Written by Thomas G. Stephens, Jr., CPA, CITP, CGMA
(Be sure to join Tommy and ISCPA for the Annual Tech Conference Sept 28 & 29!)
If you run Office 365, do you know how to use Secure Score to improve the security of your implementation? Moreover, did you even know that Secure Score exists? In an ever-risky world, these are important questions because Office 365 currently has over 200 million subscribers. Therefore, in non-secured implementations of Office 365, the data belonging to each of these subscribers is potentially at-risk. Accordingly, we should take advantage of every tool possible to reduce risk. In this article, you will learn about Secure Score and how you can implement it to improve security.
What Is Microsoft Secure Score?
As its name implies, Microsoft Secure Score is a security-oriented feature of Office 365. You can use it to evaluate the security of your Office 365 implementation. Additionally, you can use this tool to provide recommendations on how you can improve your Office 365 security regime.
Importantly, Secure Score can help you and your organization improve security in the following three areas.
- Using the tool helps organizations to understand the current state of the security of their Office 365 implementation.
- Secure Score helps organizations discover issues with security, make those issues visible to management, guide team members through corrective actions, and increase internal control.
- Once you activate it, you can use Secure Score to compare your organization’s results to benchmarks and Key Performance Indicators.
Additionally, Secure Score is a tool that you can use to assess the several components of the Microsoft stack. For example, within Office 365, the tool checks and provides recommendations for SharePoint Online, Exchange Online, and OneDrive for Business. However, outside the Office 365 environment, Secure Score works with Azure AD and Cloud App Security.
How Do I Enable Secure Score?
To enable this feature in Office 365, you must have Administrative rights. Assuming you do, simply log-in to the Microsoft 365 Security Center at https://security.microsoft.com/homepage; there you will have access to Microsoft Secure Score.
As shown in Figure 1, when you use the tool in Office 365, it provides you with a detailed report. Additionally, the report provides metrics on your current level of security relative to your total possible security score. Also, it provides information about which corrective actions would provide the biggest improvements to your score. Further, it lets you know how your organization compares to similar organizations. Finally, it lists specific actions you can take to improve the security surrounding your Office 365 implementation. Armed with this information, you and your team can begin to make quick and effective changes to improve security.
Figure 1 - Sample Office 365 Secure Score Report
How Do I Improve Security with Secure Score?
Most Admins will likely be appalled at seeing their organization’s Secure Score for the first time. However, it’s important not to over-react to a low score. Instead, a better approach would be to adopt a careful and considerate approach to the security of all the data in your organization – not just that in Office 365. To do, begin by considering – on an item-by-item basis – adopting the recommendations in the Actions to Review section of your Secure Score dashboard. Figure 2 provides a sample of typical recommendations. After seeing the recommendations, carefully weigh each of these considerations relative to other security measures you have implemented outside your Office 365 environment.
Figure 2 - Sample Recommendations from Secure Score for Improving Office 365 Security
To learn more about any single recommendation, simply click on that recommendation to expose a detailed window about that recommendation. As shown in Figure 3, the details window allows you to gain more information on a specific recommendation. Importantly, that additional information includes the expected benefits, the impact on end users, and how to implement the recommendation. Further, by clicking the Manage button, you are taken directly to the page to activate the recommendation. As shown, the tool provides you with a “road map” of how you can improve security in Office 365.
Figure 3 - Details of a Specific Secure Score Recommendation
Are There Other Security Considerations?
No doubt, Secure Score can be a highly effective tool to improve Office 365 security. However, let us not view it as our only tool. More specifically, all traditional security “blocking-and-tackling” tools are still required to minimize risk. Examples include the items listed below.
- Each user should establish separate long-and-strong passwords for every application and these passwords should never be shared.
- Ensure that properly configured firewalls are in place to reduce the risk of outside attacks.
- Continually train users on the emerging security risks, including the continued risk of phishing emails.
- Enable encryption at every opportunity.
- Implement a sound backup strategy. Additionally, store backups of your critical data off-site and not connected to your network.
- Consider “whitelisting” approaches to protecting against malware.
- Remain vigilant and actively scour your environment for new threats. Of course, as these appear, create an effective strategy to mitigate them.
Security remains a top concern for professionals in all organizations, including those running Office 365. However, many of these same professionals who might be charged with securing their organization’s data may not know about some of the tools they can use to achieve this objective. Secure Score is one such tool. If you are running Office 365 in a corporate environment, Secure Score can be a terrific way to identify and address the security gaps surrounding your Office 365 implementation. Easy to access and work with, Secure Score helps you understand where the security gaps are in your Office 365 implementation. Equally important – if not more so – Secure Score guides you through the process of addressing these gaps. In short, if you are running Office 365, you should investigate how you can use Secure Score to improve Office 365 security.
Tommy is one of the shareholders in K2 Enterprises, affiliating with the firm in 2003 and joining as a shareholder in 2007. At K2, Tommy focuses on creating and delivering content and is responsible for many of the Firm's management and marketing functions. Tommy resides in the metro Atlanta area. You may reach him at email@example.com and you may learn more about K2 Enterprises at www.k2e.com.
NOTE: For more information click here for microsoft information