Security dashboard

  • Last update on November 25th, 2025

Table of Contents

The “Security dashboard” presents a set of security-related data that allow you to monitor and understand the overall security posture of your tenant environment, benchmarking it against 

The “Security dashboard” is accessible exclusively to tenant admins whose organizations have purchased CoreView ONE bundle.

 

The “Security dashboard” is composed of:

  • Security score section, indicating the security posture of your tenant 
  • Tenant configuration alignment widget, linked to Configuration Manager's tenant configurations
  • Resource compliance widget, linked to CoreView's Out-of-the-Box Security & Identity policies
  • Recommended actions widget, which displays all non-compliant items, outlines remediation steps, and offers a direct link to take corrective action.

Security score and Tenant configuration alignment

See below for further details.

Security score

At the top of the dashboard, on the left, the “Security score” presents a single percentage value summarizing how well the tenant aligns with the CIS M365 Foundations 5.0.0 baseline and enforces security policy compliance across resources. 

The score is calculated as the average of two key metrics, which can be found on the right side of the page:

  • Tenant configuration alignment: how closely your configurations match the “CIS M365 Foundations 5.0.0
  • Resource compliance: how effectively your resources comply with enabled CoreView security policies.

Calculation example:

If Tenant Configuration Alignment is 60% and Resource Compliance is 80%, your Security Score is (60 + 80) / 2 = 70%.

 

Tenant configuration alignment widget

This widget displays how your configurations are distributed across four categories.

In order to create the first snapshot and populate the widget you need to run a BackUp Only in Configuration Manager. 

 

In the pie chart on the left, you'll see the configuration distribution as: 

  • Aligned: fully matching CIS baseline values.
  • Accepted deviation: intentional deviations, formally approved in the conflicting column in Reconcile. Accepted deviations are also shown in the Tenant configuration alignment report”.
  • Unaccepted deviation: conflicting items that are neither aligned nor accepted.
  • Recommended from baseline: configurations recommended by CIS that are present in the baseline but not yet implemented in your tenant.

On the right side of the widget, a breakdown of configuration status by workload, such as Entra ID, Exchange Online or SharePoint allows you to identify which specific workloads have the most non-compliant configurations. 

For example, seeing a large red section in the Teams column immediately highlights that the majority of configuration problems are concentrated in that workload. 

Score calculation

Each baseline configuration is weighted equally in the compliance calculation:

(Total Aligned + Accepted Deviation - Dependencies) / (Total Baseline Configurations - Dependencies) × 100

The evaluation of configurations is based on alignment to standards:

  • Aligned or Accepted deviations configurations increase the score. 
  • Unaccepted deviation or Recommended configurations decrease the score. 

Each configuration is weighted equally (1:1), so the score increases or decreases by the same percentage for each compliant/non-compliant configuration.

All configurations that are dependencies of other configurations do not contribute to the “Security score” calculation, precisely because they rely on another configuration. Therefore, when reconciling a configuration that has dependencies, aligning the primary configuration will also automatically align its dependent configurations.

Update frequency

This value is updated with each Sync (or backup): either 

  • in real time when syncing occurs within the same day, 
  • according to the daily schedule, 
  • or manually if the scheduled Sync is disabled.

Access the “Tenant Configuration Alignment Report” 

Clicking the “Go to summary” button brings you to the Tenant configuration alignment report”, where you’ll find the complete list of configurations with granular filtering by status and category.

Resource compliance widget 

This widget illustrates how your resources (users, groups, Entra apps, SharePoint sites, etc.) comply with the security policies configured in CoreView. Only Out-of-the-Box policies included in the Security and Identity Playbook are taken into account.

A pie chart provides an overview of compliance, illustrating how many policies are compliant, and how many are non-compliant (critical or warning), using a color-coded system.

Statuses include:

  • Compliant: shown as green, means that all enabled policies are respected.
  • Critical violation: shown as red, indicate that one or more critical policies are not compliant.
  • Warning violation: shown as yellow, indicate that warning-level policies are not compliant.

On the right, a category bar chart details compliance for each resource area, clustering policies by security playbook category. You can see the number of policies per category, broken down by severity and compliance status.

Score calculation:

The maximum score is the sum of all policies. The compliance rate is calculated as follows: all enabled security policies with critical or warning severity are considered. 

Each enabled policy is weighted: 

  • Critical: 50 points
  • Warning: 10 points
  • Informational: 0 points

This means that if a policy is compliant with its threshold, it receives 50 points (for critical) or 10 points (for warning); if it is not compliant, it receives 0 points.

Final Score / Maximum Possible Score × 100

Update frequency

Data refreshes

  • Daily at 12:00 UTC 
  • And after each full import.

Access the Security and Identity Playbook

Clicking “Go to summary” navigates to the “Security and Identity” Playbook tab in the Governance Center in list view.

The “Recommended Actions” widget presents a scrollable table of actionable next steps to improve compliance. 

It lists: 

  • All non-compliant security policies, focusing exclusively on those marked as critical or warning,
  • All tenant configurations identified either as "Recommended from baseline" or as “Unaccepted deviations”. 

Configurations that are considered dependencies will not be listed. This is because dependencies do not directly affect the Score Impact. Instead, when you adjust the main configuration, any dependent configurations are automatically updated to align with it. 

 

All configurations are listed first, followed by all policies. Within each group, items are ordered alphabetically.

Table columns include: 

  • Name: name of the affected policy or configuration.
  • Category: Azure, Defender, Entra ID, etc.
  • Score impact: indicates the potential percentage increase to your Security Score that you would gain by fixing the policy or configuration issue.
  • Status: always shown as “not compliant” with a warning icon, plus specifics (for configurations: “Unaccepted Deviation” or “Recommended from baseline”; for policies: threshold violations).
  • Remediation: displays the recommended corrective action
    • Align to baseline” for configurations, 
    • The Remediation name, including the workflow name or “Send report” action for policies.
  • Action: action button for immediate intervention (see below). 

Available actions:

The available actions are:

  • View configuration: opens the Reconcile page, automatically filtered to compare your tenant against the CIS baseline. To proceed, simply click Apply and follow the Reconcile actions. Here, you can:
  • View Policy: takes you to the policy editing screen to update the policy per recommendation.

Every change made via these actions updates both the widget’s scoring and the item’s status badges.

Empty widgets 

Sometimes, you might notice that certain widgets or charts in your CoreView dashboard appear empty or show placeholder graphics. This usually means CoreView isn’t receiving the information it needs from your Microsoft 365 environment.

Below are two typical scenarios that may cause missing data in your dashboard:

  • No tenant configuration data available
  • No resource data available

No tenant configuration data available

If you’ve purchased Configuration Manager but haven’t set it up yet, CoreView won’t receive any configuration data from your tenant.
As a result, 

  • The pie chart will just show a placeholder
  • The dashboard widget will appear without the bar chart 
  • You’ll see the following message: “No configuration data available. Please set up your data in Configuration Manager to access alignment and compliance information.”

If you click on “Configure Tenant”, you’ll be redirected to the “Organization Settings” page, specifically to the Consent management section. Follow the procedure in the “Integrate Configuration Manager in CoreView” to complete the configuration.
After completing the setup, run either a Back Up Only. Once this is done, the widget will display your data correctly.

No resource data available 

In a rare case, if you have disabled all the Security Playbook policies (although by default they are enabled), CoreView will not receive any policy data because no policies are active. As a result, 

  • The pie chart will just show a placeholder. 
  • The dashboard widget will appear without the bar chart 
  • You will see the following message: “No resource data available. Please enable your security policy to access compliance information.”

Clicking “Enable Policy” will take you to the Playbooks section in Settings, where you’ll need to manually enable each policy one by one.

 

 

Related Articles

DID THIS PAGE HELP YOU?