How do you know if your Office 365 subscription is in a secure state?

How do you know if your Office 365 subscription is in a secure state?

Little known to many is a really handy feature recently released by Microsoft called the Secure Score.

Secure Score is a totally different way of managing risk on your Office 365 deployment where by instead of reacting to security alerts sent to you by Microsoft, it lets you proactively track and incrementaly improve your Office 365 security.

Secure Score figures out which Office 365 services you have along with how they are configured and compares it to a baseline level of security that Microsoft recommends. For good configurations, Secure Score will give you more points and the higher the level of security the higher than score.

Try it now by logging to your Office 365 subscription as tenant admin and visiting https://securescore.office.com.

In my tenant, my secure score was 48 of 257.

securescore48.png

The tool then guides me with some basic and high impact actions to up my score that you are categorized by Category, Action Type, User Impact, Implementation Cost and Control Type:

SSCat.png

A few actions that upped my score were substancially were the following:

Enable MFA for all global admins – You should enable MFA for all of your admin accounts because a breach of any of those accounts can lead to a breach of any of your data. We found that you had 3 admins out of 3 that did not have MFA enabled. If you enable MFA for those 3 admin accounts, your score will go up 50 points.

Enable MFA for all users – You should enable MFA for all of your user accounts because a breach of any of those accounts can lead to a breach of any data that user has access to. We found that you had 15 users out of 16 that did not have MFA enabled. If you enable MFA for those 15 user accounts, your score will go up 29 points.

[Not Scored] Enable audit data recording – You should enable audit data recording for your Office 365 service to ensure that you have a record of every user and administrator’s interaction with the service, including Azure AD, Exchange Online, and SharePoint Online/OneDrive for Business. This data will make it possible to investigate and scope a security breach, should it ever occur. We found that your enablement is set to [Not Measured]. If you enable audit recording, your score will go up 15 points.

ssactions.png

Secure Score also has the ability to compare your score to an average Office 365 environment as well as telling you how your score has improved over time:

ssanalyzer.png

I highly recommend that all tenant admins get familiar with Office 365 secure score functionality to ensure the safety of their Office 365 environment.

Leave a Reply

Your email address will not be published. Required fields are marked *