What’s your Secure Score?
On 10th February, Microsoft officially launched Office 365 Secure Score as part of a number of new capabilities designed to enhance the way you manage risk within your environment. Originally announced at Microsoft Ignite 2016, Secure Score has been introduced to provide you with improved visibility of your Office 365 security configurations.
How does Office 365 Secure Score work?
As the name suggests, Office 365 Secure Score evaluates your security configurations, and offers you an immediate insight into how well you’re doing in the form of a numerical score. To do this, it looks at two key pieces of data:
- The total number of security controls you could theoretically be utilising based on your existing Office 365 plan
- The actual number of security configurations you have either fully or partially adopted within your Office 365 environment
As you can see below, the total possible security controls could be 273, but if you were only utilising 58, your Office 365 Secure Score would be 58 out of 273.
Whilst the number itself is a great indication of where, or if, there’s room for improving the security configurations within your environment, a greater level of detail is readily available through the ‘Score Analyzer’ component.
With your score in mind, Score Analyzer allows you to drill down further into the data – and importantly, do so over time.
In the screenshot above, you can see just what Score Analyzer offers:
- Your Secure Score against the Office 365 average (and if either have changed over time, how so)
- Your score broken down into ‘Account’, ‘Data’ and ‘Device’ sections
- The actions available to increase your score, again broken down into each of the above three sections
- The ability to change the date period for the data being viewed
By keeping track of your score and all associated actions continually, you can gain a clear idea of which improvements have increased your Secure Score, when they happened and what the effect of said improvements were. What’s particularly useful is Secure Score doesn’t expect you to fully understand exactly what should be actioned to increase your score. Instead, it provides clear information on the steps you should take to enhance the security of your Office 365 environment.
The actions are prioritised in a way that starts with the impact they’ll have both in terms of increasing your security position and the effect it’ll have on end users. The change that would result in a greater increase in your security position but have a low impact on end users will be one of the first to be suggested. There is full filtering capabilities to give complete control over your security improvements. Although the data is gamified in the way it’s displayed, the result of following any recommendations shouldn’t be overlooked. Every incremental change that you make could reduce the likelihood of any potential threats.
Office 365 Secure Score helps you take a truly holistic approach to security; providing a full and comprehensive view over your environment’s configurations. The data available within Secure Score alone can offer guidance on all aspects of protection – from strengthening your risk controls through to mitigating any potential losses. Interestingly, casualty insurer The Hartford have officially stated they will recognise Office 365 Secure Scores within their cyber insurance underwriting process. Simply put, the greater your Secure Score, the more positive of an impact it could have on associated and relevant insurance policies.
What’s more, as we touched on above, you can easily compare your score to that of the other 85 million commercial Office 365 users quickly and easily. Whilst the focus should always be on achieving the highest score possible for your own environment, it’s always interesting to see how you measure up to your peers.