Microsoft Secure Score: Why your Business Will Benefit

Cloud security is becoming a top priority for organizations. One reason is breaches have been on the rise, creeping up on even the most reputable companies. These attacks are becoming more sophisticated and aggressive.

Cybercrime Magazine estimates that the cost of security breaches will reach $8 trillion in 2023, affecting organizations of all sizes. With this in mind, businesses are willing to spend a large part of the budget to protect their investments. If even the largest companies are vulnerable to an attack, what can companies do to reduce the chances of a breach?

A great place to start is discovering your Microsoft 365 Secure Score.

What is Microsoft 365 Secure Score?

Microsoft 365 Secure Score is a tool that analyzes an organization’s security posture. Upon completion of a scan, a score is identified, showing how secure the network is. A higher score indicates a well-protected network, while a lower score shows that an organization is more susceptible to attacks.

This number is a relative score rather than an absolute score, based on protocols your organization enforces. Upon receiving a score, you will have a broad assessment of your security vulnerabilities and will have the necessary data to increase the security of your network. 

This score can be viewed in the Microsoft 365 Defender Portal and is measured on a 0-100 scale.

Download our free whitepaper here to find out more detailed info on how to improve your secure score: 

Ultimate 10 Step Guide to Boosting your Microsoft Secure Score

The next question to take into consideration is what does Secure Score measure?

4 Quadrants of Secure Score 

To help you find which area a company is doing well, 4 quadrants of security are outlined below:

• Identity (Azure Active Directory accounts & roles)
• Device (Microsoft Defender for Endpoint, known as Microsoft Secure Score for Devices)
• Apps (email and cloud apps, including Office 365 and Microsoft Defender for Cloud Apps)
• Data (through Microsoft Information Protection)

Below is a brief video expanding on Microsoft Secure Score:

Benefits
 

A major appeal of Secure Score is the simplicity it offers. The overview is clear, the improvement suggestion actions are to the point, and the ability to monitor changes over time provide instant feedback. 

After receiving a Microsoft 365 Secure Score, companies receive the following benefits:

• A panorama of its current security standing
•  A proactive approach to security. 
• Visibility and guidance to improve a network's protection
• Key Performance Indicators (KPIs) vs. other organizations in your industry
• Ability to contrast the current state of the network with historical benchmarks
• Suggestions on actions to solidify the network and close security gaps
• Use of visuals in the form of graphs and charts for easy consumption
• Align the network around NIST compliance
• Provide a clear report, easy to consume by senior managers 
  

Deployment of new technology is much easier for organizations who have confirmed their Microsoft Secure Score. They require little technical intervention when areas of its network are fortified. With the clarity provided by Secure Score, the most important security work can be identified and completed. Upon completion, an organization's workforce is freed up to complete work to better manage operations.

Benefits of Identity Score 

There is a new secondary score, alongside Microsoft Secure Score, called Identity Score, presented by Microsoft in the last year. 

The Identity Secure Score is a new function designed to help customers assess if their security policies align with Microsoft’s recommended best practices. It can be thought of as a subset of Security Score in the Azure Directory Admin Center.

Why Should You Use Microsoft Secure Score?

As cyber threats become more sophisticated, even the smallest of gaps can be exploited. By addressing this security measurement and following the suggested action items, you will have objective criteria that can raise your network's defenses. 

Secure Score is a convenient framework to reference for improving your organization's security. The score provides clarity into the specifics of your network, allowing your company to set goals, measure improvements, and receive recommendations for next steps.

Recommendations from Secure Score are designed for Microsoft products specifically. You will not be getting generic security advice, but a clear plan of attack that is meant to work with Microsoft.

What Microsoft Secure Score Does 

• Secure Score analyzes the most common O365 apps that a company uses. (Exchange, OneDrive, SharePoint, etc.). It reviews settings and activities on a baseline set by Microsoft. Your score will show if you’re aligned with HIPPA and NIST compliance, along with similar organizations’ best practices.
  
  
• In the overview page, your rating is separated into categories. Here you can find out where your network can gain points.
  
  
• Later on, get a view of the scores of where your network stands in comparison to industry leaders who set the standard 
  
  
• Lastly, learn action plans that will improve your score.
  
  
• Create a full inventory of all the security configurations that reduce risk. Each control that reduces risk is calculated with points. More important controls are weighted more heavily and measured by how they are implemented in your network.

Improve Your Score

The score your network receives after analysis is ultimately an estimate of the overall scope of security. One of Secure Score's main functions is to provide insight on how to improve your organization’s infrastructure security.

Ways to improve your score include configuring security features, performing security-related tasks, and performing actions such as enabling multi-factor authentication.

Secure Score is a direct reflection of the Microsoft services your organization uses, like Outlook, Sharepoint, and One Note. When a company logs more usage, hackers have more data to work with to collect information.

So, the higher the usage, the more security a company should have to balance its volume. All security controls have a user impact component. Controls with low user impact will have little to no effect on your users’ day-to-day operations.

For more detailed info on improving your score, download our free whitepaper here:

Ultimate 10 Step Guide to Boosting your Microsoft Secure Score

Can Secure Score be applied to all Microsoft Services?

These are the products that are taken into secure score calculation: 

• App Governance 
• Azure Active Directory 
• Microsoft 365 (including Exchange Online & SharePoint Online) 
• Defender for Endpoint 
• Defender for Identity 
• Defender for Office 
• Microsoft Defender for Cloud Apps 
• Microsoft Information Protection 
• Microsoft Teams 
• Salesforce
• ServiceNow

Discover your Current Secure Score

If you want to know your current score, go to the Microsoft Secure Score overview page and look for the tile that says Your Secure Score. Your score will be shown as a percentage in addition to the number of points you've achieved out of the total possible points.

Below are secondary scores you can test for to get a forecast of future scores when actions are taken:

• Planned score: Show projected score when planned actions are completed
• Current license score: Show score that can be achieved with your current Microsoft license
• Achievable score: Show score that can be achieved with your Microsoft licenses and current risk acceptance

How Does Microsoft Calculate a Secure Score?

Microsoft adds points for each security requirement you meet. Most sections give out full points only if you complete an action fully. If the action is still in the process of deployment, or only halfway done, the score may be translated to 0.

The Microsoft Secure Score keeps separate reports for micro and macro analysis. There are secure reports for each individual category of focus and overall section scores. The overall secure score will be written as a percentage.

What security score is high? 

• 30% and under means you are highly vulnerable and need to address your network as soon as possible.
• Below a score of 50% indicates that best practices have not been fully applied
• 67% is a score you can expect for a tenant that is configured to practices with all security features enabled
• 80% and up is the score that separates your company from its competition in terms of your protection stance.
  
  

Comparing Your Microsoft Secure Score

A feature of Secure Score includes an analysis of the average scores for companies of similar size to yours. These comparisons provide a benchmark for you to strive towards against competitors. This context is vital because companies of different industries and of varying sizes have different challenges.

Within the test, a general score for Microsoft Office products is available, setting a standard for companies to reach.

What Settings Improve Secure Score

Configuring a few settings can boost your organization’s secure score. Users don’t require any advanced subscriptions to configure these settings. Upon completion, they will have a direct effect on your score.

• Turn off Exchange Online Calendar being shared with external users. 
• Configure the users which present in Teams Meetings.  
• Invited registrants should be automatically admitted to Teams meetings. 
• Place restrictions on anonymous users joining meetings. 
• Restrict anonymous users from starting meetings. 
• Keep only a few users maintaining control in a Teams meeting. 
• Keep incoming callers from bypassing a meeting lobby. 

Microsoft has clarified that the full number of points will be given if specific security defaults are enabled. Since Microsoft is making security defaults available to everyone, they are free of cost. A few examples of ways to stack points are listed below:

• Ensure all users can complete multi-factor authentication for secure access (9 points) 
• Require MFA for administrative roles (10 points) 
• Enable policy to block legacy authentication (7 points) 

Who Can View Microsoft Secure Score?

Secure Score can only be accessed by members of the following Azure Active Directory roles. 

Full Access: Global Administrators, Security Administrators, Exchange and Sharepoint Administrators 

Read- only Access: Helpdesk, User admin, Service support, Security reader, Security Operator, Global Reader

What Details Does Microsoft Secure Score Graph Provide?

By using Microsoft Secure Score, you can see how well your company performs in terms of cybersecurity.

Two types of Scores Views

• You can view the comparison trends between your organization and competitors close in size. On the Metrics & Trends tab, examine how your Secure Score graph has developed over time. 

Comparison Trend

• In the history tab, you look into the activities that have affected your score. Further, customization of features like date range, score change, category, product, and update type can be made. 

Secure Score Necessity

The security of organizations must remain a top priority. By knowing what parts of your company are protected, and on the other hand, which parts are vulnerable, you are one step closer to transforming your security.

Download our free whitepaper here to learn the top 10 ways you can drastically improve your secure score.

Datalink Can Help 

Datalink Networks offers Microsoft Secure Score Service Offer to provide a baseline report on your organization’s security posture. 

Datalink Network’s expanded Secure Score Service Offer includes the following reports in a bundle to provide a holistic, objective measurement of network security.  

The reporting tools that we use are the following:

Microsoft Secure Score | Microsoft Learn

Email Threat Scanner (barracuda.com)

Barracuda Data Inspector | Barracuda Networks

Active Directory Password Filter - Specops Password Policy (specopssoft.com)

We use these reports and deliver a security posture report that can serve as a baseline of understanding your company's IT needs. The benefits to this service are two-fold (1) we reduce the burden of IT work on your organization (2) we train existing staff on how to utilize security measurement tools to improve your organization’s security posture.

Datalink's Team and Service 

Security work is performed by our Microsoft Security Certified engineering team.  Our team has deep experience designing enterprise level networks systems, and cloud security services.  Clients receive 6 hours of Sr. Engineering Consultation from our team during the report build and delivery process at no charge.  

The total timeline to accomplish this review from start to finish is less than 30 days. At the conclusion of the service offer process, all documentation will be turned over to you and your team with the option for any follow-up questions or action suggestions.

Contact Datalink Networks today to find out how to get started with this service at no charge.