Skip to main content
SolarWinds MSP
  • Login
  • Support
  • Partnerships
    • Solution Provider Program
    • Technology Alliance Program
SolarWinds MSP
  • Products
    • SolarWinds N-central Automate what you need. Tackle complex networks. Try this remote monitoring and management solution built to help maximize efficiency and scale.
    • SolarWinds RMM Start fast. Grow at your own pace. Try this powerful but simple remote monitoring and management solution.
    • Backup & Recovery Manage backup for servers, workstations, applications, and business documents from one cloud-based dashboard.
    • Mail Protection & Archiving Protect users from email threats and downtime.
    • Password Management Easily adopt and demonstrate best practice password and documentation management workflows.
      • Passportal Demo
    • PSA & Ticketing Manage ticketing, reporting, and billing to increase helpdesk efficiency.
    • Threat Monitoring Detect, respond to, and report on threats across your managed networks.
    • Remote Support Help support customers and their devices with remote support tools designed to be fast and powerful.
  • Solutions

    I'm looking to...

    I'm looking for...

    • Identify which RMM solution is right for me
    • Drive Efficiency with Automation
    • Manage my MSP Business More Efficiently
    • Manage my IT Department More Efficiently
    • Layered Security
    • Data-Driven Insights
    • Cross-Platform Support
  • Resources

    Webcasts & Events

    Resource Center

    • Ask the N-Central Experts
    • Daily Live Demos
    • Backup Foundations Training
    • RMM Foundations Training
    • Upcoming Events
    • Upcoming Webcasts
    • Resource Library
      • Case Studies
      • Product Information
      • eBooks
      • White Papers
      • Infographics
    • SolarWinds MSP Free Tools
    • GDPR Resource Center
    • Security Resource Center
    • MSP Institute Webinar Series
    • MSP Advice Project
  • About
    • Contact
    • Worldwide sales and support
    • Careers
    • Awards and Recognition
    • Get A Quote
    • Newsroom
      • Press Releases
      • In The News
      • Media Contacts
    • Leadership Team
    • Legal
      • Cookie Policy
      • Privacy Notice
      • Software Services Agreement
      • Terms of Use
      • Backup Fair Use Policy
    • Security
      • SolarWinds Security Statement
      • Vendor Data Protection Requirements
    • Support
  • Blog
  • Contact Sales
    • Get A Quote
    • General Inquiry
  • TRY NOW
    • SolarWinds RMM
    • SolarWinds Backup
    • MSP Manager
    • SolarWinds Passportal
    • SolarWinds N-central
    • SolarWinds Mail Assure
    • SolarWinds Risk Intelligence
    • SolarWinds Take Control
Filter Blogs
  • Filter by:
  • MSP Business
    • Automation
    • Backup & Disaster Recovery
    • Security-series
    • Best Practices
    • Business
    • Business Growth
    • Business Risk
    • Cloud Computing
    • Customer Service
    • Cybersecurity
    • Cybersecurity Awareness Month
    • Data
    • GDPR
    • Internet of Things
    • IT Support
    • ITSM
    • LOGICcards
    • Machine Learning
    • Mail
    • Managed Services
    • Marketing
    • Mobile
    • Networking
    • Operations
    • Podcast
    • Product
    • PSA
    • Remote Management
    • Research & Trends
    • Risk Intelligence
    • Security
    • Security Vlog
    • Service Desk
    • Services & Support
    • The Head Nerds
    • Tips & Advice
    • Training
Home Blog MSP Business Security How to Assess and Improve Your Office 365 Security Scorecard
Security

How to Assess and Improve Your Office 365 Security Scorecard

By SolarWinds MSP
6 March, 2019

One major reason cloud-based file storage systems are so popular among enterprises is that they free IT teams from having to store, manage, and protect that data on their own internal servers. Unfortunately, that same benefit can translate into a considerable downside as responsibility for hosting this data goes to cloud providers—as does control over how it’s secured.

This concern about data exposure and vulnerability to security breaches has prompted popular cloud storage platform Microsoft 365 to set itself apart in terms of its dedication to security, using a physical, logical, and data layer of security to safeguard the environments it hosts. But while Microsoft is clearly dedicated to safeguarding data on the back end, there’s no preventing a security leak if your password happens to be “1234.” That’s why Microsoft also offers the Office 365 Secure Score, an analytics tool that makes it easy for users to optimize their security configuration.

So what is Office 365 Secure Score, and how can you use it to improve the security of your company’s digital assets? Here are a few pointers on what this tool does, how it works, and what you can do to mitigate the risk of cybercrime and improve your score.

What is Office 365 Secure Score?

Microsoft Secure Score essentially functions as your own personal security analyst. This Office 365 security risk assessment uses cutting-edge algorithms to find vulnerabilities in your system then recommend best practices to follow and configurations to change in order to protect those vulnerabilities. It does this by looking at the Microsoft services you’re using, examining your settings and recent activity, and running them against cybersecurity standards set by Microsoft. 

Some recommendations are more critical than others to protect against Office 365 security risks, so the algorithm determines the value of each best practice according to its level of importance. The more important the recommendations you follow, the higher your score will be. For example, putting two-factor verification in place will do more for your security than remediating vulnerabilities in your container security configurations, so following the former recommendation will add more points to your overall Office 365 Security Scorecard.

Microsoft Secure Score also shows you all the risks to which your current security posture has left you vulnerable, such as an account breach, data spillage from an authorized user to an unauthorized one, or even a malicious insider. 

How do I use Secure Score?

As long as you have a subscription that includes Microsoft 365 Business, Office 365 Business Premium, or Microsoft Enterprise, all you need to do before using Microsoft Secure Score is sign in from an account that has administrative privileges at the Office 365 Secure Score site. You can also access Security Score as a widget through the Microsoft Security and Compliance Center. 

The service will analyze all your current configurations and activity for the apps you’ve purchased and give you your first score. After that, a new Secure Score is generated for you automatically each day. 

With each day’s score comes a list of high-priority action items that you can finish that day in order to bring your score up. Clicking on each action item will bring up a short explanation of why it’s needed and what steps you need to take to complete it. The service even sets out the impact of any recommendations, clearly showing you how much your score will rise once you’ve completed all the action items in your queue, as well as their expected impact on productivity.

How do I read my Secure Score?

CTA Image

SolarWinds Mail Assure

Advanced Threat Protection for Inbound and Outbound Email.

Learn More

The highest possible score you can achieve using this tool is 452, but it’s reasonable to set a lower standard that won’t have too big an impact on users. The goal isn’t necessarily to reach the highest possible score, but to achieve a “balanced” score that demonstrates a strong security posture without cutting into productivity. The algorithm’s definition of a “balanced” score is anywhere between 254 and 372, which should be enough to protect you against typical Office 365 security risks. 

You can compare your own score with the averages of other Microsoft 365 users on the Summary page. You can also look at the Score Analyzer to see how your score has improved over time, and what actions you took on what days. 

How do I improve my Secure Score?

While the recommendations you receive will depend on the security needs of the enterprise and the services to which you’ve subscribed, there are a number of steps that the vast majority of businesses can take to help improve their score and safeguard their data from Office 365 security risks. These steps include:

  • Enable Multifactor Authentication: Regardless of your approach to security, multifactor authentication represents a simple and productive way of putting more space between you and cyberattackers. Enabling MFA for all users will add a whopping 50 points to your score.
  • Minimize Your Global Admins: The fewer admins you have, the fewer access points are available to hackers looking to breach your network. Again, it’s just common sense to ensure that the only people with credentials are those who absolutely need them.
  • Disable Inactive Accounts: When it comes to user accounts that haven’t been used in some time, it’s better to be safe than sorry. Unless you have reason to believe they’ll be used again soon, disable any account that has been inactive for longer than 30 days. Inactive accounts represent tempting targets for cybercriminals because they can often be leveraged without administrators noticing.
  • Password-Protect All Mobile Devices: Any mobile device with access to your network represents a viable entryway for hackers, which means you must protect them with the same vigilance you would your network passwords. Making sure employees protect all their devices with passwords will help ensure your assets are safe if a privileged device ever falls into the hands of a malicious party. Similarly, all devices in your network should use the latest standard of encryption.
  • Enable Audit-Recording: In the event that something goes wrong, you want to learn from it—you don’t want to be left scratching your head as to what you did wrong. A log of every user’s and administrator’s activities will allow you to assess everything that happened before the attack and determine what needs to change about current practices to prevent it from happening again. Checking this log on a daily basis can also help you predict breaches in the future.

Office 365 Secure Score is a handy way of understanding cybersecurity and protecting cloud assets that are otherwise out of your enterprise’s control. Of course, following its recommendations alone won’t sufficiently secure all your assets—it takes a robust set of protections against ransomware, phishing threats, malware, and other dangers to gain real peace of mind in today’s security environment. But Secure Score takes the unbelievably complex world of security and renders it easily navigable for its users, making this a great first step that any Microsoft user can take to really start protecting themselves from malicious parties. 

 

Additional reading:

The Top 7 Reasons to Back Up Office 365: Part One
The Email Security Education Series: The Basics
The Email Security Education Series: Trending Email Security Threats   

You might also like...

Best Practices

When They Leave: Offboarding Policies for Security
Security

What is Security Information and Event Management (SIEM)?
Security

How Zero Trust Models Apply to MSPs
Networking

Active Directory Cleanup Best Practices
Security

February 2020 Patch Tuesday Update:  One of the Largest by Vulnerability Count
Security

Common BYOD Challenges

Want to stay up to date?

Get the latest MSP tips, tricks, and ideas sent to your inbox each week.

Loading form....

If the form does not load in a few seconds, it is probably because your browser is using Tracking Protection. This is either an Ad Blocker plug-in or your browser is in private mode. Please allow tracking on this page to request a subscription.

Note: Firefox users may see a shield icon to the left of the URL in the address bar. Click on this to disable tracking protection for this session/site

Recent Posts

  • When They Leave: Offboarding Policies for Security
  • What is Security Information and Event Management (SIEM)?
  • How Zero Trust Models Apply to MSPs
  • Active Directory Cleanup Best Practices
  • How Do You Know When You’ve Met “the One?”

Categories:

  • Business Growth (422)
  • Security (375)
  • Tips & Advice (334)
  • Managed Services (307)
  • Best Practices (247)
  • Business (214)
  • Cybersecurity (194)
  • Backup & Disaster Recovery (124)
  • IT Support (109)
  • ITSM (78)
  • Data (64)
  • Product (63)
  • Cloud Computing (61)
  • Mail (57)
  • Marketing (57)
  • Networking (38)
  • Risk Intelligence (31)
  • Remote Management (29)
  • Customer Service (29)
  • The Head Nerds (26)
  • Automation (22)
  • Operations (18)
  • GDPR (17)
  • Services & Support (16)
  • Service Desk (15)
  • Research & Trends (14)
  • PSA (12)
  • Business Risk (12)
  • Internet of Things (11)
  • Mobile (11)
  • Training (11)
  • Security-series (8)
  • Cybersecurity Awareness Month (6)
  • LOGICcards (4)
  • Machine Learning (3)
Show moreless
SolarWinds MSP

Products

  • SolarWinds RMM
  • SolarWinds N-central
  • SolarWinds Backup
  • SolarWinds MSP Manager
  • SolarWinds Mail Assure
  • SolarWinds Risk Intelligence
  • SolarWinds Take Control
  • SolarWinds Threat Monitor
  • SolarWinds Passportal

Solutions

  • Identify which RMM solution is right for me
  • Drive Efficiency with Automation
  • Manage my MSP Business More Efficiently
  • Manage my IT Department More Efficiently
  • Layered Security
  • Cross-Platform Support
  • Data-Driven Insights

About

  • About Us
  • Careers
  • Newsroom
  • Leadership Team
  • Upcoming Events
  • Subscription Preferences
  • SolarWinds

Support

  • SolarWinds RMM
  • Solarwinds N-central
  • SolarWinds Backup
  • SolarWinds Mail Assure
  • SolarWinds Take Control
  • SolarWinds MSP Manager
  • Solarwinds Risk Intelligence
  • Solarwinds Threat Monitor
  • SolarWinds Passportal
  • SolarWinds Take Control Downloads
  • Backup & Recovery Downloads
  • Service Status

Footer 2

  • Legal Documents
  • Privacy
  • California Privacy Rights
  • Security Information
  • Sitemap

© SolarWinds MSP Canada ULC and SolarWinds MSP UK Ltd.
All Rights Reserved.