Office 365 Secure Score is a value (score) which helps you assess the security stance of your Office 365 tenant. Transferring secret/sensitive business data to the cloud is still now questionable for numerous organizations in terms of security. There can be valid causes for keeping data on-premises but the cloud can be at least as secure as your own datacenter, occasionally it’s supplementarily secured. To help manage your tenant security and give extra poise to businesses that are still sitting on the hurdle, Office 365 Secure Score is a tool which helps to preserve your tenant security at the most.
In this article, I would like to discuss Roadmap to improve Tenant Security in Office 365, it’s describing the process which can be adopted during the enhancement of tenant security.
The Secure Score is a numerical summary of your security posture within Office 365 based on system configurations, user behavior and other security-related measurements; it is not an absolute measurement of how likely your system or data will be breached; rather, it represents the extent to which you have adopted security controls available in Office 365 which can help offset the risk of being breached.
Insights into your security position- One place to understand your security position and what features you have enabled.
Guidance to increase your security level- Learn what security features are available to reduce risk while helping you balance productivity and security.
Office 365 Security Assessment Overview
Scheduling an initial assessment before moving production users and data into the Office 365 tenant is recommended, if possible, for the following reason. Completing an initial assessment would ensure that the Office 365 tenant has the customer’s required security configuration before adding users and data. Doing so may reduce the risk of a breach prior by implementation of the security controls informed by the actions indicated from outcome of Microsoft Secure Score.
Customer Pain Points:
- Understanding breadth of security threat vectors
- Deploy solutions that don’t adequately protect against current security threats
- Challenged by changing data governance and compliance regulations
Security Assessment Workshop:
- Understand customers desired security state
- Assess customers Office 365 tenant using Secure Score
- Phased assessment approach
- Scope setting
Customer Security Roadmap
- Security roadmap
- Details exposure and risk related to Office 365
- See how tenant ranks against others
- Document and prioritize customers Office 365 security priorities
- Education on Office 365 Security capabilities
Office 365 Security Assessment Workshop
Before going to enhance the security, it’s required to do workshop. It’s not an individual effort, need to go through a team discussion and training. Need to reduce the gap in between user’s interpretation and actual fact.
Phase 1: Kick Off
- Project scope
- Pre-assessment Questionnaire
Phase 2: Assessment
- Review questionnaire
- Secure Scope
- Identify gaps
- Possible Advanced Security Management proxy log import
Phase 3: Education
- Provide up to 2 hrs. of education on security topics
- Utilizes sessions from Office University training events
- Demonstrate SaaS application use through Advanced Security Management
Phase 4: Roadmap
- Provide detailed roadmap as prescribed by Secure Score
- Identify customers security next step roadmap
- Partner opportunity to help close identified gaps
This is a suggested path which we should follow for the smooth implementation.
Does it mean that you should feel endangered?
No, it does not. Please note that you will not always be able to reach a maximum score of points in controls associated with services that you have not purchased.
Does it mean that you should feel relaxed?
Absolutely not! The average score may be higher than you can achieve, but it does not mean that you can safely accept the present situation.
What does [Not Scored] mean?
Actions labeled as [Not Scored] are ones you can perform in your organization but won't be scored because they aren’t hooked up in the tool (yet!). So, you can still improve your security, but you won’t get credit for those actions right now.
How often is my score updated?
The score is calculated once per day (around 1:00 AM PST). If you make a change to a measured action, the score will automatically update the next day. It takes up to 48 hours for a change to be reflected in your score.
Does the secure score measure my risk of getting breached?
In short, no. The Secure Score does not express an absolute measure of how likely you are to get breached. It expresses the extent to which you have adopted features that can offset the risk of being breached. No service can guarantee that you will not be breached, and the Secure Score should not be interpreted as a guarantee in any way.
Definitely, there is room for improvement for your Office 365, so, you should try to get as many points as you can! But remember, in the end, it is not about points but protection for your company assets.