Important Update for KARE Foundation Subscribers
If you’ve noticed your Microsoft Secure Score percentage decreasing recently, don’t be alarmed. Your security hasn’t weakened. In fact, Microsoft is making significant enhancements that will ultimately make your organisation more secure. Here’s what you need to know.
What’s Happening with Microsoft Secure Score?
Throughout 2025, Microsoft has been rolling out a substantial wave of new security recommendations across their security platform. These additions are dramatically increasing the total possible Secure Score points available, which has a direct mathematical impact on your score percentage, even when your actual security controls remain unchanged or improved.
The Numbers Behind the Change
Think of it this way: if you previously scored 800 out of 1,000 possible points (80%), and Microsoft adds 500 new recommended security controls, your total possible score jumps to 1,500 points. Your 800 points of implemented security now represents approximately 53%—despite no reduction in your actual protection.
This is exactly what’s happening across Microsoft 365 environments globally.
Recent Microsoft Secure Score Enhancements
Microsoft has introduced dozens of new security recommendations in recent months, including:
Microsoft Defender for Endpoint (December 2025)
New recommendations to block common attack techniques, including:
- Disabling NTLM authentication for Windows workstations
- Disabling Remote Registry Service on Windows devices
- Advanced endpoint protection configurations
Microsoft Defender for Identity (Ongoing Throughout 2025)
Comprehensive identity security enhancements covering:
- Active Directory Certificate Services (ADCS) security assessments
- Identification and remediation of privileged service accounts
- Removal of stale Active Directory accounts
- Password management for managed service accounts
- Enhanced monitoring across ADCS, Entra Connect, and ADFS servers
- Detection of accounts with potentially leaked credentials
Microsoft Information Protection
- Data loss prevention policy implementations
- Sensitivity label configurations
- Protection across SharePoint, Exchange, Teams, and end-points
Additional Security Controls
- Phishing-resistant multi-factor authentication for administrators
- Legacy authentication blocking (critical for modern security)
- Enhanced Exchange Online protection
- SharePoint and OneDrive external sharing controls
- Custom banned password lists
Why This Matters: The Good News
While seeing your percentage drop can be concerning, these changes represent a significant positive development for several reasons:
1. More Comprehensive Security Coverage
Microsoft is identifying security gaps that weren’t previously measured. These new recommendations address real-world attack vectors that threat actors actively exploit.
2. Industry-Leading Security Standards
The expanded recommendations align with frameworks including NIST CSF, ISO 27001, CIS Controls, and Australia’s Essential Eight. Organisations implementing these controls demonstrate security maturity.
3. Proactive Threat Protection
Many new recommendations specifically target techniques used in recent high-profile security incidents, including ransomware attacks and identity compromise.
4. Better Visibility
The enhanced Secure Score provides more granular insight into your security posture, helping identify areas for improvement that were previously invisible.
What Kinetics is Doing: Your Protection is Our Priority
As your trusted IT partner, Kinetics is actively managing this transition for all KARE Foundation subscribers:
Ongoing Evaluation
Our security team is systematically reviewing each new recommendation as it rolls out, assessing:
- Relevance to your specific business environment
- Potential impact on daily operations
- Priority level based on threat landscape
- Implementation complexity and timeline
Strategic Implementation
We’re not simply chasing a percentage—we’re implementing security controls that provide genuine protection for your organisation. This means:
- Risk-based prioritisation: Addressing the most critical security gaps first
- Business-aligned deployment: Ensuring security doesn’t impede productivity
- Testing and validation: Confirming controls work as intended before full rollout
- Documentation and communication: Keeping you informed of changes
Enhanced Protection for KARE Foundation
These new security controls will be evaluated and, where appropriate, added to the KARE Foundation service to provide even stronger protection against evolving cyber threats.
Understanding Your Score: A Balanced Perspective
Your Microsoft Secure Score is one indicator of security health, but it’s not the complete picture. Here’s what matters most:
What Your Score Indicates
✅ Implementation of Microsoft’s recommended security controls
✅ Relative security posture compared to similar organisations
✅ Progress tracking over time
What Your Score Doesn’t Indicate
❌ Absolute protection against all threats
❌ Guarantee against security incidents
❌ Complete security maturity assessment
A comprehensive security program includes elements that Secure Score doesn’t measure: employee security awareness, incident response capabilities, backup and recovery procedures, third-party risk management, and security governance.
Looking Ahead: The Security Landscape in 2025
The cyber threat environment continues to evolve rapidly. Recent trends include:
- Sophisticated AI-powered phishing attacks
- Identity-based compromises replacing traditional malware
- Supply chain and third-party security risks
- Ransomware groups targeting small and medium businesses
- Exploitation of configuration weaknesses
Microsoft’s expanded Secure Score recommendations directly address many of these emerging threats, particularly around identity security and endpoint protection.
What You Should Do
For All Clients
- Don’t panic about percentage decreases: Your security hasn’t weakened; the measurement scale has expanded
- Review your Secure Score trends: Look at the pattern over time rather than absolute numbers
- Trust your security partner: Kinetics is managing these changes systematically
- Maintain security fundamentals: Continue following security best practices, especially around passwords and email awareness
For KARE Foundation Subscribers
These changes are being rolled out right now. Your Kinetics team is handling the technical evaluation and implementation. We’ll reach out if we identify high-priority controls that require business decisions or changes to your environment.
Questions or Concerns?
If you’d like to discuss your specific Secure Score or security posture, contact your Kinetics account manager or our security team.
The Bottom Line
The recent expansion of Microsoft Secure Score recommendations is ultimately positive for your organisation’s security. While you may see temporary percentage decreases, Kinetics is working behind the scenes to evaluate and implement these enhanced security controls, ensuring your organisation benefits from Microsoft’s latest security innovations.
Your security is much more than a simple percentage. It’s a comprehensive program of people, processes, and technology working together to protect your business. With Kinetics managing your Microsoft 365 security through KARE Foundation, you have a dedicated team focused on that protection every day.