Now, your score will be different (higher or lower) depending on the features you have enabled in Office 365 (due to licensing) or items that you may have already configured yourself. For the next two blog articles we are going to take a peek at this feature in Office 365 starting with an introduction in this article and a more in-depth article in the next few days.
Relevant Links
Introducing – Secure Score
When you first bring up the secure score, Microsoft provides a set of introductory slides at the top of the screen (which you can close once you’ve read them). These slides are intended to provide a quick preview of the features of Secure Score for those who have not read into the feature:
Just below these slides is your tenants ‘Secure Score Summary’. The graphic provides a visual representation of your score but also provides it relative to the maximum that your tenant’s maximum score could be. Note that this again will be different tenant to tenant due to the feature set or licensing that is enabled. The current maximum of overall is 452. However, in the tenant I am using, mine is 352 as of this week:
Next to this we also see a ‘What’s New’ and a ‘Risk Assessment’.
- What’s New: Provides a quick view of the new features that are now available in the Secure Score feature of Office 365
- Risk Assessment: A series of shortcuts to vulnerability assessments that Microsoft thinks you should review
Next up we have a slider called ‘Take Action, Improve Your Score’:
This nifty little feature allows you to essentially make a target score of where you would like to be and then displays a series of actions below to help you attain that score. These tasks range from securing email to enabling auditing to just reviewing reports on a timely basis for your tenant. With my tenant, my current target score of 355 there are 24 actions in my queue. When the target is increased or decreased, my task list changes as well:
As mentioned above, the score slider provides you with a list of recommended tasks to be completed in order to attain your score. This list can be long or short depending on where you are in your task to secure your tenant. Some possible actions items are listed below:
Additionally, at the very bottom of this page is link for getting advice on these changes.
The link goes to this page but is eventually redirected to here. The Tech Community page is a place where you can ask questions about a particular subject and get answers to those questions from experts in the field.
Score Analyzer
Last, but not least, is the Score Analyzer tab at the top. This tab provides a bird’s eye view of the changes over the past month or so for a tenant. This chart provides you with a quick view of your security score over time
A summary table of score vs. actions is also provided:
Finally a list of actions completed with its resulting points/score awarded is at the bottom:
What’s Next?
In my next article, I plan to provide a deep dive into using Secure Score task items to actually secure Office 365. I will talk about the action items themselves and their relative importance and real world security relevance. Look for this article soon.
Final Comments (for now)
The task list seems a bit disorganized at best and the ordering leaves much to be desired. While there are some sorting actions, I would much prefer a default sort either alphabetic or with color codes for the various levels (based on pts.) for these tasks, starting with the highest and ending with the lowest.
My second comment is that there are several tasks that show as ‘Not Scored’ and I’ve heard reports of these not always working as expected. So for these reports – YMMV.
1 thought on “Office 365 Secure Score: An Introduction”
Comments are closed.