Blog

Microsoft Secure Score

How to Use Microsoft Secure Score

By Security & Compliance 0 Comments

Microsoft Secure Score

Wouldn’t it be nice if you could measure your organization’s security operations for your Microsoft 365 tenant and know exactly where you needed to make changes to avoid vulnerabilities? With Microsoft Secure Score you can do just that.

This robust threat and vulnerability management tool automatically analyzes your organization’s security practices and assigns you a score based on how effective your current operation is. The higher your score, the less vulnerabilities you face. A lower  score means you’ve got some work to do. What makes Secure Score even better is that it provides details on exactly what you need to do to increase your score to become even more secure.

By taking advantage of the centralized dashboard in the Microsoft 365 Defender Portal, you can monitor the security of your Microsoft 365 identities, apps, and devices, then follow the Secure Score recommendations to protect your organization from threats. With the dashboard you’ll gain access to various metrics and trends, be able to integrate with other Microsoft products, see your score in comparison to similar organizations, and much more.

How does the Secure Score report work?

As a starting point, you’re given a percentage rating that shows your overall security performance. Details include separate scores in various areas like applications, passwords, and devices. You’ll be able to compare your results to establish key performance indicators (KPIs), allowing you to make appropriate improvements. Reports can also help ensure you’re complying with protecting your user’s personal data, and present the information to company leaders.

One you begin making the appropriate improvements you’ll receive points (or partial points) to increase your score. If you are unable, or choose not to comply with the suggestions made, you’ll be made aware of the risk posed to your organization. In addition, Secure Score will show you recommendations for your other supported Microsoft products, regardless of license edition, subscription, or plan so you can easily understand how to get the most out of your score. Secure Score changes are updated daily at 1:00am PST.

How are your actions scored?

Each time you make an improvement, like creating a new security policy or turning on certain security settings, you’ll receive points. For example: if a specific action states that you’ll get 10 points if you protect all your users with multi-factor authentication (MFA) and you choose to only protect half of your users you’ll get a partial score of 5 points (half the points for half the users). Additionally, if you are using a third party product to achieve one of the recommended security actions, you can mark the item as “Resolved by third party” and those points will be added to your overall score.

Which products are included in Secure Score?

Microsoft Secure Score currently supports the following products and applications:

  • Microsoft 365 (including Exchange Online)
  • Microsoft Office
  • Azure Active Directory
  • Microsoft Defender for Endpoint, Identity, and Cloud Apps
  • Microsoft Defender for Identity
  • Microsoft Teams

It’s a good idea to check back occasionally because Microsoft will be making recommendations for additional security products from time to time.

Getting started is easy

If you’re not sure where to start, Microsoft Secure Score has preset improvement actions to support certain security defaults in Azure Active Directory, making it easier to help protect your organization from common attacks with their pre-configured security settings.

By turning these security defaults on, you’ll be granted the full amount of points for the following improvement actions:

  • Ensure all users can complete MFA for secure access (9 points)
  • Require MFA for administrative roles (10 points)
  • Enable policy to block legacy authentication (7 points)

Know your risk level

Microsoft Secure Score is an industry-leading solution to gain a better understanding of where your organization’s security measures fall. But it’s important to understand that no level of security can guarantee that you won’t be the victim of a breach. This system represents the extent to which your organization has adopted security controls within your Microsoft environment, helping to offset risk levels. No online service is immune from security breaches, and secure score shouldn’t be interpreted as a guarantee against security breach in any manner.

 

If you have questions about Microsoft Secure Score, or would like more information, reach out to our team and we would be happy to review your platform and offer suggestions.

Share this post

Related Posts

IT Considerations for Supporting Remote Workers

IT Considerations for Supporting Remote Workers

By

Working from home has become the new norm but along with it comes a number of things that business owners... read more
Cisco Duo Unified Access Security Platform

Unified Access Security with Cisco Duo

By

One product does it all - unified access - unified security. If you need to protect sensitive data at scale, Duo’s... read more
Indiana Cybersecurity Conference

Indiana Bankers Association Cybersecurity Conference with Gary Lutz & IT Resource

By

IT Resource President & Senior Partner, Gary Lutz, will be speaking at the 2020 Indiana Bankers Association Cybersecurity Conference on... read more
Password Security

Password Security Tips

By

As we continue to progress into the digital age, it is no secret that cybercrime and ransomware attacks are on... read more
Cloud Security Grand Rapids

Cloud Security – Are Your Files Safe?

By

The days of saving all your files, data, and software on your computer's hard drive are over. More businesses are... read more
Compliance, risk management plans, banks, financial institutions

Indiana Bankers Association Cybersecurity Conference

By

It’s National Cybersecurity Awareness Month and we’re pleased to be attending and speaking at the Indiana Bankers Association 2017 Cybersecurity Conference. This... read more
California Consumer Privacy Act

The Keys to Addressing Your Governance and Compliance Needs in 2020

By

When the California Consumer Privacy Act went into effect on January 1, 2020, it imposed sweeping new data security standards... read more
the evolution of cyber threats

The Evolution of Cyber Threats

By

In 1970 the first computer virus, a worm named “Creeper”, was created by Bob Thomas of BBN. Bob was not... read more
IT Security for Employees with Duo MFA and KnowBe4 Security Awareness Training

IT Security for Employees – The 2 Solutions You Need

By

Navigating all the different IT security solutions on the market can be overwhelming. There are new risks and cyber threats... read more
endpoint protection

What is endpoint protection?

By

Technology has made it easy to work across multiple devices and platforms - we're more connected now than we've ever... read more