Secure Score (part 2)

By Ashwin Venugopal -

 




To read part 1, please click here 




Secure Score Dashboard

The secure score tool can analyze an organization's Microsoft 365 security according to the security settings across the tenant, assigns a score that can be easily tracked on time, and is designed to help an organization to create a prioritize as well as an actionable roadmap to mitigate its security risks. Global administrators can easily access Microsoft secure Score, which displays the dashboard tab at first which offers a quick view into an organization's security posture.

Overview Tab

Microsoft's improvement actions are organized into groups in order to help you with the information you require instantly:
  • Identity (Azure AD accounts & roles)
  • Data (Microsoft Information Protection)
  • Device (no improvement actions for now)
  • App (email and cloud apps, including Office 365 and Microsoft Cloud App Security)
  • Infrastructure (no improvement actions for now)
The overview page shows how to split points between these groups and what points are available, along with the entire view of the total score, historical trend of your score with benchmark comparisons, and prioritized improvement actions in order to improve your scores.

Improvement Actions Tab

This tab can list the security recommendations that can address possible attack surfaces, including their status (completed, uncompleted, resolved through third party, and ignored), along with the capability of searching, filtering as well as grouping all the improvement actions. 

History Tab

Here, you can easily view a graph of your organization's score over time containing a list of all the actions that can be taken in the selected time range and their attributes, like resulting points and category, while also customizing a data range as well as filter by category. 

Secure Score API

It's fully integrated into the Microsoft Graph which helps you to customize organization's score wherever you want it to be seen for aligning a dashboard to view all pertinent information. Some of the benefits of collecting Secure Score data through Microsoft Graph are:
  1. Monitor and report on your Secure Score in downstream reporting tools.
  2. Track your security configuration baseline.
  3. Integrate the data into compliance or cybersecurity insurance applications.
  4. Integrate Secure Score data into your Security Incident & Event Management (SIEM) or Cloud Access Security Broker (CASB) solutions to drive a hybrid or multi-cloud framework for security analytics.

After successfully setting up the Security Score API, you can PowerShell scripts to retrieve the necessary data from Secure Score.

Improve Your Security Posture

After using Secure Score tool to know the exact condition of your organization's security posture and identify the risks within your organization, you have to analyze your findings as well as plan to improve to your condition while considering the potential for risk, the difficulty of implementing proposed solutions, the time frames for implementation, and the impact to your rating according to each Microsoft 365 Secure Score action. 

Note: Planning and implementation must include all the key stakeholders in your organization, along with the Chief Information Security Officer (CISO), the IT security manager as well as the administrators who manages AD, Exchange, networking, and whatnot. 

Success Criteria

Each and every organization have different success criteria like, some of them want to hit the maximum target score, while the others just want to be somewhere in the middle, some may prefer to address only their top five items, while the others only focus on the items that needs the least amount of effort, etc. But, there are sill some common approaches that most of the companies starts to design their own security upgrade plan, for example:

  1. Enabling multi-factor authentication on all admin accounts.
  2. Designating more than one Global Admin.
  3. Enabling auditing across workloads.
  4. Enabling mailbox auditing.
  5. Having a weekly review of sign-ins after multiple failures.
  6. Having a weekly review of sign-ins from an unknown sources.
  7. Having a weekly review of sign-ins from multiple geographies.

Note: It's recommended to appoint a sponsor in order to help facilitate meetings, remove roadblocks, and make sure that the teams remains on track.

Although Secure Score tool helps you to identify potential risks as well as mitigate them, changes will always occur over time that might affect your your organization's state of security along with the addition of new administrators and users, new regulations, and new services as well as features across Microsoft 365. Hence regular running of Secure Score every 6 months or so offers you the much needed insight to mitigate any risks related with those changes.











To read part 1, please click here 



























Comments

Post a Comment

Popular posts from this blog

Query, Visualize, & Monitor Data in Azure Sentinel

By Ashwin Venugopal -
Image
  Azure Sentinel Workbooks Several ready for use templates are provided by the Azure Sentinel that can be used to create your own workbook and then modify them as needed for Contoso. Most of the data connectors it uses to ingest data come with their own workbooks, but better insight can be obtained by simply looking into the data that is being ingested by using tables and visualizations, including bar and pie charts. You can also make your own workbook easily by using this data from the beginning instead of using the predefined templates. Workbook Page You can easily access the workbook page from the Azure Sentinel from the navigation pane which consists of the: Workbook header- You can add a new workbook and review the saved workbooks as well as templates that are available on the workbook page. Templates section- You can access existing workbook templates on the Templates tab. You can save some of the workbooks for quick access and they will appear on the My Workbooks tab.  From the
Read more

Planning for Implementing SAP Solutions on Azure (Part 2 of 5)

By Ashwin Venugopal -
Image
  To read part 1 please click  here To read part 3 please click  here To read part 4 please click  here To read part 5 please click  here Load Balancing The load balancer uses probe ports to determine as well as route the traffic to an active DBMS node, but of there's any failover then the most common SAP application architecture can automatically reconnect against the private virtual IP address without the need for the SAP application to reconfigure it, while the load balancer redirect the traffic against the private virtual IP address without any need for the SAP application to reconfigure. The loaf balancer also offers an option of DirectServerReturn which if configured, can help in directing the traffic from the DBMS VM to the SAP application layer directly to the application layer without routing through the load balancer. But, if it isn't configured, then the return traffic to the SAP application layer is routed through the load balancer. You can also use Azure Load Balan
Read more

Work with String Data Using KQL Statements

By Ashwin Venugopal -
Image
  Extract Data from Unstructured String Fields Unstructured string fields often contains the Security log data and requires parsing to extract data. There are multiple ways of pulling information from string fields in KQL and the two primary operators used are extract and parse.  Extract It gets a match for a regular expression from a text string. You can convert the extracted substring to the indicated type.  Arguments regex- A regular expression. captureGroup- A positive int constant indicating the capture group to extract. 0 stands for the entire match, 1 for the value matched by the first '('parenthesis')' in the regular expression, 2 or more for subsequent parenthesis.  text- A string to search. typeLiteral- An optional type literal. If provided, the extracted substring is converted to this type.  Returns If regex finds a match in text- the substring matched against the indicated capture group captureGroup, optionally converted to typeLiteral. If there's no mat
Read more