Microsoft Secure Score is a free tool that can help you better protect your Office 365 and on-premises Windows 10 deployments. Find out what this tool does and how it works.

Microsoft has expanded and rebranded Office 365 Secure Store, a relatively unknown security analytics tool for Office 365. Now called Microsoft Secure Score, this free tool analyzes and rates how well businesses are leveraging security measures in their Office 365 and on-premises Windows 10 environments. Besides providing a numerical security rating, the tool gives customized recommendations on how companies can improve security in their cloud and on-premises deployments.

Microsoft Secure Score is available to businesses that use one of the Office 365 business plans. To receive scores and recommendations for Windows 10 environments, companies need to be using Windows Defender Advanced Threat Protection. If they do not use it, they can still get scores and recommendations for their Office 365 environments.

A Credit Score for Cybersecurity

The rating provided by Microsoft Secure Score is designed to be a “credit score for cybersecurity” — a number summarizing a company’s current state of security. The score is based on the extent to which a business has implemented security best practices. A company is given points for using recommended security features (e.g., using two-step verification), performing security-related tasks (e.g., viewing mailbox forwarding rules every week), making certain system configurations (e.g., enabling the setting that requires the use of strong passwords), and taking other security-related actions.

You can view your company’s score, which is calculated once a day, in the tool’s dashboard. The tool also breaks down your score by environment (Office 365 and Windows) and area (app, data, device, identity, and infrastructure). In addition, graphs showing historical trends of your ratings are available. If you are curious as to how your business’s score stacks up to others, you can even compare it with the average rating of similar-sized companies, companies in a particular industry, and all tool users.

Using the Modeler to Improve Scores

Using the Microsoft Secure Score modeler, you can receive customized recommendations on how to improve your company’s score and ultimately its state of security. The modeler’s “Target Score” slider lets you select your desired score. The higher the target score, the higher the number of recommendations in the tool’s action queue.

The recommended actions are based on the devices, software, and hardware you are currently using. Each action in the queue contains:

  • A description of the action to be taken
  • The types of threats it helps mitigate
  • The level of impact on the user (e.g., low, moderate)
  • The cost to implement the recommendation (e.g., low, moderate)
  • How many points performing the action will add to your company’s security score
  • A “Learn More” link to get more information about the action
  • An “Ignore” button for when you do not want to follow the recommendation (e.g., it is not applicable because your company does not use that particular feature or service)
  • A “Third Party” option to specify that a third-party solution is already performing the action

If you have many recommendations listed in the action queue, you can filter them using a number of factors (e.g., type of action). This can make the recommended actions easier to review and prioritize.

A Useful Tool

The improvements that Microsoft made in Microsoft Secure Score has significantly increased the tool’s usefulness. It can help you find ways to better protect your Office 365 and on-premises Windows 10 deployments. Contact us if you would like more information about Microsoft Secure Score.