Update microsoft-secure-score.md

Author: denisebmsft

defender-xdr/microsoft-secure-score.md

@@ -17,7 +17,7 @@ ms.topic: conceptual
 search.appverid:
   - MOE150
   - MET150
-ms.date: 08/03/2023
+ms.date: 06/28/2024
 ---
 
 # Microsoft Secure Score
@@ -43,15 +43,15 @@ Organizations gain access to robust visualizations of metrics and trends, integr
 
 ## How it works
 
-You're given points for the following actions:
+You get points for the following actions:
 
 - Configuring recommended security features
 - Doing security-related tasks
 - Addressing the recommended action with a non-Microsoft application or software, or an alternate mitigation
 
-Some recommended actions only give points when fully completed. Some give partial points if they're completed for some devices or users. If you can't or don't want to enact one of the recommended actions, you can choose to accept the risk or remaining risk.
+Some recommended actions only give points when fully completed. Some actions result in partial points if tasks are completed for some devices or users. If you can't or don't want to enact one of the recommended actions, you can choose to accept the risk or remaining risk.
 
-If you have a license for one of the supported Microsoft products, then you'll see recommendations for those products. We show you the full set of possible recommendations for a product, regardless of license edition, subscription, or plan. This way, you can understand security best practices and improve your score. Your absolute security posture, represented by Secure Score, stays the same no matter what licenses your organization owns for a specific product. Keep in mind that security should be balanced with usability, and not every recommendation can work for your environment.
+If you have a license for one of the supported Microsoft products, then you see recommendations for those products. We show you the full set of possible recommendations for a product, regardless of license edition, subscription, or plan. This way, you can understand security best practices and improve your score. Your absolute security posture, represented by Secure Score, stays the same no matter what licenses your organization owns for a specific product. Keep in mind that security should be balanced with usability, and not every recommendation can work for your environment.
 
 Your score is updated in real time to reflect the information presented in the visualizations and recommended action pages. Secure Score also syncs daily to receive system data about your achieved points for each action.
 
@@ -69,7 +69,7 @@ Your score is updated in real time to reflect the information presented in the v
 
 Each recommended action is worth 10 points or less, and most are scored in a binary fashion. If you implement the recommended action, like create a new policy or turn on a specific setting, you get 100% of the points. For other recommended actions, points are given as a percentage of the total configuration.
 
-For example, a recommended action states you get 10 points by protecting all your users with multi-factor authentication. You only have 50 of 100 total users protected, so you'd get a partial score of five points (50 protected / 100 total * 10 max pts = 5 pts).
+For example, a recommended action states you get 10 points by protecting all your users with multifactor authentication. You only have 50 of 100 total users protected, so you'd get a partial score of five points (50 protected / 100 total * 10 max pts = 5 pts).
 
 ### Products included in Secure Score
 
@@ -85,38 +85,41 @@ Currently there are recommendations for the following products:
 - Exchange Online
 - GitHub
 - Microsoft Defender for Cloud Apps
-- Microsoft Information Protection
+- Microsoft Purview Information Protection
 - Microsoft Teams
 - Okta
 - Salesforce
 - ServiceNow
 - SharePoint Online
 - Zoom
 
-Recommendations for other security products are coming soon. The recommendations won't cover all the attack surfaces associated with each product, but they're a good baseline. You can also mark the recommended actions as covered by a third party or alternate mitigation.
+Recommendations for other security products are coming soon. The recommendations don't cover all the attack surfaces associated with each product, but they're a good baseline. You can also mark the recommended actions as covered by a non-Microsoft solution or alternate mitigation.
 
 ### Security defaults
 
-Microsoft Secure Score has updated recommended actions to support [security defaults in Microsoft Entra ID](/azure/active-directory/fundamentals/concept-fundamentals-security-defaults), which make it easier to help protect your organization with pre-configured security settings for common attacks.
+Microsoft Secure Score includes updated recommended actions to support [security defaults in Microsoft Entra ID](/azure/active-directory/fundamentals/concept-fundamentals-security-defaults), which make it easier to help protect your organization with preconfigured security settings for common attacks.
 
-If you turn on security defaults, you'll be awarded full points for the following recommended actions:
+If you turn on security defaults, you are awarded full points for the following recommended actions:
 
-- Ensure all users can complete multi-factor authentication for secure access (9 points)
+- Ensure all users can complete multifactor authentication for secure access (nine points)
 - Require MFA for administrative roles (10 points)
-- Enable policy to block legacy authentication (7 points)
+- Enable policy to block legacy authentication (seven points)
 
 > [!IMPORTANT]
 > Security defaults include security features that provide similar security to the "sign-in risk policy" and "user risk policy" recommended actions. Instead of setting up these policies on top of the security defaults, we recommend updating their statuses to "Resolved through alternative mitigation."
 
 ## Secure Score permissions
 
+> [!IMPORTANT]
+> Microsoft recommends that you use roles with the fewest permissions. This helps improve security for your organization. Global Administrator is a highly privileged role that should be limited to emergency scenarios when you can't use an existing role.
+
 <a name='manage-permissions-with-microsoft-365-defender-unified-role-based-access-controlrbac'></a>
 
 ### Manage permissions with Microsoft Defender XDR Unified role-based access control(RBAC)
 
-With [Microsoft Defender XDR Unified role-based access control(RBAC)](manage-rbac.md), you can create custom roles with specific permissions for Secure Score. This allows you to control which users have access to Secure Score data, the products for which they'll see Secure Score data (for example, Microsoft Defender for Endpoint) and their permission level to the data.
+With [Microsoft Defender XDR Unified role-based access control(RBAC)](manage-rbac.md), you can create custom roles with specific permissions for Secure Score. Unified RBAC allows you to control which users have access to Secure Score data, the products for which they see Secure Score data (for example, Microsoft Defender for Endpoint) and their permission level to the data.
 
-You can also manage user permissions to access Secure Score data from additional data sources, such as the other products supported by Secure Score, for more information, see [Products included in Secure Score](#products-included-in-secure-score). You can view the Secure Score data from the additional data sources either alone or alongside the other data sources.
+You can also manage user permissions to access Secure Score data from additional data sources, such as the other products supported by Secure Score, for more information, see [Products included in Secure Score](#products-included-in-secure-score). You can view the Secure Score data from the other data sources either alone or alongside the other data sources.
 
 To start using Microsoft Defender XDR Unified RBAC to manage your Secure Score permissions, see [Microsoft Defender XDR Unified role-based access control(RBAC)](manage-rbac.md).
 
@@ -131,26 +134,26 @@ Microsoft Entra global roles (for example, Global Administrator) can still be us
 
 The following roles have read and write access and can make changes, directly interact with Secure Score, and can assign read-only access to other users:
 
-- Global administrator
-- Security administrator
-- Exchange administrator
-- SharePoint administrator
+- Global Administrator
+- Security Administrator
+- Exchange Administrator
+- SharePoint Administrator
 
 The following roles have read-only access and aren't able to edit status or notes for a recommended action, edit score zones, or edit custom comparisons:
 
-- Helpdesk administrator
-- User administrator
-- Service support administrator
-- Security reader
-- Security operator
-- Global reader
+- Helpdesk Administrator
+- User Administrator
+- Service Support Administrator
+- Security Reader
+- Security Operator
+- Global Reader
 
 > [!NOTE]
 > If you want to follow the principle of least privilege access (where you only give users and groups the permissions, they need to do their job), Microsoft recommends that you remove any existing elevated Microsoft Entra global roles for users and/or security groups assigned a custom role with Secure Score permissions. This will ensure that the custom Microsoft Defender XDR Unified RBAC roles will take effect.
 
 ## Risk awareness
 
-Microsoft Secure Score is a numerical summary of your security posture based on system configurations, user behavior, and other security-related measurements. It isn't an absolute measurement of how likely your system or data will be breached. Rather, it represents the extent to which you have adopted security controls in your Microsoft environment that can help offset the risk of being breached. No online service is immune from security breaches, and secure score shouldn't be interpreted as a guarantee against security breach in any manner.
+Microsoft Secure Score is a numerical summary of your security posture based on system configurations, user behavior, and other security-related measurements. It isn't an absolute measurement of how likely your system or data could be breached. Rather, it represents the extent to which you have adopted security controls in your Microsoft environment that can help offset the risk of being breached. No online service is immune from security breaches, and secure score shouldn't be interpreted as a guarantee against security breach in any manner.
 
 ## We want to hear from you
 
@@ -162,4 +165,5 @@ If you have any issues, let us know by posting in the [Security, Privacy & Compl
 - [Track your Microsoft Secure Score history and meet goals](microsoft-secure-score-history-metrics-trends.md)
 - [What's coming](whats-new.md)
 - [What's new](microsoft-secure-score-whats-new.md)
+
 [!INCLUDE [Microsoft Defender XDR rebranding](../includes/defender-m3d-techcommunity.md)]