How to Assess and Improve Your Office 365 Security Scorecard

The highest possible score you can achieve using this tool is 452, but it’s reasonable to set a lower standard that won’t have too big an impact on users. The goal isn’t necessarily to reach the highest possible score, but to achieve a “balanced” score that demonstrates a strong security posture without cutting into productivity. The algorithm’s definition of a “balanced” score is anywhere between 254 and 372, which should be enough to protect you against typical Office 365 security risks. 

You can compare your own score with the averages of other Microsoft 365 users on the Summary page. You can also look at the Score Analyzer to see how your score has improved over time, and what actions you took on what days. 

How do I improve my Secure Score?

While the recommendations you receive will depend on the security needs of the enterprise and the services to which you’ve subscribed, there are a number of steps that the vast majority of businesses can take to help improve their score and safeguard their data from Office 365 security risks. These steps include:

• Enable Multifactor Authentication: Regardless of your approach to security, multifactor authentication represents a simple and productive way of putting more space between you and cyberattackers. Enabling MFA for all users will add a whopping 50 points to your score.
• Minimize Your Global Admins: The fewer admins you have, the fewer access points are available to hackers looking to breach your network. Again, it’s just common sense to ensure that the only people with credentials are those who absolutely need them.
• Disable Inactive Accounts: When it comes to user accounts that haven’t been used in some time, it’s better to be safe than sorry. Unless you have reason to believe they’ll be used again soon, disable any account that has been inactive for longer than 30 days. Inactive accounts represent tempting targets for cybercriminals because they can often be leveraged without administrators noticing.
• Password-Protect All Mobile Devices: Any mobile device with access to your network represents a viable entryway for hackers, which means you must protect them with the same vigilance you would your network passwords. Making sure employees protect all their devices with passwords will help ensure your assets are safe if a privileged device ever falls into the hands of a malicious party. Similarly, all devices in your network should use the latest standard of encryption.
• Enable Audit-Recording: In the event that something goes wrong, you want to learn from it—you don’t want to be left scratching your head as to what you did wrong. A log of every user’s and administrator’s activities will allow you to assess everything that happened before the attack and determine what needs to change about current practices to prevent it from happening again. Checking this log on a daily basis can also help you predict breaches in the future.

Office 365 Secure Score is a handy way of understanding cybersecurity and protecting cloud assets that are otherwise out of your enterprise’s control. Of course, following its recommendations alone won’t sufficiently secure all your assets—it takes a robust set of protections against ransomware, phishing threats, malware, and other dangers to gain real peace of mind in today’s security environment. But Secure Score takes the unbelievably complex world of security and renders it easily navigable for its users, making this a great first step that any Microsoft user can take to really start protecting themselves from malicious parties.