Chapter 13

Measuring Your Security Posture

IN THIS CHAPTER

Bullet Touring the Microsoft Secure Score portal

Bullet Making sense of your score’s numerator and denominator

Bullet Increasing your secure score by acting on the recommendations

We’ve all heard about the importance of maintaining a good credit score. The higher the score, the better interest rates you’ll be qualified for when applying for a home loan or car loan. If you’re starting a small business, a high credit score opens the door for financial assistance. If you’re applying for a job in the financial industry or the government sector, a high credit score could influence whether or not you get hired. For most people, their credit score is a measure of their financial well-being.

A security report from Symantec, a cybersecurity firm, reveals that 43 percent of cyberattacks target small businesses. Yes, the small business whose IT environment you’re administering or managing. The same business you don’t want to see become the next victim of a WannaCry or NotPetya ransomware attack.

Imagine yourself in front of your manager or your organization’s leadership team and having to answer the question: “How secure is our organization from cyberattacks?” Do you think you could provide an answer that’s quantifiable? Do you think you’ll be able to provide a number to measure your organization’s security well-being?

With Microsoft 365 Business, the answer is yes. Your subscription to the cloud service includes access to Microsoft Secure Score, which provides a dashboard with a number that indicates your organization’s security posture. And just like a credit score, your secure score is a good way to measure your organization’s security well-being.

In this chapter, I review the Microsoft Secure Score dashboard, compare your score with average scores for industries similar to yours, and walk you through the interactive guide for improving your score as well and review your historical score to understand how your actions have influenced your security posture.

Exploring the Secure Score Dashboard

Microsoft Secure Score analyzes the security settings in your Microsoft 365 Business environment to calculate a score that indicates your organization’s security posture. Daily user activities in Exchange Online, SharePoint Online, and OneDrive for Business also contribute to the score.

Remember Currently, a global admin account is required to access the Secure Score dashboard. The admin, however, can share results from the tool with other users in the organization.

Getting to the dashboard

You can get to the Secure Score dashboard in two ways. The quickest route is to navigate to https://securescore.microsoft.com and log in with your global admin credentials.

The other way to get to the dashboard is to do the following:

  1. Log in with your global admin credentials at https://admin.microsoft.com.

  2. On the left menu, under the Admin Centers group, select Security & Compliance.

    A new browser tab launches the Microsoft 365 Security & Compliance page.

  3. Look for the Microsoft Secure Score widget, shown in Figure 13-1, and then click the Microsoft Secure Score link below the number indicating your score.

    A new browser tab launches the Secure Score page.

Screenshot of the Microsoft Secure Score widget, which is the quickest route to get to the dashboard.

FIGURE 13-1: The Microsoft Secure Score widget.

In the Secure Score dashboard, a slide show of cards, or a carousel, provides overview cards to orient you to the dashboard, as shown in in Figure 13-2. After you’ve reviewed the cards, you can remove them by clicking the close icon (X) at the top right to gain more real estate on the page.

Screenshot of the Microsoft Secure Score dashboard window for securing the score carousel for managing risks in a different way.

FIGURE 13-2: Secure Score dashboard carousel.

Understanding your score

After you’re logged in to the Microsoft Secure Score dashboard, it’s time to brush up on your fractions because we’re going to be discussing numerators and denominators. In our grade school math class, we learned that the numerator is the top part of the fraction and the denominator is the bottom part of the fraction.

Similarly, in Microsoft Secure Score, the top bigger number you see in the Secure Score Summary is the numerator and the bottom, smaller number is the denominator, as shown in Figure 13-3. Both numbers represent your overall score. This number gets updated every 24 hours at around 1 AM Pacific Standard Time.

Screenshot of the Microsoft Secure Score window displaying the secure score summary.

FIGURE 13-3: Secure Score summary.

The numerator is the total points you have achieved based on the security features enabled in your tenant. The denominator is the maximum number of points you can achieve if all the security features available in your subscription are enabled.

Note that the denominator you see in your environment may differ from someone else’s environment. That’s because some Office 365 or Microsoft 365 subscriptions have additional security functionalities not included in the Microsoft 365 Business subscription.

Below the Secure Score Summary are two donut charts. The chart on the left is a visual representation of your secure score based on Office 365 data. The chart on the right represents the secure score for Windows based on data from the Windows Defender Advanced Threat Protection service. This service is not included in the Microsoft 365 Business subscription but can be purchased separately.

Taking action to improve your score

Below the Secure Score Summary widget is the Take Action, Improve your Microsoft Secure Score widget. Note that the target score recommended by the system in a balanced approach between security and productivity, as shown in Figure 13-4. The target score represents what your secure score could be if you were to take the recommended actions to increase your score.

Screenshot of the target score in a balanced security approach to take action and improve the Microsoft secure score.

FIGURE 13-4: Target score in a balanced security approach.

In Figure 13-4, the target score is 537. To get to that number from the current score of 101, 36 actions must be taken, as noted by the 36 Actions link below the target score.

The slider dynamically changes as you move the toggle from left to right. If you move the slider to the left or right from the middle, which indicates the balanced approach to security, the target score and the corresponding number of actions to achieve the target score will change.

A variety of factors determine an organization’s ideal target — no magic target number applies to everyone. Fortunately, you can easily change your target if you feel that the current number is not meeting your needs.

If you click the 36 Actions link, the screen will scroll down to display the queued list of actions to take to achieve the target score. Clicking an item in the list will give you an expanded view with more details about the item. In Figure 13-5, for example, enabling multi-factor authentication (MFA) for Azure Active Directory privileged roles will increase the score by 50 points, as noted by the Action Score number.

Screenshot of the 36 Actions link displaying action items with a description and other details to enable MFA for Azure AD privileged roles.

FIGURE 13-5: Action items with a description and other details.

The expanded view also provides more details about the action, why it should be enabled, and what threats it addresses.

Clicking the Learn More button opens a window on the right so you can discover more details about the action.

If you’re using third-party solutions to take care of the security feature described in the item, you can click the Third-Party button and then the Save button to exclude it from the calculation. The Ignore button, as of this writing, achieves the same purpose.

In the list of actions to take, you’ll find the Show box which allows you to filter the list of actions. Next to the Show box is the Search box if you just want to do a keyword search.

Clicking the drop-down arrow next to the Show box displays the different ways by which the action items can be filtered, as shown in Figure 13-6.

Screenshot of the 36 Actions link displaying a list of action items in a show box with the different ways by which the action items can be filtered.

FIGURE 13-6: Filtering the list of action items.

For example, if you want to enable features that have a low effect on your end users, select Low from the drop-down menu under User Impact.

Comparing your score

As mentioned, no one magic number applies to all organizations because different organizations have different needs. A large enterprise might need more features than a small business, for example.

The Compare Your Score widget is a great way to get insights into the secure scores of other organizations, which might help inform your own organization’s target score.

As shown in Figure 13-7, the first bar on the left is the current secure score for the organization. For example, Figure 13-7 shows the results for an example organization with 25 users. The first bar on the left is the organization’s current secure score

Screenshot depicting four vertical bars comparing the scores of the employees of an organization.

FIGURE 13-7: Comparing your score with others.

Next to the organization’s current score is the average active seat size score, which is 37. Below the score, you can see that the organization’s 25 users place it in the 6 to 99 seats category. In this example, our company with a secure score of 101 is doing well compared to other companies with a similar seat size, whose average score is 37.

The third bar from the left represents the average score for companies like the example organization in the industry as a whole. When you first visit Secure Score, the Industry Type Average Score bar is zero. You need to set this up for the system to start reporting the score. Simply click the Please Select Industry Type link below the bar and follow the prompts. When you’re finished, it will take at least 48 hours to take effect.

The final bar represents the average score for all Office 365 tenants in the world, be they small or large companies.

Reviewing the Score Analyzer

The Score Analyzer page is where you can see how your actions over time has affected your security posture. You can view and export up to 90 days of scoring data.

Score Analyzer, shown in Figure 13-8, includes several parts. At the top is a line that shows how your secure score has trended over time. The line on the bottom represents the average secure score for Office 365 tenants.

Screenshot of the Score Analyzer page displaying a line at the top depicting how a secure score has trended over time, and a line at the bottom representing the average secure score for Office 365 tenants.

FIGURE 13-8: Secure Score Analyzer.

You can change the view for the chart in Score Analyzer by clicking one of the tabs just below the Your Secure Score Over Time label. The options are Last 7 Days, Last 30 Days, and Last 3 Months. The Compare Scores tab enables you to compare scores between dates based on actions that have been taken in the environment.

Like all the other services in Microsoft 365 Business, Secure Score is continuously evolving. Make a habit of checking the Secure Score dashboard for updates to the system and to stay current on the latest best practices for data security.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset