Office 365 – Attack Simulation Training
Office 365 has a lot of security settings for admins to utilise, but it can sometimes be hard to know which of them are properly configured at any one time. That’s where Office 365 Secure Score comes in! It can be used to assess an Office 365 tenant, looking at the overall health, and the configurations that can be applied to reduce risk. To do this, Office 365 Secure Score assigns points to each security control that can reduce these risks.
It works on a scale of 1-10, and points are assigned based on how much each control affects overall security. As certain controls can be more effective, they are assigned more points – for example enabling MFA (Multi Factor Authentication) for all users in your tenant will increase your secure score by 10 points.
Implementing certain configuration changes such as creating a new policy or turning on a specific setting will get you 100% of the points assigned to that control. For other “improvement actions” points are given as a percentage of the total configuration. Following on with the MFA example – to gain all 10 points for this control you need to protect all your users with multi-factor authentication. If you only have 50 of 100 total users protected, you’d get a partial score of 5 points (50 protected / 100 total * 10 max pts = 5 pts).
Your tenant is measured by how well these controls and configurations are being implemented on an ongoing basis. All these points are then added together providing an overall Secure Score as a percentage. It also shows you how many points you have achieved and your possible total if you were to apply all the security measures which are recommended.
Secure Score Overview Screen
This score is basically a snapshot of how well the tenant is secured. This is then measured over time to track your overall progress. As administrators implement more controls, the score will improve accordingly (however, bear in mind you can lose points if controls aren’t fully implemented over a certain time period).
Improvement Actions
Secure Score provides admins with several “improvement actions” which can be configured to make your Office 365 tenant more secure.
To help you find the information you need more quickly, Microsoft improvement actions are organized into groups:
- Identity (Azure Active Directory accounts & roles)
- Device (Microsoft Defender for Endpoint, known as Microsoft Secure Score for Devices)
- Apps (email and cloud apps, including Office 365 and Microsoft Cloud App Security)
If you click on one of the actions in the list it gives you more information about the change, which users it will affect, and the number of points it will add to your overall score. It also includes detailed steps for implementing the change (with handy links to the page where you can find the settings you need to configure in the admin portal) along with any prerequisites which may be required.
Improvement Action screen
To complete each action, you have a few options:
- Select Manage to go the configuration screen and make the change. You’ll then gain the points that the action is worth, visible in the fly out. Points generally take about 24 hours to update.
- Select Share to copy a direct link to the improvement action. You can also choose the platform to share the link, such as email, Microsoft Teams, or Microsoft Planner.
- Add Notes to keep track of progress or anything else you want to comment on. If you add your own tags to the improvement action, you can filter by those tags.
The action plan section allows admins to plan their security updates by setting a status and recording any notes specific to each “improvement action”
- To address – You recognize that the improvement action is necessary and plan to address it at some point in the future. This state also applies to actions that are detected as partially, but not fully completed.
- Planned – There are concrete plans in place to complete the improvement action.
- Risk accepted – Security should always be balanced with usability, and not every recommendation will work for your environment. When that is the case, you can choose to accept the risk, or the remaining risk, and not enact the improvement action. You won’t be given any points, but the action will no longer be visible in the list of improvement actions. You can view this action in history or undo it at any time.
- Resolved through third party and Resolved through alternate mitigation – The improvement action has already been addressed by a third-party application or software, or an internal tool. You’ll gain the points that the action is worth, so your score better reflects your overall security posture. If a third party or internal tool no longer covers the control, you can choose another status. Keep in mind, Microsoft will have no visibility into the completeness of implementation if the improvement action is marked as either of these statuses.
Score Comparison
Secure Score has a handy tool which allows you to compare your own score with organisations like your own (which is one of the easiest ways to determine whether your score is a good or bad) so you can check your progress, with the overall aim of strengthening the security of your Office 365 tenant.
Secure Score Comparison tool
You can now also create a custom comparison which allows you to filter based on one or more Industries, Organisation sizes, Regions, or even License Types. For instance, a small financial institution that needs to secure itself in the same manner that a very large institution does can now easily benchmark themselves against those type of companies
Custom comparison settings
For more information on how you can protect your Office 365/Azure tenant drop us an email to info@datastore365.com and we will be happy to assist.
You can also check out some of the other services we provide here: https://www.datastore365.co.uk/services/