Topic: IT

Strengthen your Security Posture with Microsoft 365 Secure Score

Author: Zach Saltzman

Editor’s Note: This blog was originally published in July 2017. Content was updated in July 2020. 

Do you use any of the myriad of services offered by Microsoft 365? If you do, then you should know about Microsoft Secure Score. Secure Score analyzes your Microsoft 365 environment to help articulate your current security posture and provides actionable steps needed to strengthen and improve your Microsoft Cloud Security.

After companies deploy Microsoft 365 services, there is commonly a lull or period of administrative inactivity. Maybe the IT team is satisfied with a job well done after a successful implementation or they might be buried in day-to-day workloads, leaving security behind.  Although Microsoft 365 offers much better overall security than most on-premise deployments of email systems or other cloud-based email providers (Gmail), for example, it does not mean that the job is done on a security front. There are still safety configurations and organizational processes that should be followed, which can be applied to a Microsoft 365 environment to ensure that it is as secure as possible. For example, hackers from abroad can still attempt to log into your user’s account through phishing attempts or brute-force attacks.

Enter Microsoft Secure Score. The first time you run Secure Score, it creates a baseline of your Microsoft 365 environment. Now, every time you take action to secure your environment you can see your Secure Score rise, thus improving your security posture. You will be able to track your progress all the way back to the initial baseline the first time you ran the tool and have confidence that you are taking steps to help secure your organization, action by action.

The service is self-explanatory, and after it runs its analysis, you can view the details straight on the main dashboard:

Microsoft Secure Score

You will see a list of “Top Improvement Actions” and other key metrics which provide powerful statistics on where your organization’s security lies.

A common example found lacking in many organizations is MFA*, or multi-factor authentication.  When clicking through this improvement action, you will see the following which breaks down details on how you can improve.  Why let bad actors in by not implementing this?

Microsoft Secure Score

*For more information about MFA, see our blog post ‘MFA, is it enough?

Microsoft Secure Score is a fantastic resource, because it also informs you about the impact of the change on your users. Consider ‘no-brainers’ to implement as many low user impact changes are available to increase your overall security posture — low hanging fruit are quick wins! Actions that have a higher user impact require more planning but are also important to consider.

There is a core set of security recommendations and features that FMT recommends like MFA, self-service password reset, blocking legacy authentication, blocking foreign logins, and more.

So, if you are using Microsoft 365, what’s stopping you? Visit Secure Score today and find out how to improve the security of your Microsoft 365 environment! If you need help improving your overall security posture or have questions about Microsoft Secure Score and its recommendations for your company, FMT is here to help. View our Microsoft 365 Security Assessment offer!