Introducing Microsoft Secure Score for Office 365 and Windows 10


– Coming up, I’ll show you updates to
Microsoft Secure Score, a solution that
automatically rates how well you’re leveraging security patrol,
for Office 365 services, and now Windows 10. While making it easy for you
to discover and implement the security features and best
practices that will advance your organization security posture. I’m here in Secure Score,
and there are three key parts of your experience, your score, taking action, and tracking your progress over time. If you are a global or work
load administrator in Office 365, or Windows Defender
Advanced Theft Protection, you can access Secure Score
from the Security Compliance Center, or by going directly
to securestore.microsoft.com. There’s no config necessary,
no set up, it just works. When you log on to the
experience, you’ll see a Microsoft Secure Score
ready for you to review. The score is calculated
based on the controls you can configure versus what you have configured. Your Office 365 score added
to your Window’s score make up your Microsoft Secure Score. The numerator is the sum
of the security controls that you fully or partially meet. The denominator represents
the number of points that you can possibly earn, given
the set of features that you have available. So in this case, I have earned
791 points of security value and could go all the way up to 1,184. Note, you’ll only see your
Window’s score if you have Window’s Defender
Advanced Threat Protection. Now beyond the understanding
what makes up your score, we help you benchmark yourself
against organization’s of a similar seat size,
across the entire service. In the future, we will be
expanding this to an industry view. If the Office 365 average
score seems like a low number, keep in mind that
there are millions of organizations of all types
and sophistication in that calculation. But with the active seat size
average to compare against, this should make it more relevant to you. Now, if you look over to the left, you will notice your target score, this number
can be higher than your denominator, and that’s because
it includes all controls, whether you currently have
access to them or not. This shows you for any given
set of selected controls, what your score could be if
you took those recommended actions. My target is currently set
to “balance”, by moving the slider to the left, I can
select more basic level. And notice that the number
of actions I need to take decrease, while moving it to the right
makes more action items appear. As I target a more
comprehensive level of security, several control dimensions
are available, including the ability to filter controls by
user impact, implementation cost, and control type. For example, if you just want
to look up low user impact controls, you can apply the
filter and only work with those controls. Any control that is labeled
“Not Scored” is one that you can take an action of, though
we have not yet instrumented that control for points. Don’t let this stop you, if taking action improves your security, then the points will
be granted once instrumented. When you expand the control,
you see a clear, easy to read explanation of what the
risk the control is trying to mitigate. What it is we are recommending,
and what will happen to your score if you take the action. We also show you some additional data, like user impact implementation costs to help you balance your organizations
productivity against your security. Here, we are looking at enable
MFA, you see a couple of new things
here based on your feedback. I can say I already have
another solution in place today, by a third party, and we’ll
add those points to your score. Or I can opt out of the
control by selecting, “Ignore”, and those points will be
removed from your denominator. And you can click, “Learn
More”, to see an explanation of what it is we are asking you
to do, and the impact to your users, you can now take
the action to earn points. As you can see, I’m now
directed over to the Admin page for MFA, your scores
will update the next day. We also now reward you with
additional points for reviewing reports, like log-ins after multiple failures, and risky sign-ins. Additionally, you can now
search on specific controls that you may be interested
in, such as mail. This will now filter controls
that have that string in them. Now that you know how to
improve your score, you can leverage the Score Analyzer
to track your progress over time, and report your security
posture to your organization. The Secure Score summary graph
shows your score over time versus the Office 365 average. We’ve also added the ability
for you to select date ranges to assess your progress for any given day. Experience will show you your
points and controls completed on that day, along with a detailed summary of
complete and incomplete actions. And you can also compare
your score between two days by selecting, “Compare scores”. Finally, as always you can
export your score data and the list of controls to CSV or a
PDF to share with your team. So that was an overview of
the Microsoft Secure Score and recent updates. If you’re using Office 365,
or Windows Defender ATP, try it for yourself at
securescore.microsoft.com. Thanks for watching.

1 thought on “Introducing Microsoft Secure Score for Office 365 and Windows 10

Leave a Reply

Your email address will not be published. Required fields are marked *