When you work on a cloud platform, the first questions asked are about security and integrity of data. Microsoft 365 is one of the most significant business tools for boosting collaboration and productivity. As more organizations are adopting this solution, they are concerned about data being hosted in the cloud, especially as security threats, such as recent ransomware attacks increase. The concern is about Office and Microsoft 365 applications that have file storage and sharing because file sharing applications are the most vulnerable to data exposure and malware insertion.
Microsoft realizes that moving sensitive data to the Cloud means it’s no longer under the customer’s IT control. Therefore, Microsoft has focused on ensuring the security of the organization’s infrastructure & data, and has already made Office and Microsoft 365 tightly secure with three layers of security. These layers are operational from the start and require no customization or specific activation.
Microsoft created the Microsoft Secure Score to ensure that security is optimal. We have previously mentioned security concerns in Microsoft 365 (formerly Office 365). Secure Score was briefly mentioned as a tool to analyse and implement best practices for Office 365 security. Let’s dig deeper and see why it is one of the best features to keep your Cloud environment safe.
What is Microsoft Secure Score?
Microsoft Secure Score is a security analytics tool.
- It gives better visibility of your security configuration and the security features available.
- It applies a numerical score to custom security that outlines the action that can be taken to improve that configuration.
Secure Score can improve the security posture of an organisation and lessen the chances of being hacked or suffering from a data breach.
This tool analyzes your Office or Microsoft 365 environment in terms of how secure it is and suggests refinements that can further reduce your overall risk.
Why use Secure Score?
The Secure Score is not categorized into “high,” “medium,” and “low” as seen on other frameworks. Instead, it’s made to help you take actions to improve your security. It doesn’t express an absolute measure on a breach possibility, but it gives you pointers to keep your infrastructure secure.
Since many companies use Secure Score, Microsoft has created a comparison chart to show you how your security compares to other Office 365 subscribers.
Secure Score helps you understand the extent to which you have a robust security configuration. It also informs you about behaviours and best practices to have inside your Office 365 subscriptions.
This places all security-relevant features of Office 365 in one place. It allows you to determine which features you have adopted and makes it easy for you to close the gap on your target score.
How do I get Secure Score?
Microsoft Secure Score is available here.
Login to Microsoft Secure Score with a user that holds administrative roles, such as user admin or security admin.
How does Secure Score work?
Secure Score determines what services you’re using (Exchange, OneDrive, SharePoint, etc.). It looks at your settings and activities and compares them on a baseline established by Microsoft. You’ll get a score based on how you are aligned with security best practices.
Microsoft Secure Score creates a full inventory of all the security configurations that reduces risk. Each control that reduces risk is calculated with points. Some controls are more effective and have more points assigned to them.
It is measured by how they are being implemented. The points provide an overall secure score.
This score is a snapshot of how secure your environment is. You can measure it over time to track your progress. As you implement more controls, the score will improve accordingly. The Secure Score is calculated automatically once a day.
Secure Score summary
When you login to Secure Score, your score is already calculated based on the sum of security controls that you have not chosen.
Office and Microsoft 365 risk assessment
Along with the summary, Secure Score provides an overall risk assessment. It gives you links to make you aware of the risk you’re facing if you don’t follow the recommended actions.
This example shows some of the scenarios and the potential risks:
- Account Breach – the risk indicates a tenancy breach that can be used by an attacker to interact with either resources in Office and Microsoft 365, or with on-premises infrastructure
- Elevation of Privilege – an attacker has managed to compromise one or more accounts in the tenancy and is now working to increase their power
- Data Exfiltration – an attacker has found a way to move data out of the tenancy
Comparing scores
From the summary page, you can get a glimpse of how your score compares to the average score of all Microsoft customers.
Taking action
When you see your score, one of the first things you are going to want to do is determine what you can do to improve?
Based on your Office or Microsoft 365 configuration:
- Your target score can fall into the range from Basic, to Balanced, to Aggressive.
- Depending on where you set your target, Secure Score would share with you a number of suggestions to help you reach your goal.
- Suggestions are prioritized based on the effectiveness of the action compared to the level of impact to the end users.
- Actions that are highly effective, with a low level of user impact are placed at the top, followed by actions that are less effective and more impactful to users.
- You can filter these actions by category, such as User Impact, Implementation Cost, and Control Type.
- Seeing how each of these actions affects the users, allows you to balance your organization’s productivity against your security.
- Each action has further information, showing how security will be improved and what threats are represented along with how it’s currently configured. It will also show the points available when implementing this action.
- Clicking ‘Lean more‘ will guide you through making the specific configuration change. In the example above, it shows you which Global Admins do not have Multi-Factor Authentication (MFA) enabled and an option to launch the console where this can be enabled. After this action is performed, the Secure Score will be increased accordingly.
- Some actions are not scored, which means even if the corresponding actions are implemented, the secure score won’t increase. These actions are marked as [Not Scored] in the queue. Microsoft has stated over time Microsoft Secure Score will be able to better measure these controls and adjust the score accordingly.
Score analyzer
This allows tracking and reporting of the score over time.
- The graph shows the secure score in time.
- As with the secure score summary, your score is compared daily to the average score of all Office and Microsoft 365 customers, so you can see the relative position in the security landscape to make planning and communication easier with the team and the leaders.
- The score analyser allows export of this information to a CSV or a PDF file.
Sherweb makes Microsoft 365 easy so you can focus on your business
Secure Score is there to help
Microsoft Secure Score accumulates information from a wide variety of signals across Office or Microsoft 365 and distills this complex data into an understandable analysis and an actionable plan.
Microsoft has promised further improvements and enhancements in Secure Score although it already looks like one useful tool to utilize. It will help you ensure that your infrastructure is as secure as it can be. Learning more about these features as you use the tool will help give you further peace of mind that you’re taking the right steps to protect your organization from threats.
Download Our Free PowerPoint Deck!
7 Free Things You Can Do to Improve Your Office 365 Security Posture
Find out what you can be doing to better protect your business, why you should be taking these precautions and a step by step guide of how to implement these procedures.
Updated August 4, 2020