Secure Score (part 1)

By Ashwin Venugopal -

 




To read part 2, please click here




Secure Score Explained

Microsoft secure score is termed as a measurement of an organization's security posture, with a higher number indicating more improvement actions taken and with the help of a centralized dashboard in the Microsoft 365 security center, organizations can monitor as well as work on the security of their Microsoft 365 identities, data apps, devices, and infrastructure.  Secure score helps the organizations to:
  1. Report on the current state of the organization's security posture. 
  2. Improve their security posture by providing discoverability, visibility, guidance, and control.
  3. Compare with benchmarks and establish Key Performance Indicators (KPIs).

Note: Microsoft Secure Score is a numerical summary of your security posture based on system configurations, user behavior, and other security-related measurements, but, it's not an absolute measurement of likely your system or data will be breached, whereas, it shows the extent to which the security controls have been adopted in your Microsoft environment which can help offset the risk of being breached. As no online service is totally immune from security breaches, and secure score should not be interpreted as a guarantee against security breach in any manner.

How secure score works?

Firstly, some points are given to configure recommended security features, perform security-related tasks, or address the improvement actions with a third-party application or software. Some improvement actions also gives points after the fully completion, or provide partial points after completion for some devices or users.

Secure Score represents your absolute security posture which will remain the same regardless of the product licenses your organization owns. It should be remembered that security should be balanced with usability, and not every recommendation can work for your environment.

Your score is always updated real time to reflect the information presented in the visualizations and improvement action pages. Secure score also syncs daily to receive system data about your achieved point for each action.

How improvement actions are scored?

Most of the improvement actions are scored in a binary fashion and if you implement the improvement action like create a new policy or turn on a specific setting, you can get 100% of the points while for the others, the points are given as a percentage of the total configuration. For example, if an improvement action states that you get 30 points by protecting all your users with multi-factor authentication and you only have 5 out of 100 total users secured, then, you will get a partial score of around 2 points (5 protected / 100 total * 30 max pts = 2 pts partial score).

Products included in Secure Score

Nowadays, there are many recommendations for Office 365 (including SharePoint Online, Exchange Online, OneDrive for Business, Microsoft Information Protection, and more), Azure AD, and Cloud App Security; while the recommendations for the other security products like Microsoft Defender for Endpoint and Identity, will be coming soon in near future. Although, all these recommendations don't cover all the attack surface associated with each product, but they are a good baseline and you can also mark the improvement actions as covered by a third party.     











To read part 2, please click here





















Comments

Post a Comment

Popular posts from this blog

Query, Visualize, & Monitor Data in Azure Sentinel

By Ashwin Venugopal -
Image
  Azure Sentinel Workbooks Several ready for use templates are provided by the Azure Sentinel that can be used to create your own workbook and then modify them as needed for Contoso. Most of the data connectors it uses to ingest data come with their own workbooks, but better insight can be obtained by simply looking into the data that is being ingested by using tables and visualizations, including bar and pie charts. You can also make your own workbook easily by using this data from the beginning instead of using the predefined templates. Workbook Page You can easily access the workbook page from the Azure Sentinel from the navigation pane which consists of the: Workbook header- You can add a new workbook and review the saved workbooks as well as templates that are available on the workbook page. Templates section- You can access existing workbook templates on the Templates tab. You can save some of the workbooks for quick access and they will appear on the My Workbooks tab.  From the
Read more

Planning for Implementing SAP Solutions on Azure (Part 2 of 5)

By Ashwin Venugopal -
Image
  To read part 1 please click  here To read part 3 please click  here To read part 4 please click  here To read part 5 please click  here Load Balancing The load balancer uses probe ports to determine as well as route the traffic to an active DBMS node, but of there's any failover then the most common SAP application architecture can automatically reconnect against the private virtual IP address without the need for the SAP application to reconfigure it, while the load balancer redirect the traffic against the private virtual IP address without any need for the SAP application to reconfigure. The loaf balancer also offers an option of DirectServerReturn which if configured, can help in directing the traffic from the DBMS VM to the SAP application layer directly to the application layer without routing through the load balancer. But, if it isn't configured, then the return traffic to the SAP application layer is routed through the load balancer. You can also use Azure Load Balan
Read more

Work with String Data Using KQL Statements

By Ashwin Venugopal -
Image
  Extract Data from Unstructured String Fields Unstructured string fields often contains the Security log data and requires parsing to extract data. There are multiple ways of pulling information from string fields in KQL and the two primary operators used are extract and parse.  Extract It gets a match for a regular expression from a text string. You can convert the extracted substring to the indicated type.  Arguments regex- A regular expression. captureGroup- A positive int constant indicating the capture group to extract. 0 stands for the entire match, 1 for the value matched by the first '('parenthesis')' in the regular expression, 2 or more for subsequent parenthesis.  text- A string to search. typeLiteral- An optional type literal. If provided, the extracted substring is converted to this type.  Returns If regex finds a match in text- the substring matched against the indicated capture group captureGroup, optionally converted to typeLiteral. If there's no mat
Read more