Office 365 is a large platform with many features and services. Secure Score taps into Microsoft Graph, which uses sets of REST-based APIs to collect information from multiple endpoints, such as Exchange, SharePoint, and Microsoft Teams. The retrieved data gets validated against the baseline Microsoft template, and then outputs not only the score but also a series of tasks that can increase the score.
The number itself, at least for me, means nothing. It is just a number, calculated from information that I as a Tenant Administrator can see and should also know. Now if you are asking me is having a high score means you don’t need anything else to protect Office 365, then I will politely let you know of your activity when it comes to Security. My personal view is that the Secure Score should go together with your regular Security Program and not replace it. Just because you move to the cloud does not negate the need for Security platforms and controls.
When accessing the Secure Score page, underneath the score, you will find the breakdown of actions that “should” be completed. These are recommended based on the current configuration, and then what makes up the baseline template provided by Microsoft.
A common task that always shows up in “Enable MFA for all global admins.”
Of course, a great recommendation, one that I highly recommend to ALL clients. For me, however, what I like is the classification of the action, along with “User Impact” and “Implementation Cost.”
Yes, Yes and Yes again. Of course, you should.
No, No and No again. The Secure Score mechanism is a great tool, notice the wording there, “a great tool” nothing else, and is not meant to be the final security control you ever implement for your organization. Though it is good, you need to look at other Microsoft and maybe 3rd Party tools, processes, and practices that will help create a great Security Posture for your organization.
Why not check out the Security in and with Office 365 using Secure Code eBook by Jethro Seghers. This eBook is solely dedicated to explaining and helping you improve the Security in and with Office 365. Download this eBook for free today!
This blog was originally posted on Liam’s blog