{"id":1577,"date":"2018-05-08T01:00:00","date_gmt":"2018-05-08T01:00:00","guid":{"rendered":"http:\/\/inswwdev.azurewebsites.net\/au\/insights\/uncategorized\/microsoft-secure-score-five-ways-to-improve-your-office-365-security\/"},"modified":"2024-10-10T07:16:41","modified_gmt":"2024-10-10T07:16:41","slug":"microsoft-secure-score-plus-five-ways-to-improve-your-office-365-security","status":"publish","type":"post","link":"https:\/\/www.insentragroup.com\/us\/insights\/geek-speak\/secure-workplace\/microsoft-secure-score-plus-five-ways-to-improve-your-office-365-security\/","title":{"rendered":"Microsoft Secure Score + Five Ways To Improve Your Office 365 Security"},"content":{"rendered":"

Microsoft Secure Score for Office 365 is a tool that has been available in preview since mid-2016 but has matured in recent times and as of February 2018 now includes a host of new features that allows IT admins to get a snapshot view of the current state of security in their Office 365 environment. This blog will show you the benefits of using the Secure Score tool regularly to leverage all the security feature sets found natively within Office 365 to secure your users and data.<\/p>\n

\"\"<\/p>\n

What is it?<\/span><\/h3>\n

The best way to describe Secure Score is a single pane of glass that gives you instant insight into the current state of your security in Office 365. By simply visiting https:\/\/securescore.microsoft.com and signing in with a Global Administrator account, you are immediately given a score out of 364 (I\u2019m not making that number up!), administrators are easily able to identify holes in the security of their environment and are provided a list of native features in Office 365 that can be enabled to address that hole.<\/p>\n

In my demo tenant with next to no additional configuration carried out to secure the environment my score was 38. An otherwise arbitrary number, things begin to make more sense when we apply the Score Analyser tool to understand how this number came about. Things start to get interesting when using the sliding Target Score bar to increase the prospective score and are provided a list of actions to take to further increase the Security Score. The list of actions includes dozens of actionable tasks to increase your security and this list continues to grow with the maturity of Office 365.<\/p>\n

\"\"<\/p>\n

What does this mean for me?<\/span><\/h3>\n

The fancy charts and \u201cscoring\u201d system can seem a bit gimmicky at first glance but looking past that we\u2019re presented with a very accessible tool that can be run in seconds. What I find most valuable about this tool is how it can identify security actions that don\u2019t occur instinctively to IT admins. Tasks like \u201cDisable accounts not used in the last 30 days\u201d, \u201cDisable anonymous guest sharing links\u201d or \u201cEnable MFA for all global admins\u201d. These are simple tasks that take seconds to implement but unless you are aware the feature is there you may never take advantage of them. If run on a regular monthly schedule, Secure Score becomes a powerful method of keeping a finger on the pulse of the security of your Office 365 tenant.<\/p>\n

Another cool new feature set was revealed in February 2018 \u2013 you can now compare your score with the average score of Office 365 tenants in your company size range! If you\u2019re Data Security in the Cloud is \u201cbelow average\u201d wouldn\u2019t you want to know about it?<\/p>\n

Improve your Secure Score with these 5 Simple Tasks<\/span><\/h3>\n

These 5 takeaway tasks will have little to no impact on your end, take no longer than a few minutes to carry out and improve your Secure Score by a whopping 108 points:<\/p>\n

Enable MFA for all global admins<\/strong><\/p>\n

A breach of a Global Administrator account has the potential to expose the entirety of your company\u2019s sensitive data, for this reason it is most important to enable MFA for these administrative accounts. This can be done via\u00a0<\/span>https:\/\/account.activedirectory.windowsazure.com\/UserManagement\/MultifactorVerification.aspx<\/a>\u00a0<\/span>, filtering the view to Global Administrators and enabling\u00a0<\/span>Multi-Factor Auth status<\/strong>\u00a0<\/span>for your cloud only Global Admin accounts (AADP required for enabling MFA on your dir-synced accounts).<\/p>\n

Enable Mailbox Auditing for user mailboxes in Exchange Online<\/strong><\/p>\n

Mailbox auditing, not enabled by default, logs all activity for your mailboxes in Office 365. Without this feature you\u2019ll have no capability to discover any illicit access of mailboxes in Exchange Online. This feature can be enabled globally with the following PowerShell script for all user mailboxes in your Office 365 tenant:<\/p>\n

Get-Mailbox -ResultSize Unlimited -Filter {RecipientTypeDetails -eq \u201cUserMailbox\u201d -or RecipientTypeDetails -eq \u201cSharedMailbox\u201d -or RecipientTypeDetails -eq \u201cRoomMailbox\u201d -or RecipientTypeDetails -eq \u201cDiscoveryMailbox\u201d} | Set-Mailbox -AuditEnabled $true -AuditLogAgeLimit 180 -AuditAdmin Update, MoveToDeletedItems, SoftDelete, HardDelete, SendAs, SendOnBehalf, Create, UpdateFolderPermission -AuditDelegate Update, SoftDelete, HardDelete, SendAs, Create, UpdateFolderPermissions, MoveToDeletedItems, SendOnBehalf -AuditOwner UpdateFolderPermission, MailboxLogin, Create, SoftDelete, HardDelete, Update, MoveToDeletedItems<\/p>\n

Disable accounts not used in last 30 days<\/strong><\/p>\n

Dormant accounts are potential data breaches waiting to happen. By reviewing a list of accounts that have not been accessed in the past 30 days and disabling them you are patching up this security flaw and improving your Secure Score at the same time. You can view this report using the Mailbox Usage Report in the Office 365 Admin Center and sorting the\u00a0<\/span>Last activity date<\/strong>\u00a0<\/span>in ascending order.<\/p>\n

Review signs-ins after multiple failures report weekly<\/strong><\/p>\n

A risky sign in is defined as a successful sign in attempt which follows immediately after a risk event such as the register of a suspicious IP address or location. By reviewing this report you are taking due diligence in ensuring that sign in attempts are legitimate and are able to head off any potential data compromises before they take place. The link to review this report can be found in Secure Score itself, making it very convenient way to improve your Secure Score.<\/p>\n

\"\"<\/p>\n

Configure expiration time for external sharing links<\/strong><\/p>\n

By default, external sharing links have no expiration time, this is worrying as an email that contains such a link can easily be forwarded to an unintended recipient opening up the risk of company data being compromised. By enabling an expiration time, you\u2019ll greatly reduce the likelihood of this happening and improve your Secure Score at the same time.<\/p>\n

This feature can be enabled and configured in the Sharepoint Admin Center under\u00a0<\/span>Sharing<\/strong><\/p>\n

\"\"<\/strong><\/p>\n

Make sure you tune into my next blog where I\u2019ll run through ways to ensure your Office 365 mail flow has been configured securely to minimise the risk of spoofing.<\/p>\n","protected":false},"excerpt":{"rendered":"

Microsoft Secure Score for Office 365 is a tool that has been available in preview since mid-2016 but has matured in recent times and as of February 2018 now includes a host of new features that allows IT admins to get a snapshot view of the current state of security in their Office 365 environment.… Continue reading Microsoft Secure Score + Five Ways To Improve Your Office 365 Security<\/span><\/a><\/p>\n","protected":false},"author":89,"featured_media":1578,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"content-type":"","footnotes":""},"categories":[20],"tags":[],"class_list":["post-1577","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-secure-workplace","entry"],"_links":{"self":[{"href":"https:\/\/www.insentragroup.com\/us\/wp-json\/wp\/v2\/posts\/1577","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.insentragroup.com\/us\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.insentragroup.com\/us\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.insentragroup.com\/us\/wp-json\/wp\/v2\/users\/89"}],"replies":[{"embeddable":true,"href":"https:\/\/www.insentragroup.com\/us\/wp-json\/wp\/v2\/comments?post=1577"}],"version-history":[{"count":1,"href":"https:\/\/www.insentragroup.com\/us\/wp-json\/wp\/v2\/posts\/1577\/revisions"}],"predecessor-version":[{"id":6732,"href":"https:\/\/www.insentragroup.com\/us\/wp-json\/wp\/v2\/posts\/1577\/revisions\/6732"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.insentragroup.com\/us\/wp-json\/wp\/v2\/media\/1578"}],"wp:attachment":[{"href":"https:\/\/www.insentragroup.com\/us\/wp-json\/wp\/v2\/media?parent=1577"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.insentragroup.com\/us\/wp-json\/wp\/v2\/categories?post=1577"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.insentragroup.com\/us\/wp-json\/wp\/v2\/tags?post=1577"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}