Office 365, cloud services in general and security, lengthy debates have been conducted. Cloud services have proven their reliability in security and the safety of our data. Many security papers and thesis’s have been written about the topic, all saying the same thing, your data is safe when using the established cloud services like Office 365, GSuite, Dropbox, etc.
But how about the administrator side of the story, how are we doing in securing our data on Office 365? Do we put in the same amount of effort as Microsoft and other providers or are we, the Office 365 administrators the weakest link in the security chain? Well, with Secure Score (https://securescore.office.com/) you can verify how well protected your Office 365 tenant is. The only thing you need to do is login to your tenant with a global administrator and let the Secure Score report be generated.
Immediately you will receive a score that represents how well your Office 365 tenant is configured when it comes to security. The dashboard will show your score and also the necessary actions you can take to increase that score.
It will also show your targeted score when your perform all the suggested actions. In my test case, performing the 24 actions would allow me to increase my score from 72 to 333. Some actions are some basic actions that everyone should be using, like MFA for global administrators, audit logging, etc. but some suggestions also include more in depth and business driven actions like Data Loss Prevention, reviews of Exchange security reports, etc.
On the Score Analyzer, you will notice a nice graph that shows how your Secure Score has improved (or not) over time when you start applying the different rules suggested in the Secure Score Dashboard. Additionally you get a detailed overview of the actions you have implemented and how they are calculated in your Secure Score. In the tab ‘Incomplete Actions’ you get a full overview again -as on the Dashboard- of the actions you should complete to maximize your Security Score. What is really neat is the learn more button.
It shows you what you are about to change, which users to change it on and what the effect will be for the users.
So even if security is not your main driver in your Office 365 setup, these free security assessment is definitely worth your time and trouble to check it out.