How secure is your Microsoft 365 environment?

If you’re wondering how secure your Microsoft 365 environment really is, then it’s time to take a look at your “Microsoft Secure Score “. Secure Score is a security analytics tool that will help you understand how secure your data currently is and what you can do to improve it.

Your secure score is a numerical score based on security best practices and shows you steps you can take to increase your score – the higher your score, the more secure your Microsoft 365 environment is. It will encourage you to utilise the security features that are already available, but you may not be aware of. Since many companies use Secure Score, you will also be able to see how your security stacks up against other Microsoft 365 subscribers.

How do I find my Secure Score?

You don’t need to set anything up in order to view your score. It’s instantly available to users who are Global Administrators, Security Administrators, Security Readers or Global Readers. To get there, go to the Admin Portal, navigate to the Security Admin Center and then select “Secure Score” on the left hand menu. Your Secure Score overview will be displayed in the dashboard along with a summary of top actions you can take immediately to improve your score.

For those who are just starting out with improving security of their Microsoft Tenant, the following may be a good place to start.

1.       Multi-Factor Authentication (MFA) for Administrators

Administrative roles have higher permissions than the average user and so if their accounts are compromised, critical data may be at risk. A good place to start is therefore enabling multi-factor authentication (MFA) for administrative roles. MFA means that the user must provide two or more pieces of evidence to verify their identity to log in which makes it harder for attackers to access accounts.

Ultimately, enabling MFA for all users is best practice, but enabling it for Administrators is a great start to improving your score.  

2.       Do not expire passwords

Although this might seem counter intuitive, research has found that when password resets are enforced, passwords become less secure – users tend to pick a weaker password and vary it slightly with each reset. Microsoft therefore recommends not to expire passwords periodically unless there is a specific reason to.

3.       Do not allow users to grant consent to unmanaged applications

Third-party applications are not created by Microsoft, so there is a possibility they could be used for malicious purposes like exfiltrating your data. Attackers can maintain persistent access to your services through these integrated apps, without relying on compromised accounts. Only allow access to necessary apps that support robust security controls.

So what are you waiting for? Start improving your security today by exploring your Secure Score and learning more about the features that can help protect your organisation from threats.