Time to stop wondering – the Microsoft Secure Score is here to help. Secure Score analyzes your Office 365 (and Windows 10) organization’s security based on your regular activities and security settings and automatically assigns a score. Think of it as a credit score for security. Microsoft Secure Score makes it easy for you to discover and implement the security features and best practices that will advance your organization’s security posture.
How do you get Microsoft Secure Score?
Easy – just login at https://securescore.office.com/ with admin permissions for an Office 365 Business Premium or Enterprise subscription and you are ready to go. It is that easy. No setup needed, no configuration needed – it just works.
How does Microsoft Secure work?
Microsoft Secure Score determines what Office 365 services you are using (for example Exchange, SharePoint and OneDrive). Your activities and settings are automatically assessed and compared to a baseline established by Microsoft. Your own score shows you how aligned you are with security best practices.
The score is calculated based on the controls you can configure versus what you have configured. Your Office 365 score added to your Windows score make up your Microsoft Secure Score. The numerator (here 791) is the sum of the security controls that you fully or partially meet. The denominator (here 1,184) represents the number of security points that you can possibly achieve, given the set of features that you have available within your subscriptions. You will only see your Windows score if you have Windows Defender Advanced Threat Protection (ATP).
Along with the summary, Secure Score provides an overall risk assessment. It gives you links to make you aware of the risk you’re facing if you don’t follow the recommended actions.
How to improve your Microsoft Secure Score?
Microsoft will help you on the way to improve your Secure Score with actionable advice and tell you what your could be if you take those actions.
Based on your Office 365 configuration:
- Your target score can fall into the range from Basic, to Balanced, to Aggressive
- Depending on where you set your target, Secure Score would share with you several suggestions to help you reach your goal
- Suggestions are prioritized based on the effectiveness of the action compared to the level of impact to the end users
- Actions that are highly effective, with a low level of user impact are placed at the top, followed by actions that are less effective and more impactful to users
- You can filter these actions by category, such as User Impact, Implementation Cost, and Control Type
- Seeing how each of these actions affects the users, allows you to balance your organization’s productivity against your security
- Each action has further information, showing how security will be improved and what threats are represented along with how it is currently configured. It will also show the points available when implementing this action.
- Clicking ‘Lean more‘ will guide you through making the specific configuration change. After this action is performed, the Secure Score will be increased accordingly.
- Some actions are not scored, which means even if the corresponding actions are implemented, the secure score will not increase. These actions are marked as [Not Scored] in the queue. Microsoft has stated over time Microsoft Secure Score will be able to better measure these controls and adjust the score accordingly.
Once per 24-hour period Microsoft will update your Secure Score.
Compare and track your Secure Score
Getting a Secure Score from Microsoft might be fine, but the big question that often arises is how my organization compares to others of similar size.
Also, on this matter the Microsoft Secure Score report will give insight.
In the above example it is clearly seen, that the Secure Score of 38 is above the average Secure Score of 28 for organizations with 0-5 seats. Going forward Microsoft has already announced it will be possible to not only compare your own Secure Score to organizations of comparable size, but also give you a view of your industry.
How will all of this help you?
Using Microsoft Secure Score helps increase your organization’s security by encouraging you to use the built-in security features in Office 365 – many of which you already purchased but might not be aware of. After all, we all want to use what we are paying for…so, why not use Microsoft Secure Score?!?!
Does this sound too good to be true?
A free tool from Microsoft…try it out for yourself or let us deliver Microsoft Secure Score as a managed service to you.
Our Microsoft Secure Score Managed Service is delivered by our SecOps team:
· We monitor your Microsoft Secure Score – for example regularly reviewing the ‘Sign-ins after multiple failures report’
· We come monthly with clear and precise recommendations on actions to be taken
· We implement the recommendations after your approval – up to 10 hours per month
· We monitor everything is working after changes have been implemented
· We provide your it-organization with a hotline – just in case questions arises
· We take care of you and your Microsoft Secure Score