Microsoft Secure Score Actions
Microsoft Secure Score shows your security posture to protect customer privacy.
Last Review: February 26, 2020
Product(s): Office 365
Author(s): Kyle Vang
A cyberist created this article using the patented Delta Method by modernizing a typical approach.
Microsoft Secure Score is the representation of your commitment to protect customer privacy and the security posture of your organization. Despite rampant cybercrime and data breaches, few organizations have implemented built-in and often no cost cybersecurity prevention due to inconvenience misconceptions and inept cloud providers.
A low-risk security scorecard demonstrates competitive advantage versus the industry and is often requested by compliance auditors or prospective and existing customers. Ignoring security threats is considered willful neglect resulting in reputation damage, potential civil and criminal actions or penalties, and justified denial of cybersecurity insurance claims.
- Office 365 Global Admin credentials are required and AD Connect highly recommended.
- Microsoft Security Score (https://security.microsoft.com) is a consolidated score for Windows, Office 365, and Enterprise Mobility Suite (EMS).
- Microsoft Secure Score displays the score for the previous day and any improvement actions are updated in approximately 24 - 48 hours.
- Security improvement tasks will be performed at Microsoft Azure (https://portal.azure.com) and Office 365 Admin Portal (https://admin.microsoft.com).
- Office 365 Security & Compliance (https://protection.office.com) is for audit/data loss.
- Microsoft 365 compliance (https://compliance.microsoft.com) is compliance reporting.
- Cloud App Security is available for all Office 365 subscriptions, is NOT enabled by default, and should be enabled 24-48 hours before starting security improvement.
- Enabling Multi-Factor Authentication (MFA) which is the top Microsoft security recommendation.
- Exclude one break-glass unlicensed global admin from Azure Conditional Access to prevent complete tenant lockout and exclude AD Connect account from MFA.
- An announcement for security improvement actions by management must be made to staff to show leadership and security commitment by example.
- Many tasks may be performed in minutes but significant score improvements will require a least one week and up to 30 days.
|Cloud App Security||All Office 365|
|Multi-Factor Authentication||Microsoft 365 E3/E5, EMS E3/E5, Office 365 Business & E3/E5|
|Exchange Online||Any Exchange Online|
|Information Rights Management||Any SharePoint Online|
|Intune||Microsoft 365 E3/E5, Enterprise Mobility Suite E3/E5|
|Office 365 ATP||Office 365 ATP, Office 365 E5, Microsoft 365 E5|
|Azure Information Protection||Enterprise Mobility Suite E5|
|Windows Defender ATP||Windows 10 Enterprise E5, Microsoft 365 E5|
|Customer Lockbox||Office 365 E5, Microsoft 365 E5|
- Login to https://security.microsoft.com as an Office 365 Global Admin.
- Click Improve your score at the bottom of Microsoft Secure Score panel.
- Turn on Cloud App Security Console first and then click on each Improvement Action starting with Rank 1.
- Click on each Improvement Action by rank below. After reading At A Glance, User Impact, and Implementation, click Manage to update settings.
Follow-up / Testing
- Verify AD Connect status and force manual sync of both Azure and local Active Directory connections of Full Import, Full Synchronization, and Export
- Export Improvement Actions to Excel for audit reporting and marketing purposes
- Regular reporting improvement tasks must be performed from the Secure Score to update properly