How Microsoft Secure Score helps your company stay safer | Microbyte
Blog

How Microsoft Secure Score helps your company stay safer

microbyte secure score

“Enterprises experience 130 security breaches per year, per organization, on average.”

PurpleSec Cyber Security Stats

With more and more resources going to the cloud, enterprise security has become a prime concern for every organization. No amount of security seems enough. One of the key questions that enterprises struggle with is the age-old question – Is my network safe?

Microsoft attempts to help companies answer that question with Microsoft 365 Secure Score. In this blog, we will cover what it is and how you can use it to analyse the security profile of your company’s infrastructure.

What is Microsoft Secure Score

Microsoft Secure Score is an analytics tool that measures your organization’s current security state and gives it an easy-to-understand score. The score makes it easy for anyone to quantify the security state of your organization. 

A higher score indicates that the company has better security policies and measures in place. A lower score means the company is at a greater risk of a security threat. The score is on a relative scale. So, it cannot be compared across organizations. You can only compare it with your own scores in the past.

 

A visual representation of Secure Score:

Microsoft Secure Score

Source: Microsoft Secure Score website

The score is always shown as a percentage. The details are seen on the Microsoft 365 Defender portal. Along with the score, the dashboard shows a set of improvement actions. 

 

Improvement scores

Each improvement action also gives a “Score impact” alongside. This is quite simply how much the score would increase if the action is taken.

So, as you keep acting on the improvement actions, the score will continue to increase. Each improvement actions give 10 points or less, but many are binary in nature.  As such completion of a certain action will fetch 100% of the points, a partial completion fetches no points.

 

Products covered under Secure Score

The products for which Secure score recommends changes currently are as follows:

  • Microsoft 365 (including Exchange Online)
  • Azure Active Directory
  • Microsoft Defender for Endpoint
  • Microsoft Defender for Identity
  • Defender for Cloud Apps
  • Microsoft Teams

This means you will need other ways to monitor products out of the Microsoft environment.

This is an important point to remember. The Secure score is just a numerical score given to security controls adopted for many of Microsoft products. It is not a guarantee of safety for the entire infrastructure. This is where it’s important to implement these products with a knowledgeable Managed IT Services provider to fully understand the safety of your organisation.

 

How to access Microsoft Secure Score

Only specific user roles in the Azure Active Directory can access Microsoft Secure Score.

If you wish to have read and write access to make changes and interact with Secure Score – you must be a global admin, security admin, exchange admin, or Sharepoint admin.

If you wish to have read-only access with no editing power – you can be a helpdesk/user/service support admin, a security reader/operator, or a global reader in the role.

 

Other dashboard insights

Apart from the Secure score, the dashboard provides many other insights. Let’s have a look at them.

security score dashboard

Source: Microsoft Secure Score website

 

Track scores over time

Under the Metrics and Trends tab, you can see the change in scores over time and compare that for an organization like your own.

Track scores over time

Source: Microsoft Secure Score website

 

Activity History

The History tab shows you all activities performed that have impacted the Secure score in any manner.

activity history microsoft security

Source: Microsoft Secure Score website

 

Categories of Improvement actions

Source: Microsoft Secure Score website

 

All the improvement actions suggested by Microsoft Secure Score are put in one of 3 categories:

  1. Identity
    These are actions related to the Active Directory accounts and roles.
  2. Device
    They assess and suggest action on the application “Microsoft Defender for Endpoint”.
  3. Apps
    These actions are for email and cloud apps. That includes Office 365 and Microsoft Defender for Cloud Apps.

The dashboard also shows a breakdown of points by category, i.e., how high a percentage of total points in the category has been achieved and how much is left to achieve.

 

How to improve your Secure score

Each improvement action tab lists the security recommendations and their current status. The actions are sorted by score impact, highest to lowest. 

Improvement action status

Status can be one of the following: 

  • To address
    This is the status for actions you intend to take in the future. The status also applies to all partial task completions.
  • Planned
    This status is apt for actions that you have already planned to execute.
  • Risk accepted
    Occasionally you may have some improvement action that is not a big risk for your infrastructure. In such cases, you may want to accept the suggested risk and/or decide not to act on it. This status is for such actions.
  • Resolved through a third party and Resolved through alternate mitigation
    This status is used when the risk flagged by Microsoft is already taken care of by another third-party application. With this status, you are telling Microsoft Defender to ignore this risk. It is like a manual override. Note that there is no way for Microsoft to know if the risk has really been tackled properly. 

 

Fixing an improvement action

You can click on each improvement action to view it in greater detail. 

Fixing an improvement action

Source: Microsoft Secure Score website

 

On the flyout of the improvement action, you can perform 4 actions:

  1. Select “Manage in Microsoft 365 Defender”
    This will take you to the configuration screen and help you make the desired change. If you complete the action, the points improvement shows up on the Secure score within 24 hours.
  2. Select Share
    This will allow you to copy the direct link to the improvement action. It is useful when you wish to collaborate with another team member and work on fixing the improvement action.
  3. Add Notes
    There is also an option to add notes, leave your comments, or keep track of progress.
  4. Add tags
    You can also add tags to the action and categorize them as per your preference.

On completing the improvement action, you will be able to improve your Secure Score and thus make your organization more secure.

 

Conclusion

Secure Score provides an easy way to analyze and act on some of the security policies in your Microsoft environment. Although the security analysis is limited to a few Microsoft products, it can be one of the small steps toward building a more secure enterprise infrastructure.

You can learn more about Secure Score from the video below or read more in their official docs.