Microsoft Secure Score Series – 01 – What is Microsoft Secure Score?

In this series, I’ll be covering the Microsoft Secure Score improvement actions. Although Microsoft does a great job on telling you what to do, some actions have a much bigger impact and need to be balanced against business needs. Some actions might not even have value for your organization. In the end, Microsoft Secure Score is meant to strengthen your security, not a contest to reach the highest score possible. In this series, I’ll pick out random actions and try to make it as simple as possible, backed with notes from the field.

Articles in this series can be read separately since they are written at random order. The articles vary in case of impact and complexity and cover multiple categories. Here is a list of all the articles in this series:

01 – What is Microsoft Secure Score?

02 – Require MFA for administrative roles

03 – Enable Password Hash Sync if hybrid

04 – Ensure all users can complete multi-factor authentication for secure access

05 – Enable self-service password reset

06 – Enable policy to block legacy authentication

07 – Turn on sign-in risk policy

08 – Use Cloud App Security to detect anomalous behavior

09 – Do not allow users to grant consent to unmanaged applications

10 – Discover trends in shadow IT application usage

11 – Turn on user risk policy

12 – Turn on customer lockbox feature

13 – Set automated notifications for new and trending cloud applications in your organization

14 – Designate more than one global admin

15 – Do not expire passwords


What is Microsoft Secure Score?

Microsoft Secure Score offers a list of actions and recommendations to strengthen your security on your Office 365 workloads. Each completed action will impact your overall score. It covers SharePoint Online, Exchange Online, OneDrive for Business, Microsoft Information Protection, Azure AD, Microsoft Defender ATP, and Cloud App Security among other things. It is not 100% waterproof, but it will give you a great baseline to start with. It will help you to protect your environment from threats, or at least make it a lot more difficult for malicious actors.

How does it help me?

Secure Score helps organizations:

  • Report on the current state of the organization’s security posture.
  • Improve their security posture by providing discoverability, visibility, guidance, and control.
  • Compare with benchmarks and establish key performance indicators (KPIs).

Organizations gain access to robust visualizations of metrics and trends, integration with other Microsoft products, score comparison with similar organizations, and much more. The score can also reflect when third-party solutions have addressed recommended actions.

Where to find it?

Secure Score is part of the Microsoft 365 Security portal. There are two different views available:

I personally like the preview portal better, but you can easily switch between the two versions.

When you go into the portal, you’ll land on the dashboard page. The page is roughly divided into 4 tabs.

Overview

In this section, you got a nice clean overview of the overall score, a list of the top improvement actions, a comparison chart where you can see how you are doing compared to other companies in the same branch. You can apply filters per category to zoom in.

As you can see, we got some work to do in this tenant.

Improvement actions

Here you find all the recommended actions for your tenant. You can see what actions are new, how many points you can achieve by applying them and what the impact and complexity are. You can apply filters and, for example, to show only the actions that you are licensed for.

The action are categorized into 5 different areas:

  • Identity
  • Apps
  • Data
  • Device
  • Infrastructure

With each improvement action, you can achieve points. You can start of with the low hanging fruit by filtering on low impact and complexity actions.

Licenses

In the overview, you can filter on recommendations that you are already licensed for. Sometimes an action can be done in multiple ways. Enabling MFA for example, can either be done by simpling enabling MFA for each user, or you can use Azure AD Identity Protection which requires Azure AD Premium 2 license.

History

The history tabs shows all the activity that impacted your score. Your score changes when you work on your recommendations, or if new actions are added by Microsoft.

Metrics & trends

In this tab you can monitor trends, for example, if your score dropped or increased. Also, you can compare yourself to other organizations and set your personal goals by setting your Secure Score zone.

Improvement actions ranking

Ranking is based on the number of remaining points left to achieve, implementation difficulty, user impact, and complexity. The highest-ranked improvement actions have a large number of points remaining with low difficulty, user impact, and complexity.

It’s just a number…

Setting a goal can be really helpful. It’s a good motivator to constantly be on top of your security, and it will keep the ball rolling. But don’t get too attached to the numbers. As stated in the intro, Microsoft Secure Score is not a contest. There are no trophies to win. The only victory here is the feeling at the end of the day that you managed to keep the bad guys out for yet another day.

Stay tuned for the next articles in this series.

Leave a Reply

Your email address will not be published. Required fields are marked *