July 03, 2018

Roadmap to Improve Office 365 Secure Score

1734 Views
Roadmap to Improve Office 365 Secure Score

Introduction

Office 365 Secure Score is a value (score) which helps you assess the security stance of your Office 365 tenant. Transferring secret/sensitive business data to the cloud is still now questionable for numerous organizations in terms of security. There can be valid causes for keeping data on-premises but the cloud can be at least as secure as your own datacenter, occasionally it’s supplementarily secured. To help manage your tenant security and give extra poise to businesses that are still sitting on the hurdle, Office 365 Secure Score is a tool which helps to preserve your tenant security at the most.

In this article, I would like to discuss Roadmap to improve Tenant Security in Office 365, it’s describing the process which can be adopted during the enhancement of tenant security.

Secure score

The Secure Score is a numerical summary of your security posture within Office 365 based on system configurations, user behavior and other security-related measurements; it is not an absolute measurement of how likely your system or data will be breached; rather, it represents the extent to which you have adopted security controls available in Office 365 which can help offset the risk of being breached.

Insights into your security position- One place to understand your security position and what features you have enabled.

Guidance to increase your security level- Learn what security features are available to reduce risk while helping you balance productivity and security.

Roadmap to Improve Office 365 Secure Score

Office 365 Security Assessment Overview

Scheduling an initial assessment before moving production users and data into the Office 365 tenant is recommended, if possible, for the following reason. Completing an initial assessment would ensure that the Office 365 tenant has the customer’s required security configuration before adding users and data. Doing so may reduce the risk of a breach prior by implementation of the security controls informed by the actions indicated from outcome of Microsoft Secure Score.

Business Opportunity

Customer Pain Points:

  • Understanding breadth of security threat vectors
  • Deploy solutions that don’t adequately protect against current security threats
  • Challenged by changing data governance and compliance regulations

Assessment Workshop

Security Assessment Workshop:

  • Understand customers desired security state
  • Assess customers Office 365 tenant using Secure Score
  • Phased assessment approach
    • Scope setting
    • Assessment
    • Education
    • Roadmap

Customer Security Roadmap

Customer Outcomes:

  • Security roadmap
    • Details exposure and risk related to Office 365
    • See how tenant ranks against others
  • Document and prioritize customers Office 365 security priorities
  • Education on Office 365 Security capabilities

Office 365 Security Assessment Workshop

Before going to enhance the security, it’s required to do workshop. It’s not an individual effort, need to go through a team discussion and training. Need to reduce the gap in between user’s interpretation and actual fact.

Phase 1: Kick Off

  • Project scope
  • Pre-assessment Questionnaire
  • Stakeholders

Phase 2: Assessment

  • Review questionnaire
  • Secure Scope
  • Identify gaps
  • Possible Advanced Security Management proxy log import

Phase 3: Education

  • Provide up to 2 hrs. of education on security topics
  • Utilizes sessions from Office University training events
  • Demonstrate SaaS application use through Advanced Security Management

Phase 4: Roadmap

  • Provide detailed roadmap as prescribed by Secure Score
  • Identify customers security next step roadmap
  • Partner opportunity to help close identified gaps

Key Recommendations

This is a suggested path which we should follow for the smooth implementation.

Roadmap to Improve Office 365 Secure Score

FAQ

Does it mean that you should feel endangered?

No, it does not. Please note that you will not always be able to reach a maximum score of points in controls associated with services that you have not purchased.

Does it mean that you should feel relaxed?

Absolutely not! The average score may be higher than you can achieve, but it does not mean that you can safely accept the present situation.

What does [Not Scored] mean?

Actions labeled as [Not Scored] are ones you can perform in your organization but won't be scored because they aren’t hooked up in the tool (yet!). So, you can still improve your security, but you won’t get credit for those actions right now.

How often is my score updated?

The score is calculated once per day (around 1:00 AM PST). If you make a change to a measured action, the score will automatically update the next day. It takes up to 48 hours for a change to be reflected in your score.

Does the secure score measure my risk of getting breached?

In short, no. The Secure Score does not express an absolute measure of how likely you are to get breached. It expresses the extent to which you have adopted features that can offset the risk of being breached. No service can guarantee that you will not be breached, and the Secure Score should not be interpreted as a guarantee in any way.

Bottomline

Definitely, there is room for improvement for your Office 365, so, you should try to get as many points as you can! But remember, in the end, it is not about points but protection for your company assets.

4 Replies to “Roadmap to Improve Office 365 Secure Score”

  1. Fortunately the measures needed to improve your score are relatively straightforward, however you are aiming at a moving target.

  2. What kind of licensing do you need to perform the Office 365 secure score tool.
    Is it just an admin role or Security reader from Azure AD role ?
    Can i use every function in the free tier ?

    1. Hi Bilal,

      Good question.

      Secure Score tool is available for any customer having any O365 licenses, including Business Premium. However, Secure score is a tenant level insights and hence it needs Global Admin privilege to allow access to the tool. You can login to https://securescore.microsoft.com/ to check your tenant Secure Score.

      For further reading, please visit https://docs.microsoft.com/en-us/office365/securitycompliance/office-365-secure-score

  3. Some Security Compliance features helps improve the score. It would be helpful if more details of security compliance is made available.

Leave a Reply

Your email address will not be published. Required fields are marked *