Microsoft Secure Score + Five Ways To Improve Your Office 365 Security

Microsoft Secure Score for Office 365 is a tool that has been available in preview since mid-2016 but has matured in recent times and as of February 2018 now includes a host of new features that allows IT admins to get a snapshot view of the current state of security in their Office 365 environment. This blog will show you the benefits of using the Secure Score tool regularly to leverage all the security feature sets found natively within Office 365 to secure your users and data.

What is it?

The best way to describe Secure Score is a single pane of glass that gives you instant insight into the current state of your security in Office 365. By simply visiting and signing in with a Global Administrator account, you are immediately given a score out of 364 (I’m not making that number up!), administrators are easily able to identify holes in the security of their environment and are provided a list of native features in Office 365 that can be enabled to address that hole.

In my demo tenant with next to no additional configuration carried out to secure the environment my score was 38. An otherwise arbitrary number, things begin to make more sense when we apply the Score Analyser tool to understand how this number came about. Things start to get interesting when using the sliding Target Score bar to increase the prospective score and are provided a list of actions to take to further increase the Security Score. The list of actions includes dozens of actionable tasks to increase your security and this list continues to grow with the maturity of Office 365.

What does this mean for me?

The fancy charts and “scoring” system can seem a bit gimmicky at first glance but looking past that we’re presented with a very accessible tool that can be run in seconds. What I find most valuable about this tool is how it can identify security actions that don’t occur instinctively to IT admins. Tasks like “Disable accounts not used in the last 30 days”, “Disable anonymous guest sharing links” or “Enable MFA for all global admins”. These are simple tasks that take seconds to implement but unless you are aware the feature is there you may never take advantage of them. If run on a regular monthly schedule, Secure Score becomes a powerful method of keeping a finger on the pulse of the security of your Office 365 tenant.

Another cool new feature set was revealed in February 2018 – you can now compare your score with the average score of Office 365 tenants in your company size range! If you’re Data Security in the Cloud is “below average” wouldn’t you want to know about it?

Improve your Secure Score with these 5 Simple Tasks

These 5 takeaway tasks will have little to no impact on your end, take no longer than a few minutes to carry out and improve your Secure Score by a whopping 108 points:

Enable MFA for all global admins

A breach of a Global Administrator account has the potential to expose the entirety of your company’s sensitive data, for this reason it is most important to enable MFA for these administrative accounts. This can be done via , filtering the view to Global Administrators and enabling Multi-Factor Auth status for your cloud only Global Admin accounts (AADP required for enabling MFA on your dir-synced accounts).

Enable Mailbox Auditing for user mailboxes in Exchange Online

Mailbox auditing, not enabled by default, logs all activity for your mailboxes in Office 365. Without this feature you’ll have no capability to discover any illicit access of mailboxes in Exchange Online. This feature can be enabled globally with the following PowerShell script for all user mailboxes in your Office 365 tenant:

Get-Mailbox -ResultSize Unlimited -Filter {RecipientTypeDetails -eq “UserMailbox” -or RecipientTypeDetails -eq “SharedMailbox” -or RecipientTypeDetails -eq “RoomMailbox” -or RecipientTypeDetails -eq “DiscoveryMailbox”} | Set-Mailbox -AuditEnabled $true -AuditLogAgeLimit 180 -AuditAdmin Update, MoveToDeletedItems, SoftDelete, HardDelete, SendAs, SendOnBehalf, Create, UpdateFolderPermission -AuditDelegate Update, SoftDelete, HardDelete, SendAs, Create, UpdateFolderPermissions, MoveToDeletedItems, SendOnBehalf -AuditOwner UpdateFolderPermission, MailboxLogin, Create, SoftDelete, HardDelete, Update, MoveToDeletedItems

Disable accounts not used in last 30 days

Dormant accounts are potential data breaches waiting to happen. By reviewing a list of accounts that have not been accessed in the past 30 days and disabling them you are patching up this security flaw and improving your Secure Score at the same time. You can view this report using the Mailbox Usage Report in the Office 365 Admin Center and sorting the Last activity date in ascending order.

Review signs-ins after multiple failures report weekly

A risky sign in is defined as a successful sign in attempt which follows immediately after a risk event such as the register of a suspicious IP address or location. By reviewing this report you are taking due diligence in ensuring that sign in attempts are legitimate and are able to head off any potential data compromises before they take place. The link to review this report can be found in Secure Score itself, making it very convenient way to improve your Secure Score.

Configure expiration time for external sharing links

By default, external sharing links have no expiration time, this is worrying as an email that contains such a link can easily be forwarded to an unintended recipient opening up the risk of company data being compromised. By enabling an expiration time, you’ll greatly reduce the likelihood of this happening and improve your Secure Score at the same time.

This feature can be enabled and configured in the Sharepoint Admin Center under Sharing

Make sure you tune into my next blog where I’ll run through ways to ensure your Office 365 mail flow has been configured securely to minimise the risk of spoofing.

Join the Insentra Community with the Insentragram Newsletter

Hungry for more?

[Secure Workplace]

Service Trust Portal – Part 2

By [Dan Snape]

In my last blog I provided some insights into the Microsoft Service Trust Portal and Compliance Manager. In this blog I want to dig a bit deeper into the Compliance Manager Assessments. As we know, Assessments apply to one of the Microsoft cloud services and either a standard (for example ISO-27001-2013) or a regulation (for example GDPR).

[Secure Workplace]

Veritas Risk Advisor & How Insentra can help you

With Veritas Risk Advisor, Insentra can perform an IT Risk Assurance assessment for one or more of your critical business services that are configured in a highly available manner with replication to a secondary datacenter.

[Secure Workplace]

Are you Smart Enough to Protect your Data?

Australians take heed! 69% of Americans think having their personal information stolen in their lifetime is inevitable.