In today’s digital landscape, cybercriminals are evolving their techniques faster than organizations can adapt to these increasingly sophisticated threats. The expanding volumes of malicious encrypted web traffic, socially engineered email threats, and advanced IoT/DDoS attacks have forced security experts to think outside-the-box when it comes to defending sensitive data.
According to Cisco’s 2018 Security Capabilities Benchmark Study, budget constraints were found to be the biggest obstacle to improving organizational security. With the increasingly large pool of endpoints entering environments, coupled with the complexity of managing cloud data and infrastructure, it’s easy to see why budget could quickly become a roadblock. Fortunately, if you’re a Microsoft 365 subscriber, there’s a tool available that may serve to significantly enhance your current cybersecurity efforts. The best part? It’s comes complimentary with your subscription.
The Power of Microsoft Secure Score
Microsoft’s “Secure Score” is a security analytics tool offered as a part of the Microsoft 365 security center. To view your organization’s Secure Score, you must be assigned one of the following roles in Azure Active Directory: Global Administrator, Security Administrator, or Security Reader. Upon logging into the platform, the tool analyzes your Microsoft 365 environment, provides unique numerical scores, and suggests refinements to your environment that will help to reduce the risk of a cyber incident.
Your score is calculated based on the sum of security controls that you have/have not implemented already. The suggestions provided are prioritized based on both the effectiveness of the action, as well as that action’s impact on end users. Thus, actions that are highly effective in terms of boosting security, but have low impact on users, will appear at the top of the list. In the same fashion, actions that are both less effective and more disruptive to users will be placed near the bottom of the list.
Recommendations & Scoring Breakdown
The recommendations provided by Microsoft are organized into the following groups to help users focus their security efforts:
- Infrastructure (coming soon)
Upon clicking an improvement action recommended by the tool, the Secure Score dashboard provides you with the following options:
- View settings
- Resolve through third party
Based on the action that you select, the total number of Secure Score points you can achieve will either increase or decrease. While some controls are scored in a binary fashion (you’ll receive 100% of the points associated with the recommendation item upon completion), others are calculated as a percentage of the total allotted points available based upon your progress with a particular action.
Tracking & Comparing
The “Score Analyzer” tab on the Secure Score dashboard allows you to track your score over time and see how the suggestions you’ve applied in the past have impacted your overall score. The Analyzer tool provides timelines for the past 7 days, 30 days, and the last 3 months. One of the newer features of this tab is the “Compare Scores” option, which allows you to select two dates to compare the scores on.
Another helpful tracking feature can be found in the “History” tab. This tab allows you to view the global and industry averages of the Secure Scores for all Microsoft 365 users. In a recent update, Microsoft also added the “Similar Seat Count” comparison option. This provides a more relevant comparative score based on organizations that have a similar number of Office 365 active seats.
Leveraging this Dynamic Tool
This blog just scratches the surface of all that Microsoft Secure Score can do to improve the security posture of your organization. While the Secure Score dashboard is a helpful tool for monitoring and managing your Microsoft infrastructure, identities, data, and devices, it should be just one small part of your overall security plan. If you have concerns about your organization’s security, or if you have questions about Secure Score, we can help. Connect with our security experts today to learn how we can help you protect your people and your company.
Explore our cybersecurity services to find out how you can further protect your organization and its people.