“Enterprises experience 130 security breaches per year, per organization, on average.”
PurpleSec Cyber Security Stats
With more and more resources going to the cloud, enterprise security has become a prime concern for every organization. No amount of security seems enough. One of the key questions that enterprises struggle with is the age-old question – Is my network safe?
Microsoft attempts to help companies answer that question with Microsoft 365 Secure Score. In this blog, we will cover what it is and how you can use it to analyse the security profile of your company’s infrastructure.
What is Microsoft Secure Score
Microsoft Secure Score is an analytics tool that measures your organization’s current security state and gives it an easy-to-understand score. The score makes it easy for anyone to quantify the security state of your organization.
A higher score indicates that the company has better security policies and measures in place. A lower score means the company is at a greater risk of a security threat. The score is on a relative scale. So, it cannot be compared across organizations. You can only compare it with your own scores in the past.
A visual representation of Secure Score:
Source: Microsoft Secure Score website
The score is always shown as a percentage. The details are seen on the Microsoft 365 Defender portal. Along with the score, the dashboard shows a set of improvement actions.
Improvement scores
Each improvement action also gives a “Score impact” alongside. This is quite simply how much the score would increase if the action is taken.
So, as you keep acting on the improvement actions, the score will continue to increase. Each improvement actions give 10 points or less, but many are binary in nature. As such completion of a certain action will fetch 100% of the points, a partial completion fetches no points.
Products covered under Secure Score
The products for which Secure score recommends changes currently are as follows:
- Microsoft 365 (including Exchange Online)
- Azure Active Directory
- Microsoft Defender for Endpoint
- Microsoft Defender for Identity
- Defender for Cloud Apps
- Microsoft Teams
This means you will need other ways to monitor products out of the Microsoft environment.
This is an important point to remember. The Secure score is just a numerical score given to security controls adopted for many of Microsoft products. It is not a guarantee of safety for the entire infrastructure. This is where it’s important to implement these products with a knowledgeable Managed IT Services London provider to fully understand the safety of your organisation.
How to access Microsoft Secure Score
Only specific user roles in the Azure Active Directory can access Microsoft Secure Score.
If you wish to have read and write access to make changes and interact with Secure Score – you must be a global admin, security admin, exchange admin, or Sharepoint admin.
If you wish to have read-only access with no editing power – you can be a helpdesk/user/service support admin, a security reader/operator, or a global reader in the role.
Other dashboard insights
Apart from the Secure score, the dashboard provides many other insights. Let’s have a look at them.
Source: Microsoft Secure Score website
Track scores over time
Under the Metrics and Trends tab, you can see the change in scores over time and compare that for an organization like your own.
Source: Microsoft Secure Score website
Activity History
The History tab shows you all activities performed that have impacted the Secure score in any manner.
Source: Microsoft Secure Score website
Categories of Improvement actions
Source: Microsoft Secure Score website
All the improvement actions suggested by Microsoft Secure Score are put in one of 3 categories:
- Identity
These are actions related to the Active Directory accounts and roles. - Device
They assess and suggest action on the application “Microsoft Defender for Endpoint”. - Apps
These actions are for email and cloud apps. That includes Office 365 and Microsoft Defender for Cloud Apps.
The dashboard also shows a breakdown of points by category, i.e., how high a percentage of total points in the category has been achieved and how much is left to achieve.
How to improve your Secure score
Each improvement action tab lists the security recommendations and their current status. The actions are sorted by score impact, highest to lowest.
Improvement action status
Status can be one of the following:
- To address
This is the status for actions you intend to take in the future. The status also applies to all partial task completions.
- Planned
This status is apt for actions that you have already planned to execute. - Risk accepted
Occasionally you may have some improvement action that is not a big risk for your infrastructure. In such cases, you may want to accept the suggested risk and/or decide not to act on it. This status is for such actions. - Resolved through a third party and Resolved through alternate mitigation
This status is used when the risk flagged by Microsoft is already taken care of by another third-party application. With this status, you are telling Microsoft Defender to ignore this risk. It is like a manual override. Note that there is no way for Microsoft to know if the risk has really been tackled properly.
Fixing an improvement action
You can click on each improvement action to view it in greater detail.
Source: Microsoft Secure Score website
On the flyout of the improvement action, you can perform 4 actions:
- Select “Manage in Microsoft 365 Defender”
This will take you to the configuration screen and help you make the desired change. If you complete the action, the points improvement shows up on the Secure score within 24 hours. - Select Share
This will allow you to copy the direct link to the improvement action. It is useful when you wish to collaborate with another team member and work on fixing the improvement action. - Add Notes
There is also an option to add notes, leave your comments, or keep track of progress. - Add tags
You can also add tags to the action and categorize them as per your preference.
On completing the improvement action, you will be able to improve your Secure Score and thus make your organization more secure.
Conclusion
Secure Score provides an easy way to analyze and act on some of the security policies in your Microsoft environment. Although the security analysis is limited to a few Microsoft products, it can be one of the small steps toward building a more secure enterprise infrastructure.
You can learn more about Secure Score from the video below or read more in their official docs.
