Posts Tagged ‘Office and Microsoft 365 risk assessment’

Microsoft Secure Score

Posted on December 4th, 2020 by admin@mismo2023

Microsoft Secure Score is a security analytics tool that provides better security configuration and security features. It applies a numerical score to custom security that outlines the action that can be taken to improve that configuration. It improves the security standards of an organization and lessens the chances of being hacked.

Why use Secure Score?

Secure score is made to help you take actions to improve your security. It gives you parameters to keep your infrastructure secure. Microsoft also offers a comparison chart to show you how your security compares to other Office 365 subscribers. Secure Score helps you understand the extent to which you have a good security configuration. It also informs you about behaviors and best practices to have inside your organization.

How does Secure Score work?

Secure Score determines what services you’re using (Exchange, OneDrive, SharePoint, etc.). It looks at your settings and activities and compares them on a baseline established by Microsoft. You’ll get a score based on how you are aligned with security best practices. It creates a full inventory of all the security configurations that reduces risk. Each control that reduces risk is calculated with points. Some controls are more effective and have more points assigned to them.

It is measured by how they are being implemented. The points provide an overall secure score. More the secure score is more is your organization protected in terms of security measures. This score below in the image represents how secure your environment is. You can measure it over time to track your progress

Office and Microsoft 365 risk assessment

Secure Score provides an overall risk assessment. It gives you links to make you aware of the risk you’re facing if you don’t follow the recommended actions.

This example shows some of the potential risks:

Account Breach – the risk indicates a tenancy breach that can be used by an attacker to interact with either resource in Office and Microsoft 365, or with on-premises infrastructure

Elevation of Privilege – an attacker has managed to compromise one or more accounts in the tenancy and is now working to increase their power

Data Exfiltration – an attacker has found a way to move data out of the tenancy

From the summary page, you can get a glimpse of how your score compares to the average score of all Microsoft customers.

Taking action

Your target score can fall into the range from Basic to Balanced, to Aggressive.

Depending on where you set your target, Secure Score would share with you a number of suggestions to help you reach your goal.

Suggestions are based on priority and the effectiveness of the action compared to the level of impact to the end-users.

Actions that are highly effective, with a low level of user impact are placed at the top, followed by actions that are less effective and more impactful to users.

You can filter these actions by category, such as User Impact, Implementation, etc. Seeing how each of these actions affects the users, allows you to balance your organization’s productivity against your security.

Some actions are not scored, which means even if the corresponding actions are implemented, the secure score won’t increase. These actions are marked as [Not Scored] in the queue. Microsoft has stated over time Microsoft Secure Score will be able to better measure these controls and adjust the score accordingly.

Score analyzer

This allows tracking and reporting of the score over time. As with the secure score summary, your score is compared daily to the average score of all Office and Microsoft 365 customers, so you can see the relative position in the security landscape to make planning and communication easier with the team and the leaders.

The graph below shows the secure score in time.

Organizations always try to ensure the highest level of security for their data and processes, in this quest Secure Score can be one easy and quick indicator, allowing for appropriate actions to be taken in order to gain umpteen level of prevention from various kinds of cyber-attacks. Optimum utilization of these features as you use the tool helps you get further peace of mind that you’re taking the right steps to protect your organization from threats.

Click here to view more such blogs by Mismo Systems!