Secure Score (part 2)

 




To read part 1, please click here 




Secure Score Dashboard

The secure score tool can analyze an organization's Microsoft 365 security according to the security settings across the tenant, assigns a score that can be easily tracked on time, and is designed to help an organization to create a prioritize as well as an actionable roadmap to mitigate its security risks. Global administrators can easily access Microsoft secure Score, which displays the dashboard tab at first which offers a quick view into an organization's security posture.

Overview Tab

Microsoft's improvement actions are organized into groups in order to help you with the information you require instantly:
  • Identity (Azure AD accounts & roles)
  • Data (Microsoft Information Protection)
  • Device (no improvement actions for now)
  • App (email and cloud apps, including Office 365 and Microsoft Cloud App Security)
  • Infrastructure (no improvement actions for now)
The overview page shows how to split points between these groups and what points are available, along with the entire view of the total score, historical trend of your score with benchmark comparisons, and prioritized improvement actions in order to improve your scores.

Improvement Actions Tab

This tab can list the security recommendations that can address possible attack surfaces, including their status (completed, uncompleted, resolved through third party, and ignored), along with the capability of searching, filtering as well as grouping all the improvement actions. 

History Tab

Here, you can easily view a graph of your organization's score over time containing a list of all the actions that can be taken in the selected time range and their attributes, like resulting points and category, while also customizing a data range as well as filter by category. 

Secure Score API

It's fully integrated into the Microsoft Graph which helps you to customize organization's score wherever you want it to be seen for aligning a dashboard to view all pertinent information. Some of the benefits of collecting Secure Score data through Microsoft Graph are:
  1. Monitor and report on your Secure Score in downstream reporting tools.
  2. Track your security configuration baseline.
  3. Integrate the data into compliance or cybersecurity insurance applications.
  4. Integrate Secure Score data into your Security Incident & Event Management (SIEM) or Cloud Access Security Broker (CASB) solutions to drive a hybrid or multi-cloud framework for security analytics.

After successfully setting up the Security Score API, you can PowerShell scripts to retrieve the necessary data from Secure Score.

Improve Your Security Posture

After using Secure Score tool to know the exact condition of your organization's security posture and identify the risks within your organization, you have to analyze your findings as well as plan to improve to your condition while considering the potential for risk, the difficulty of implementing proposed solutions, the time frames for implementation, and the impact to your rating according to each Microsoft 365 Secure Score action. 

Note: Planning and implementation must include all the key stakeholders in your organization, along with the Chief Information Security Officer (CISO), the IT security manager as well as the administrators who manages AD, Exchange, networking, and whatnot. 

Success Criteria

Each and every organization have different success criteria like, some of them want to hit the maximum target score, while the others just want to be somewhere in the middle, some may prefer to address only their top five items, while the others only focus on the items that needs the least amount of effort, etc. But, there are sill some common approaches that most of the companies starts to design their own security upgrade plan, for example:

  1. Enabling multi-factor authentication on all admin accounts.
  2. Designating more than one Global Admin.
  3. Enabling auditing across workloads.
  4. Enabling mailbox auditing.
  5. Having a weekly review of sign-ins after multiple failures.
  6. Having a weekly review of sign-ins from an unknown sources.
  7. Having a weekly review of sign-ins from multiple geographies.

Note: It's recommended to appoint a sponsor in order to help facilitate meetings, remove roadblocks, and make sure that the teams remains on track.

Although Secure Score tool helps you to identify potential risks as well as mitigate them, changes will always occur over time that might affect your your organization's state of security along with the addition of new administrators and users, new regulations, and new services as well as features across Microsoft 365. Hence regular running of Secure Score every 6 months or so offers you the much needed insight to mitigate any risks related with those changes.











To read part 1, please click here 



























Comments

Popular posts from this blog

Deployment (Part 3)

Deployment (Part 1)

Project Resourcing (Part 2)