Security Posture
Navigation: Sidebar → Security
The Security Posture page is your unified security operations center. It brings together threats from SentinelOne, email security from Checkpoint Harmony, vulnerabilities from Microsoft Defender, MFA status from M365, domain health, Sophos account health, and patch compliance — all with a single composite security score.
Security Score
At the top of the page, a Security Score gives you an at-a-glance rating (0–100) of your overall security posture. The score is calculated from weighted components:
| Component | Weight | Source |
|---|---|---|
| Endpoint Threats | 40% | SentinelOne threat count and severity |
| M365 Security Score | 25% | Microsoft Secure Score |
| MFA Adoption | 20% | Percentage of M365 users with MFA |
| Domain Health | 15% | Verified vs. unverified domains |
Only components with data are included. If you don't have M365 connected, the remaining components are reweighted proportionally.
The score color indicates status:
- 🟢 80+ — Good
- 🟡 60–79 — Needs attention
- 🔴 Below 60 — Critical
Quick Stats Cards
Five stat cards provide instant metrics:
| Card | Shows | Source |
|---|---|---|
| Active Threats | Unresolved endpoint threats | SentinelOne |
| Email Threats | Unacknowledged email security alerts | Checkpoint Harmony |
| CVEs Found | Detected vulnerabilities | Microsoft Defender TVM |
| MFA Adoption | Percentage of users with MFA | Microsoft 365 |
| Domain Issues | Unverified email domains | Microsoft 365 |
Click any card to jump to its corresponding tab.
Tabs
Overview Tab
Score Breakdown — Shows each component's individual score and weight, with progress bars.
Recent Critical Events — Combined feed showing the most severe threats and vulnerabilities. This is your "what needs immediate attention" view.
Sophos Account Health — If Sophos is connected, shows the average account health score across tenants.
Threats Tab
Displays endpoint threats from SentinelOne.
Severity Filter Cards — Click to filter by severity:
- Critical (red) — Requires immediate action
- High (orange) — Investigate promptly
- Medium (yellow) — Monitor and plan response
- Low (green) — Informational
Threat List — Each threat shows:
- Threat name and classification
- Affected device and client
- Severity badge
- Status (active, resolved, mitigated)
- Actions: mitigate, rollback, quarantine, disconnect from network
Threat Details Dialog — Click any threat to see full details including file path, hash, detection engine, and timeline.
Sync from SentinelOne — Click the sync button to pull latest threat data.
Email Security Tab
Displays email threats from Checkpoint Harmony Email & Collaboration.
- Alert list with severity badges
- Acknowledged/new status
- Alert details and descriptions
Prerequisite: Requires Checkpoint integration to be configured.
Vulnerabilities Tab
Displays CVEs detected by Microsoft Defender Threat & Vulnerability Management.
- CVE ID and CVSS score
- Affected software and vendor
- Device count affected
- Patch availability indicator
- Severity filtering
NinjaOne Vulnerability Scan Groups — If NinjaOne is connected:
- Select a scan group from the dropdown
- Upload a vulnerability CSV export
- Data is parsed and stored for tracking
M365 Alerts Tab
Security alerts from Microsoft 365 Defender:
- Alert title and category
- Severity and status
- Detection timestamp
MFA Status Tab
Multi-factor authentication status for all M365 users:
- Each user shows MFA enabled/disabled/unknown status
- Admin indicator badge
- Color-coded icons (green = enabled, red = disabled)
Tip: This is one of the most important security compliance views. Clients with low MFA adoption are at significant risk.
Domain Health Tab
Email domain verification status from M365:
- Domain name and verification status
- Primary domain indicator
- Verified (green check) vs. unverified (warning)
Unverified domains contribute negatively to the security score.
Patch Compliance Tab
OS patches pending installation across all devices:
Summary Stats:
- Critical patches pending
- Important patches pending
- Total pending patches
- Devices needing patches
Patch List:
- Patch name and KB number
- Device link (click to go to Device Detail)
- Severity badge (critical, important, moderate, low)
- Category (security update, feature update, etc.)
Tips & Best Practices
- Review the Security Score daily — It's the fastest way to assess your overall security posture
- Prioritize critical threats — Use the severity filter to focus on what matters most
- Track MFA adoption — Push for 100% MFA enrollment across all client users
- Address unverified domains — These can indicate misconfigured email infrastructure
- Monitor patch compliance — Critical patches should be deployed within 48 hours
Related Guides
- Device Health — Device-level vulnerability and patch details
- Microsoft 365 — M365 security scores and alerts in detail
- Alerts — Cross-platform alert feed
- Integrations Overview — SentinelOne, Checkpoint, Sophos setup