What is Identity score
Azure AD Identity permit to secure your Azure Active Directory. The Identity score is a number between 1 and 223. He permit give an Indicator for how aligned you are with the Microsoft Best Pratice. This Best Practice is a recommandation for the security of your Azure AD, users, … The Identity score feature can be used by Global admin, security admin ou security readers. The secure score contains five categories :
How it’s work ?
Every 48 hours, Azure looks the security configuration and make a comparison with best practices. The new score is calculated for Azure AD. All the elements that are not in line with the best practice are therefore reassembled. The administrator can then implement the necessary actions. Thus the Azure AD infrastructure will be compliant with the Best Practice. Recommandation can be ignored if it’s not Apply on Azure AD. The score is calculated once per day around 1:00 PST. Any modification will therefore only be taken into account the next day (48 hours maximum).
Identity Score platform
From the Azure portal, click on All Services then on Azure AD Identity Secure Score.
The score appear. You can view all Improvement actions, the Score/user Impact and the Implementation Cost.
If you click on Improvement actions, you can view the score impact and change the status. You can also see what you are going to change (potential impact) as well as the impact on users.
No actions (mfa activation, …) can be done from Identity score. Only allows you to see the actions to be performed. I change the status of one Impovement actions. I choose to configure Ignore. I click on Save. This modification can be updated on 24 to 48 hours. It’s therefore easier to secure Azure AD as much as possible and to ensure that best practices are followed.