Security

How to Assess and Improve Your Office 365 Security Scorecard

By SolarWinds MSP

6 March, 2019

One major reason cloud-based file storage systems are so popular among enterprises is that they free IT teams from having to store, manage, and protect that data on their own internal servers. Unfortunately, that same benefit can translate into a considerable downside as responsibility for hosting this data goes to cloud providers—as does control over how it’s secured.

This concern about data exposure and vulnerability to security breaches has prompted popular cloud storage platform Microsoft 365 to set itself apart in terms of its dedication to security, using a physical, logical, and data layer of security to safeguard the environments it hosts. But while Microsoft is clearly dedicated to safeguarding data on the back end, there’s no preventing a security leak if your password happens to be “1234.” That’s why Microsoft also offers the Office 365 Secure Score, an analytics tool that makes it easy for users to optimize their security configuration.

So what is Office 365 Secure Score, and how can you use it to improve the security of your company’s digital assets? Here are a few pointers on what this tool does, how it works, and what you can do to mitigate the risk of cybercrime and improve your score.

What is Office 365 Secure Score?

Microsoft Secure Score essentially functions as your own personal security analyst. This Office 365 security risk assessment uses cutting-edge algorithms to find vulnerabilities in your system then recommend best practices to follow and configurations to change in order to protect those vulnerabilities. It does this by looking at the Microsoft services you’re using, examining your settings and recent activity, and running them against cybersecurity standards set by Microsoft.

Some recommendations are more critical than others to protect against Office 365 security risks, so the algorithm determines the value of each best practice according to its level of importance. The more important the recommendations you follow, the higher your score will be. For example, putting two-factor verification in place will do more for your security than remediating vulnerabilities in your container security configurations, so following the former recommendation will add more points to your overall Office 365 Security Scorecard.

Microsoft Secure Score also shows you all the risks to which your current security posture has left you vulnerable, such as an account breach, data spillage from an authorized user to an unauthorized one, or even a malicious insider.

How do I use Secure Score?

As long as you have a subscription that includes Microsoft 365 Business, Office 365 Business Premium, or Microsoft Enterprise, all you need to do before using Microsoft Secure Score is sign in from an account that has administrative privileges at the Office 365 Secure Score site. You can also access Security Score as a widget through the Microsoft Security and Compliance Center.

The service will analyze all your current configurations and activity for the apps you’ve purchased and give you your first score. After that, a new Secure Score is generated for you automatically each day.

With each day’s score comes a list of high-priority action items that you can finish that day in order to bring your score up. Clicking on each action item will bring up a short explanation of why it’s needed and what steps you need to take to complete it. The service even sets out the impact of any recommendations, clearly showing you how much your score will rise once you’ve completed all the action items in your queue, as well as their expected impact on productivity.

How do I read my Secure Score?

The highest possible score you can achieve using this tool is 452, but it’s reasonable to set a lower standard that won’t have too big an impact on users. The goal isn’t necessarily to reach the highest possible score, but to achieve a “balanced” score that demonstrates a strong security posture without cutting into productivity. The algorithm’s definition of a “balanced” score is anywhere between 254 and 372, which should be enough to protect you against typical Office 365 security risks.

You can compare your own score with the averages of other Microsoft 365 users on the Summary page. You can also look at the Score Analyzer to see how your score has improved over time, and what actions you took on what days.

How do I improve my Secure Score?

While the recommendations you receive will depend on the security needs of the enterprise and the services to which you’ve subscribed, there are a number of steps that the vast majority of businesses can take to help improve their score and safeguard their data from Office 365 security risks. These steps include:

Enable Multifactor Authentication: Regardless of your approach to security, multifactor authentication represents a simple and productive way of putting more space between you and cyberattackers. Enabling MFA for all users will add a whopping 50 points to your score.
Minimize Your Global Admins: The fewer admins you have, the fewer access points are available to hackers looking to breach your network. Again, it’s just common sense to ensure that the only people with credentials are those who absolutely need them.
Disable Inactive Accounts: When it comes to user accounts that haven’t been used in some time, it’s better to be safe than sorry. Unless you have reason to believe they’ll be used again soon, disable any account that has been inactive for longer than 30 days. Inactive accounts represent tempting targets for cybercriminals because they can often be leveraged without administrators noticing.
Password-Protect All Mobile Devices: Any mobile device with access to your network represents a viable entryway for hackers, which means you must protect them with the same vigilance you would your network passwords. Making sure employees protect all their devices with passwords will help ensure your assets are safe if a privileged device ever falls into the hands of a malicious party. Similarly, all devices in your network should use the latest standard of encryption.
Enable Audit-Recording: In the event that something goes wrong, you want to learn from it—you don’t want to be left scratching your head as to what you did wrong. A log of every user’s and administrator’s activities will allow you to assess everything that happened before the attack and determine what needs to change about current practices to prevent it from happening again. Checking this log on a daily basis can also help you predict breaches in the future.

Office 365 Secure Score is a handy way of understanding cybersecurity and protecting cloud assets that are otherwise out of your enterprise’s control. Of course, following its recommendations alone won’t sufficiently secure all your assets—it takes a robust set of protections against ransomware, phishing threats, malware, and other dangers to gain real peace of mind in today’s security environment. But Secure Score takes the unbelievably complex world of security and renders it easily navigable for its users, making this a great first step that any Microsoft user can take to really start protecting themselves from malicious parties.