With the normalization of remote & hybrid work, companies of all sizes and industries have been looking to adopt cloud infrastructure in some way or another. The agility, availability, and productivity advantages to our end users, and our business are powerful driving forces. In fact, according to CheckPoint in 2022, “98% of organizations use some form of cloud-based infrastructure”. Cloud services and technologies have lessened the burdens of IT administrators, managers, and end users by delivering services, tools, managed applications, and virtual desktops. While these technologies afford us new levels of management, control, and observation – they do not by themselves deliver “security” or “risk mitigation” without added effort.
Thankfully, we have expert and peer-reviewed guidance from none other than Microsoft.
What is Microsoft Secure Score?
Microsoft Secure Score is the aspirational target of best practices collected and shared with the Microsoft ecosystem. It is a system used to represent how secure your Microsoft Cloud environment is in a percent value out of 100%. The lower the score, the more vulnerable your cloud environment is. Microsoft is analyzing the configurations of your Microsoft services, infrastructure, tools, managed devices, and Office applications to measure your organization's cloud security posture. This measurement is given as a score which can be viewed in the Microsoft 365 Defender Portal. The primary categories measured in the Secure Score are user identity, user devices, user applications, and user data.
Products that are measured in the Secure Score:
- Microsoft 365 (including Exchange Online)
- Azure Active Directory
- Microsoft Defender for Endpoint
- Microsoft Defender for Identity
- Microsoft Defender for Cloud Apps
- Microsoft Teams
How do I view my Secure Score?
Your Azure Cloud tenant's secure score can be accessed by going to https://security.microsoft.com - authenticating - and then clicking Secure Score in the left navigation menu. You are met with an Overview which presents your current score percentage, the fraction of points out of the total achievable points, and the breakdown of scores by category type: identity, data, device, and applications which make up your total score. You can also get insight into the history of how your secure score has changed over the last few weeks. For greater detail in history including which specific actions have contributed to the addition or regression of your score, click out of the Overview tab and into the History tab.
My Secure Score is low, how can I increase it to become more secure?
You are rewarded with points that increase your score after configuring recommended security features, doing security-related tasks, and addressing the recommended actions for third-party apps. It is worth noting that only a user account with the following permissions assigned can take action toward improving the score recommendations by making necessary changes in the tenant: Global administrator, Security administrator, Exchange administrator or SharePoint administrator. Solutions are emerging now that unify the workflow, role-based access control, and consoles needed to make a number of these changes.
Microsoft continues to encourage and lead cloud security by regularly adding data points to the Microsoft Secure Score. Security and risk management span nearly every aspect of the modern enterprise and we anticipate this will accelerate in the years to come. Everyone is on the front lines. This will certainly keep IT and security leaders busy as we head into 2023 where Cybersecurity is arguably the No. 1 focus for organizations. We know employees are going back into the office and according to IBM “the more remote workers a business has, the more a data breach will cost: a company with an 81% remote workforce will pay roughly US$2.39 million more for a breach than a company with 50% remote workers.” Don’t overlook your cloud vulnerabilities – take advantage of Microsoft’s Secure Score – it provides you with the knowledge and toolsets to begin to mitigate risk and vulnerability in your environment. The best news is based on the investments you and your company have made to be a member of the Microsoft Ecosystem – the benefits increase the more adoption you accomplish.
Zach Urrutia & T.Rex
Additional Links: https://www.microsoft.com/en-us/security/business/microsoft-secure-score
Additional Links: https://learn.microsoft.com/en-us/microsoft-365/security/defender/microsoft-secure-score-improvement-actions?view=o365-worldwide