Chapter 13
IN THIS CHAPTER
Touring the Microsoft Secure Score portal
Making sense of your score’s numerator and denominator
Increasing your secure score by acting on the recommendations
We’ve all heard about the importance of maintaining a good credit score. The higher the score, the better interest rates you’ll be qualified for when applying for a home loan or car loan. If you’re starting a small business, a high credit score opens the door for financial assistance. If you’re applying for a job in the financial industry or the government sector, a high credit score could influence whether or not you get hired. For most people, their credit score is a measure of their financial well-being.
A security report from Symantec, a cybersecurity firm, reveals that 43 percent of cyberattacks target small businesses. Yes, the small business whose IT environment you’re administering or managing. The same business you don’t want to see become the next victim of a WannaCry or NotPetya ransomware attack.
Imagine yourself in front of your manager or your organization’s leadership team and having to answer the question: “How secure is our organization from cyberattacks?” Do you think you could provide an answer that’s quantifiable? Do you think you’ll be able to provide a number to measure your organization’s security well-being?
With Microsoft 365 Business, the answer is yes. Your subscription to the cloud service includes access to Microsoft Secure Score, which provides a dashboard with a number that indicates your organization’s security posture. And just like a credit score, your secure score is a good way to measure your organization’s security well-being.
In this chapter, I review the Microsoft Secure Score dashboard, compare your score with average scores for industries similar to yours, and walk you through the interactive guide for improving your score as well and review your historical score to understand how your actions have influenced your security posture.
Microsoft Secure Score analyzes the security settings in your Microsoft 365 Business environment to calculate a score that indicates your organization’s security posture. Daily user activities in Exchange Online, SharePoint Online, and OneDrive for Business also contribute to the score.
You can get to the Secure Score dashboard in two ways. The quickest route is to navigate to https://securescore.microsoft.com
and log in with your global admin credentials.
The other way to get to the dashboard is to do the following:
https://admin.microsoft.com
.On the left menu, under the Admin Centers group, select Security & Compliance.
A new browser tab launches the Microsoft 365 Security & Compliance page.
Look for the Microsoft Secure Score widget, shown in Figure 13-1, and then click the Microsoft Secure Score link below the number indicating your score.
A new browser tab launches the Secure Score page.
In the Secure Score dashboard, a slide show of cards, or a carousel, provides overview cards to orient you to the dashboard, as shown in in Figure 13-2. After you’ve reviewed the cards, you can remove them by clicking the close icon (X) at the top right to gain more real estate on the page.
After you’re logged in to the Microsoft Secure Score dashboard, it’s time to brush up on your fractions because we’re going to be discussing numerators and denominators. In our grade school math class, we learned that the numerator is the top part of the fraction and the denominator is the bottom part of the fraction.
Similarly, in Microsoft Secure Score, the top bigger number you see in the Secure Score Summary is the numerator and the bottom, smaller number is the denominator, as shown in Figure 13-3. Both numbers represent your overall score. This number gets updated every 24 hours at around 1 AM Pacific Standard Time.
The numerator is the total points you have achieved based on the security features enabled in your tenant. The denominator is the maximum number of points you can achieve if all the security features available in your subscription are enabled.
Note that the denominator you see in your environment may differ from someone else’s environment. That’s because some Office 365 or Microsoft 365 subscriptions have additional security functionalities not included in the Microsoft 365 Business subscription.
Below the Secure Score Summary are two donut charts. The chart on the left is a visual representation of your secure score based on Office 365 data. The chart on the right represents the secure score for Windows based on data from the Windows Defender Advanced Threat Protection service. This service is not included in the Microsoft 365 Business subscription but can be purchased separately.
Below the Secure Score Summary widget is the Take Action, Improve your Microsoft Secure Score widget. Note that the target score recommended by the system in a balanced approach between security and productivity, as shown in Figure 13-4. The target score represents what your secure score could be if you were to take the recommended actions to increase your score.
In Figure 13-4, the target score is 537. To get to that number from the current score of 101, 36 actions must be taken, as noted by the 36 Actions link below the target score.
The slider dynamically changes as you move the toggle from left to right. If you move the slider to the left or right from the middle, which indicates the balanced approach to security, the target score and the corresponding number of actions to achieve the target score will change.
A variety of factors determine an organization’s ideal target — no magic target number applies to everyone. Fortunately, you can easily change your target if you feel that the current number is not meeting your needs.
If you click the 36 Actions link, the screen will scroll down to display the queued list of actions to take to achieve the target score. Clicking an item in the list will give you an expanded view with more details about the item. In Figure 13-5, for example, enabling multi-factor authentication (MFA) for Azure Active Directory privileged roles will increase the score by 50 points, as noted by the Action Score number.
The expanded view also provides more details about the action, why it should be enabled, and what threats it addresses.
Clicking the Learn More button opens a window on the right so you can discover more details about the action.
If you’re using third-party solutions to take care of the security feature described in the item, you can click the Third-Party button and then the Save button to exclude it from the calculation. The Ignore button, as of this writing, achieves the same purpose.
In the list of actions to take, you’ll find the Show box which allows you to filter the list of actions. Next to the Show box is the Search box if you just want to do a keyword search.
Clicking the drop-down arrow next to the Show box displays the different ways by which the action items can be filtered, as shown in Figure 13-6.
For example, if you want to enable features that have a low effect on your end users, select Low from the drop-down menu under User Impact.
As mentioned, no one magic number applies to all organizations because different organizations have different needs. A large enterprise might need more features than a small business, for example.
The Compare Your Score widget is a great way to get insights into the secure scores of other organizations, which might help inform your own organization’s target score.
As shown in Figure 13-7, the first bar on the left is the current secure score for the organization. For example, Figure 13-7 shows the results for an example organization with 25 users. The first bar on the left is the organization’s current secure score
Next to the organization’s current score is the average active seat size score, which is 37. Below the score, you can see that the organization’s 25 users place it in the 6 to 99 seats category. In this example, our company with a secure score of 101 is doing well compared to other companies with a similar seat size, whose average score is 37.
The third bar from the left represents the average score for companies like the example organization in the industry as a whole. When you first visit Secure Score, the Industry Type Average Score bar is zero. You need to set this up for the system to start reporting the score. Simply click the Please Select Industry Type link below the bar and follow the prompts. When you’re finished, it will take at least 48 hours to take effect.
The final bar represents the average score for all Office 365 tenants in the world, be they small or large companies.
The Score Analyzer page is where you can see how your actions over time has affected your security posture. You can view and export up to 90 days of scoring data.
Score Analyzer, shown in Figure 13-8, includes several parts. At the top is a line that shows how your secure score has trended over time. The line on the bottom represents the average secure score for Office 365 tenants.
You can change the view for the chart in Score Analyzer by clicking one of the tabs just below the Your Secure Score Over Time label. The options are Last 7 Days, Last 30 Days, and Last 3 Months. The Compare Scores tab enables you to compare scores between dates based on actions that have been taken in the environment.
Like all the other services in Microsoft 365 Business, Secure Score is continuously evolving. Make a habit of checking the Secure Score dashboard for updates to the system and to stay current on the latest best practices for data security.