Microsoft’s recent update to the Microsoft 365 security center includes a new Microsoft Secure Score.
Microsoft Secure Score is a tool for visualizing your organization’s security posture across you Microsoft services. The score is an aggregate of the security controls enabled in your environment, and the effectiveness of those controls.
For example, if the Require MFA (multi-factor authentication) for all users Identity policy is in place and all your users have enabled MFA for their accounts, you receive 30 points.
You can access your score in the Microsoft 365 security center. On the Microsoft Secure Score page you can see your Total score or drill-down into sub-scores: Identity, Data, Device, Apps, and Infrastructure. These groups measure the security of individual aspects of your Microsoft environment:
Microsoft also keeps a 90-day history of your Secure Score so you can track your progress.
Microsoft provides Improvement actions that increase your Secure Score. Each action is assigned a point value that is added to your total score once Microsoft verifies that the action has been completed. Scores are calculated and updated once per day (around 1:00 AM PST).
Microsoft also provides a Low/Moderate/High User impact and Implementation rating for each action. For example, requiring MFA for all users moderately impacts users (their login process is changed) and has a moderate Implementation cost (every user must set-up SMS text or Microsoft phone app for their additional authentication factor).
The Secure Score is an easy-to-read number that helps you understand the security posture of your Microsoft environment. It is included in most Office 365/Microsoft 365 subscriptions.
Use it to measure and track the security controls available in your Microsoft products and services. Following the recommended actions in Secure Score is a great roadmap for increasing the security of your data, users, and systems.
Maximize your cloud investment and improve your company’s cybersecurity using the features built-in to Office 365 and Azure.
Send us your information and security concerns. We look forward to learning more about your business and how we can help protect your data, users, and systems.