claude (Cowork / Claude Code) — drop the file into your skills folder; it loads as an Agent Skill automatically.
- Any chat host — paste the file contents as your prompt.
- Grant read-only access. Assign the least-privilege roles and Microsoft Graph scopes listed in Licensing and permissions below.
- Provide your tenant scope and run it (a site, a collection, or the whole tenant).
- Review the report and action the risk-ranked recommendations.
This skill is read-only by default — it inspects and reports, and never changes your tenant.
Microsoft Secure Score Improvement Plan
TL;DR: This skill reads your Microsoft Secure Score across identity, device, app and data, ranks the open improvement actions by impact and effort, and produces a prioritised plan mapped to the Essential Eight so you fix the highest-value gaps first.
What Microsoft Secure Score measures
Microsoft Secure Score is the security posture benchmark in the Microsoft Defender portal that scores your tenant against recommended controls across Microsoft Entra identity, Microsoft Intune device management, Microsoft 365 apps and Microsoft Purview data protection. Each improvement action carries an achievable point value, a current attained value and a category, so the aggregate percentage reflects how close your organisation is to the Microsoft-recommended baseline. This skill reads those signals together with related Conditional Access and DLP coverage to explain where the score is being lost. It treats the cloud tenant as the single source of truth, with no on-premises agents involved.
When should you run this skill?
- “What is our current Microsoft Secure Score and which controls are dragging it down?”
- “Give me a prioritised list of the highest-impact security actions we have not done yet.”
- “How does our posture map to the Essential Eight maturity model?”
- “Which improvement actions give the most points for the least effort?”
- “We have a board security review next week and need a benchmark of our Microsoft 365 posture.”
- “Show me the identity, device, app and data categories side by side.”
- “Has our Secure Score regressed since the last quarter?”
How this skill works, step by step
- Read the current aggregate Microsoft Secure Score and the maximum achievable score for the tenant.
- Retrieve the score breakdown by category across identity, device, app and data control groups.
- Enumerate all improvement actions, capturing each action’s status, attained points, achievable points and remediation impact.
- Inspect related Microsoft Entra Conditional Access and Microsoft Purview DLP coverage to confirm whether controls are genuinely enforced.
- Calculate a prioritisation score for each open action by weighting achievable points against implementation effort and user impact.
- Map each high-value action to the relevant Essential Eight mitigation strategy and maturity level where a genuine match exists.
- Rank the open actions from highest to lowest priority and group them by category.
- Compile the benchmark, the ranked plan and the Essential Eight mapping into a single read-only report.
- Summarise quick wins and longer-term remediation themes for stakeholders.
Output format
The skill produces a posture benchmark followed by a prioritised improvement plan.
| Improvement action | Category | Points available | Effort | Essential Eight mapping | Priority |
|---|---|---|---|---|---|
| Require multifactor authentication for administrative roles | Identity | 9 | Low | Multi-factor authentication (ML2) | Critical |
| Ensure DLP policies cover sensitive data in SharePoint and OneDrive | Data | 6 | Medium | Not directly mapped | High |
| Block legacy authentication protocols via Conditional Access | Identity | 8 | Low | Multi-factor authentication (ML2) | Critical |
| Enforce Intune compliance policies on all managed devices | Device | 5 | Medium | Patch operating systems (ML1) | Medium |
Summary highlights:
- Current aggregate Microsoft Secure Score and percentage of the maximum achievable score.
- Category breakdown across identity, device, app and data with attained versus achievable points.
- Quick wins: low-effort, high-point actions to action first.
- Essential Eight coverage notes, including controls with no direct Secure Score equivalent.
Scope and safety
This skill is read-only by default and makes no changes to your tenant, policies or configuration. It only reads Secure Score data and related posture signals to build the benchmark and plan.
This skill does NOT:
- Remediate, enable or modify any improvement action or security control.
- Create, edit or delete Conditional Access, DLP or Intune policies.
- Alter user accounts, role assignments or licence assignments.
- Export or move any customer content or sensitive data outside the reporting context.
Licensing and permissions
Licences and add-ons
| Capability used | Minimum licence |
|---|---|
| Microsoft Secure Score in the Microsoft Defender portal | Microsoft 365 E3 (or Microsoft Entra ID P1 for identity controls) |
| Conditional Access posture signals | Microsoft Entra ID P1 |
| Microsoft Purview DLP coverage signals | Microsoft 365 E5 Compliance (or E5) |
Least-privilege roles
- Security Reader (read-only access to Microsoft Secure Score and improvement actions)
- Global Reader (read-only visibility across Conditional Access, DLP and Intune posture)
Microsoft Graph permissions (read-only)
SecurityEvents.Read.All— reads the aggregate Microsoft Secure Score, category breakdown and improvement actionsPolicy.Read.All— reads Microsoft Entra Conditional Access policies to confirm enforced identity controlsDeviceManagementConfiguration.Read.All— reads Microsoft Intune compliance and configuration postureInformationProtectionPolicy.Read.All— reads Microsoft Purview data protection policy posture used in the benchmark
Sources and compliance
- Microsoft Secure Score
- Microsoft Secure Score improvement actions
- Mapped to the ASD Essential Eight Maturity Model , particularly multi-factor authentication, patch operating systems and restrict administrative privileges.
- Aligned to ISM controls for system hardening and privileged access management where a genuine mapping exists.
- Output in Australian English.
Last updated on