O365 Security

How to Assess the Security of Your Microsoft Office 365

Cloud and service-based platforms provide businesses with a quick-to-deploy and scalable solution that meets a variety of business needs. Microsoft Office 365 is one of the most widely used productivity suites in the world. Users of the suite improve collaboration and productivity with business email, cloud storage, data sharing, and other essential functions. 

Important collaboration and communication tools like SharePoint, Microsoft Teams, OneDrive, and business email are used daily within many organizations under ordinary circumstances. However, the global pandemic and the resulting explosion of remote work have made these tools indispensable. Along with the ongoing popularity of Microsoft Office 365 and the increase in cybercrime targeting potential vulnerabilities that arise from remote operations, come important security concerns. As businesses grapple with worries surrounding cloud security and the knowledge that Microsoft 365 has become a target for cybercrime, it's normal to wonder if your company's use of the popular business suite puts you at a higher risk for security vulnerabilities.

While it's true that Microsoft Office 365 is a target for attacks, using the office suite doesn't necessarily mean you're at risk. However, it is important to make sure you're taking the right steps to secure Microsoft 365 within your organization. The good news is that Microsoft is a highly secure platform with data centers that are protected by state-of-the-art security infrastructure and processes. The bad news is that you may not be using all the features offered by Microsoft to ensure your Office 365 (O365) is secure.

To determine whether your O365 is compromised or at risk, it's important to know your current security posture within Microsoft platforms and the steps you can take to improve your level of security. No platform is completely safe from the sophisticated attacks deployed by modern cyber attackers. That's why Microsoft created tools to help you assess your security within the office suite and improve the way businesses protect sensitive data.

7 Signs of a Compromised Microsoft Office 365 Account

Top Microsoft Office 365 Security Concerns

 While Microsoft provides a variety of security options, not all of them are optimized to provide the highest level of security. However, the activities within the tenants of the Microsoft platform are used for organizational actions that present security issues. These are some of the top Microsoft Office 365 security concerns among business users. 

  • Unauthorized or External File Sharing: Microsoft 365 enables users to share important data in the form of documents. When files are shared outside of an organization, they can present vulnerabilities. 
  • Privilege Abuse: Extended permissions make access to vital information more convenient. It can also increase your risk of a data breach or attack due to credential theft. These thefts are used by sophisticated attackers to move laterally through a system without detection.
  • Global Admin Account Breaches: Hackers and cybercriminals often target admin accounts in order to gain access to elevate privileges or sensitive data. With access to a global admin account, attackers can change critical settings, steal valuable data, and leave backdoors open to enter again.
  • Disabled Audit Logs: Audit recording is not enabled by default in Microsoft 365. In order to record user and admin activity, you must turn on audit logging or monitor your O365 with a SIEM system.
  • Email Attacks: 91% of cyberattacks begin with an email. By design, Office 365 email offers minimal protection out of the box to protect against phishing attacks. However, Microsoft Defender includes options for anti-phishing protection and safe attachment protection that must be enabled.

How to Determine Your Current Microsoft Office 365 Security Posture

If you're hoping to improve your security posture in Microsoft Office 365, you've likely been made aware of the potential risks, or are concerned you've already been compromised. Luckily, there are ways to determine your current O365 security level and how to address vulnerability concerns. Microsoft 365 includes a range of robust security features to determine your unique security level, address access management, threat protection, information protection, and risk management. To assess your Microsoft 365, begin by learning your Secure Score and what it reveals about your security posture.

What Is Microsoft Office 365 Secure Score?

Described by Microsoft as " a measurement of an organization's security posture, with a higher number indicating more improvement actions taken," Microsoft Secure Score is a security analytics tool that calculates a unique score for your organization based on your security efforts. A higher score indicates that the organization has many security practices in place, while a lower score shows that an organization is more vulnerable to attacks. Your secure score can help you report on the current state of your organization's security posture, improve security, compare with benchmarks, and establish key performance indicators (KPIs).

The Microsoft secure score offers more than a number grade that declares your security level. It is located on a centralized dashboard on the Microsoft Office 365 Defender portal, which includes robust visualizations of metrics and trends, integration with other Microsoft products, score comparison with similar organizations, and more.

Your secure score is calculated by the points you receive for these actions:

  • Configuring recommended security features
  • Doing security-related tasks
  • Addressing the improvement action with a third-party application or software, or an alternate mitigation

Some actions give points when fully completed while some provide partial points if they're completed for some devices or users. It's always your choice which improvement actions to enact, and each improvement should be balanced with usability. Since every network is unique, not every recommendation will work for every environment.

The secure score currently includes recommendations for these products. The recommendations don't cover all the attack surfaces associated with each product, but they provide a good baseline of your O365 security posture.

  • Microsoft 365 (including Exchange Online)
  • Azure Active Directory
  • Microsoft Defender for Endpoint
  •  Microsoft Defender for Identity
  • Defender for Cloud Apps
  • Microsoft teams

How Can I Learn My O365 Secure Score?

The Microsoft Secure Score is free to use and can be accessed in the Microsoft Office 365 Defender portal. When signed in to your admin account, you can find the option "Secure Score" located on the left side panel. The secure score is displayed on a dashboard that shows your current score and a graph that maps the historical score. The score is also broken down into different categories so you can understand which aspects are more secure than others.

When you open the secure score dashboard for the first time, it takes a few minutes to calculate your score. Your current score will appear on the left top part of the dashboard and will be calculated as a percentage. A low score means there is much work to be done, but the tool can help you determine the steps you need to take for improvement. 

Beneath your percentage score, the dashboard shows a breakdown of points by category. In the middle section of the dashboard, you'll find a list of improvement actions that can help you improve your score. The right side of the screen offers another graph that compares your current score to the scores of organizations like yours. As you work to address security issues, the score is updated in real-time to reflect changes in your security practices.

Free Download: Office 365 Mail Filtering Best Practices

How Does My Secure Score Stack Up?

After learning your Secure Score, it's natural to wonder exactly what the number means. It's important to remember that security practices should always be used to improve your defense posture against potential attacks and shouldn't be a number to achieve so you can check a box. While it may be possible to achieve a 100% secure score, it most likely isn't a practical goal for any organization that depends heavily on the products in the Microsoft Office 365 suite. Security is a vital part of keeping your organization on track. However, it must be balanced with usability for companies to retain working functions and productivity essential for success. Instead of aiming for the highest score possible, you should aim to achieve the highest score that is practical for your industry and your unique organizational network and workflows.

While Microsoft promotes the importance of having a secure network, the company also ensures its products offer the utmost usability and convenience for its users. Therefore, the company doesn't suggest a specific target for any individual secure score. A general suggestion is that a score below 65% likely means considerable security measures that are available in the Microsoft platform are being overlooked. One of the most accurate indicators of your secure score placement is the comparison graph that shows your score compared to other organizations like yours or those in your industries. Another important measure is the ability to track your secure score over time. If your score drops significantly, it's likely time to address a specific problem.

Determining how to effectively use your O365 secure score may have less to do with the percentage number than the recommendations that could result in improvements. No matter what security tools you have at your disposal, good cybersecurity practices are an essential part of maintaining a successful security posture. Although every recommendation within the secure score dashboard might not be practical for use within your network, it is important to consider how some features like multi-factor authorization can drastically improve the security of high-level accounts. Even if your secure score is average or high, considering ways to improve your score will help you further secure your network.

How Can I Improve My O365 Secure Score?

The Microsoft Secure Score is designed to provide points for completing tasks that improve your security posture. You can use the dashboard to create a roadmap to plan and implement essential security features that will better protect your network. Your secure score dashboard offers categories and benchmarks as well as a list of improvement actions that can help you raise your score. Each recommended action includes a score impact percentage to show the potential amount of points that can be gained through the completion of the action.

One of five status levels is also assigned to each task which includes addressing, planned, risk accepted, resolving through a third party, resolving through alternate mitigation, and completing. The tasks listed to improve your score are ranked by the number of points left to achieve, how difficult the task is to implement, user impact, and complexity. The tasks at the top of your list will offer a large number of points, have a low difficulty level, and have minimal user impact. 

How Improvement Actions Are Scored

Each action on your "Actions to review" list is worth 10 points or less, and many are scored in a binary fashion that addresses the completion of an action or numerical points that represent a percentage of users for which the action has been implemented. For instance, if you enable multi-factor authentication for 20% of users, you get a score of 2 out of 10 possible points. Some actions can be completed by turning on a specific setting that provides 100% of the available points for that action. 

Improve Your Secure Score With Improvement Actions

There are two basic ways to improve your Microsoft Office 365 score. You can either address the improvement actions listed on the dashboard and follow the step-by-step instructions to complete them, or list the actions as completed by a third-party application or software or through the use of an internal tool.

These steps can be followed to improve your secure score within the platform.  

  • Click on an improvement action, and a new pane appears with a description of the action. 
  • Select Manage in Microsoft 365 Defender (or select share to copy the direct link to the improvement action to share with other decision-makers)
  • When you choose to manage a recommended action, you'll be shown a step-by-step implementation guide that includes prerequisites and whether you've already met them. 
  • When you complete the required actions, the activity will be given a "completed" status. Completed actions are confirmed through Microsoft data and you can't change the status.
  • It could take up to 24 hours for your points to be recognized on your secure score.

Use the Dashboard to Create a Roadmap for Improvements

Each of the improvement actions on your dashboard begins with a status of "To Address." This simply means that you recognize the improvement action is necessary and plan to address it at some point in the future, or that actions are detected as partially completed. Other options that allow you to plan to improve your O365 posture include risk accepted, planned, or resolved through a third party. You can use these status choices as follows to prepare for the actions you'll take to improve your secure score.

  • Risk Accepted:
    In an effort to balance security with usability, there will likely be some actions your organization chooses not to take because it doesn't work for your environment. When you accept risk, you are choosing not to take the security action or complete the action for every user. The most common reason to accept risk is that the user impact is too large. This may be because the action affects many users or it will severely impact workflow functions. You will not be given any points, but the action will no longer be visible in the list of improvement actions. With accepted risks cleared out of the way, you can create a plan to address the actions you plan to address in the future.
  • Resolved Through a Third Party or Thorough Alternate Mitigation:
    If you depend on a third-party security provider or use internal security tools, you may have already completed some of the actions on the list. However, Microsoft doesn't recognize these actions because they aren't completed within the Microsoft tenants. When you select this status, you'll gain the points that the action is worth, but the platform has no real way to confirm these actions. This status can be changed if the action is no longer covered by the tool or third party.
  • Planned:
    Implementing security actions with a big user impact requires educating employees and often a multi-step process for a successful rollout. Select the planned status for actions that have concrete plans in place for completion. Planned actions do not immediately change your secure score, but they can be viewed as an "achievable score" option on your dashboard.

The Most Common Actions to Improve Your Microsoft Secure Score

  • Turn on Security Defaults: In the Azure Active Directory, improvement actions have been updated to make it easier to help protect your organization. These pre-configured settings can take care of multiple improvements with a single action. If you turn on security defaults, you'll be awarded full points for ensuring all users can complete multi-factor authentication for secure access (9 points), require MFA for administrative roles (10 points), and enable policies to block legacy authentication (7 points). 
  • Minimize Privileges With Dedicated Admin Accounts: To protect sensitive data, high-level accounts should be restricted to those who need them. Follow the principle of least privilege by providing users with accounts that limit privileges to the minimum necessary to complete a job or task. To maintain minimum privileges for all users, regularly identify and revoke excessive permissions, set expiration dates on links, and use global admin accounts only when they're required for the task at hand. Global administrators should have an additional user account for regular non-administrative tasks.
  • Enable Unified Audit Logging: Office 365 audit logs are found in the Microsoft Office 365 Security & Compliance Center. However, these logs are not turned on by default. To enable log monitoring, log into the Security & Compliance Center of your account, click Audit on the left side panel, and click the banner prompting you to start recording user and admin activity.

Implementing a Complete Security Solution

It's important to recognize that the Microsoft Secure Score is not designed to be an absolute measurement of your company's overall security posture or a measurement of how likely it is that your network will get breached. The secure score is designed to help users identify potential vulnerabilities and use related security actions to improve security. A good secure score is good to have because it represents the extent to which you have adopted security controls in your Microsoft environment. More security precautions and best practices used within any platform, network, or IT environment can improve your security posture and decrease your likelihood of becoming the victim of an attack.

Your Microsoft Secure Score is calculated by the current state of security for the applications described above and only makes recommendations for improvements to those applications. Some of the recommended improvements within the platform require additional licensing with a per-user monthly fee. Reaching a high-level secure score can offer a false sense of security if organizations fail to maintain activities that address the ever-changing cybersecurity threat landscape.

When organizations and businesses depend on the tools within the Microsoft Office 365 platforms to conduct secure activities, the security of the platform should be included in an end-to-end security solution that seamlessly integrates network security. At BitLyft, we provide unparalleled protection for organizations of all sizes by delivering the best people and software to remediate most cyberthreats in seconds. To provide the most comprehensive visibility into the activities that take place within your Microsoft 365 tenants, our experienced teams leverage Securonix Next-Gen SIEM to monitor all aspects of the cloud and streamline remediation of email-borne threats before a loss occurs.

Through integrations with Microsoft Office 365, SharePoint Online, Exchange Online, and Azure AD, Securonix leverages Microsoft's security infrastructure to collect all threat information into a single source of truth. Schedule a 30-minute needs assessment with BitLyft to get a better understanding of the ways you can better protect your organization against sophisticated cyber attacks.

Free Download: Office 365 Mail Filtering Best Practices

More Reading

email icon with a padlock
Introduction to Email Security
It's safe to say that most companies use email for a variety of business communications. In fact, it's not uncommon for all employees within an organization to have a work-related email address for...
blue world map with hexagons
What Is A Security Incident Response Plan?
Do you know how you would respond to a cyber security incident? If not, it may be time to consider a Security Incident Response Plan.
digital diagram with the words virus alert
What is SOAR and why do I need it
What is SOAR and why does your business security depend on it?