Exposure Score
72.4
▲ 3.2 vs last week
MITRE ATT&CK Compliance
68%
6 tactics below 70%
Critical Vulns
23
▲ 5 new this week
Device Compliance
87%
▼ 2% improvement
Managed Devices
1,247
CA Policies Active
18
3 in report-only
Defender Coverage
94%
78 devices outdated
Vulnerable Software Inventory
Risk Matrix
Microsoft Secure Score
Rolling 6-month secure score trend with current snapshot and target threshold.
Current
0%
Exposure Trend (90 Days)
Device Distribution
Total Devices
0
Across all device types
Threat Prioritization Workbench
Relevance-gated queue: high-confidence threats are routed to immediate or planned patch actions; low-relevance items are parked in monitor queue.
How decisions are made:
1. Relevance gate checks tenant context (affected assets or endpoint patch evidence).
2. Threat score combines CVSS, exploit status, exposure size, and average related device risk.
3. Queue routing: immediate-risk findings go to Patch Now, relevant non-immediate findings go to Patch Next Window, low-context/low-relevance findings go to Accept / Monitor.
1. Relevance gate checks tenant context (affected assets or endpoint patch evidence).
2. Threat score combines CVSS, exploit status, exposure size, and average related device risk.
3. Queue routing: immediate-risk findings go to Patch Now, relevant non-immediate findings go to Patch Next Window, low-context/low-relevance findings go to Accept / Monitor.
Missing Patches
Patch backlog ranked with the same threat relevance and remediation-priority signals used in the workbench.
Threat Scoring Key
Legend for the badges and tags used in Threat Prioritization and Missing Patches.
Priority Tag
P1 · Critical
Immediate remediation required
P2 · Important
Fix in next planned window
P3 · Planned
Track in standard cycle
Exploit Status
Actively exploited
Known exploit activity in the wild
No active exploit
No current exploitation signal
CVSS Severity
CVSS 9.0-10.0
Critical severity
CVSS 7.0-8.9
High severity
CVSS 4.0-6.9
Medium severity
CVSS 0.1-3.9
Low severity
Other Tags
300+ affected
Large exposure blast radius
Avg device risk 55+
Higher business/endpoint risk concentration
2+ vulnerabilities mapped
Single patch may remediate multiple CVEs
Remediation Queue
Prioritised remediation actions ranked by actionable impact or estimated risk-score reduction.
MITRE ATT&CK Coverage + Heatmap
Tactic Coverage
Coverage bars by ATT&CK tactic with mapped gap counts.
Heatmap
Hotspot matrix for rapid detection of lower-coverage tactics.
CIS Controls (v8) Coverage
Estimated coverage
0%
Based on control telemetry and policy posture.
NIST CSF 2.0 Snapshot
Estimated function coverage
0%
Based on function telemetry and control posture.
Identity Security Baseline
NIS2.0 Essential Measures
Estimated NIS2 alignment
0%
Device Inventory
MOCK
| Device Name | Type | OS | Health | Platform Ver. | Engine Ver. | Security Intel Ver. | Missing OS Patches | Vulns | CA Policies |
|---|
Conditional Access Policies
Compliance scale: 0% Low (Red) -> 100% High (Green)
Policy Gap Intelligence
Compensation
Priority policy gaps based on state, coverage, and missing controls that increase attack-path exposure.
Policy Overlap & Duplication
Detects exact duplicates, high overlap, and conflicting controls to reduce policy sprawl and simplify CA design.
Priority Gap Queue
Conditional Access Journey Map
End-to-end policy journey from identity to enforcement, with misconfiguration hotspots, best-practice validation, and ATT&CK mapping.
Defender Stack Compliance
Defender Health
Latest Platform Version
n/a
Coverage
0.0%