Review security initiatives

Microsoft Security Exposure Management offers a focused, metric-driven way of tracking exposure in specific security areas using security initiatives. This article describes how to work with initiatives.

Prerequisites

View initiatives page

  1. Navigate to the Microsoft Defender portal.

  2. From the Exposure management section on the navigation bar, select Exposure insights -> Initiatives to open the initiatives page.

    Screenshot of the Security Exposure Management Initiatives window.

  3. At the top of the initiatives page, review the highlighted key initiatives by scrolling and drilling down per your needs.

  4. To set an initiative to appear in the top initiative bar in the dashboard or on the initiatives page, select the star icon in the initiatives window or Mark as favorite in the individual initiative.

  5. You can review the following information for all initiatives:

    • 14 day change trend graph highlighting how the initiative score changes over the past 14 days
    • Initiative name
    • Favorite indicator (toggle on/off) to display in the key initiatives banner
    • Current score of the initiative
    • Programs or workloads contributing to or required by this initiative
  6. Select an initiative to open the small overview and then select Open initiative page to review or remediate issues. The initiative page includes additional information including:

    • Your target score for the initiative
    • A means to set a custom target score appropriate to your organization's needs
    • Description
    • Associated security recommendations
    • All metrics related to the initiative, if applicable.
    • A metric trends graph and drift change, if applicable.
    • History of score changes
    • Related threats Screenshot of the ransomware initiative.

Set target score

  1. To customize your initiative's target score, select Initiatives.

  2. Select the individual initiative and then Set target score to open the set initiative target score window.

  3. Set a new target score percentage and select Apply.

Screenshot of the window to set the initiative target.

The changes in your score provide you with useful feedback about how well you're meeting the goals of your initiatives.

  1. From your initiative page, check the overall 14 day change trend graph and 14 day drift change to track the changes in your initiative score, visually and as a percentage.
  2. For initiatives with metrics, you can examine this data per metric as well.

Check history

  1. Select an initiative to open the small overview and then select Open initiative page-> History to view changes over time.

  2. Browse to the time table to choose a specific time point to examine.

    1. If needed, filter for specific time points.
    2. Choose the time point and select to examine the percent effect on the initiative score and the reason for the change.
    3. Select a metric to explore the change's effect further, if applicable.
    4. Open the Changes to exposed assets dropdown to view up to the top 100 changed assets. The status will indicate whether the asset exposure has been added or removed.

Screenshot of history side panel

Review metrics and recommendations

  1. To review metrics associated with your initiative, select Exposure insights -> Initiatives-> Security metrics.

  2. Sort by heading, as needed.

  3. Select Exposure insights -> Initiatives-> Security recommendations to view recommendations related to your initiative.

    You only see those recommendations that are currently applied to assets and active in Microsoft Secure Score or Microsoft Defender for Cloud.

  4. Sort by heading or filter by state, source, impact, workload, or domain, as needed.

  5. Select a recommendation, such as a not compliant one, and then select Manage to remediate the recommendation in the originating workload, such as Microsoft Defender Vulnerability Management.

    Screenshot of the initiative's security recommendation tab.

Next steps