Threat Response Strategy
Cloud Access Security Broker
Cloud App Security
This course will explore best practices and fundamentals using Microsoft 365’s Secure Score as a primary barometer to measure protection and readiness as well as timely and effective responses to threat incidents. After completing lessons and watching video demos, students should be equipped with the knowledge and skills to protect themselves and their organizations.
- Evaluate and manage Microsoft Office 365 tenant security using Secure Score
- Manage incident investigation
- Review and manage Microsoft 365 security alerts
- General cybersecurity enthusiasts who want to stay current with best practices
- People studying for the Microsoft MS-101 exam
- Cyber security professionals/administrators responsible for the safety of an organization
- Basic understanding of Office/Microsoft 365
- Basic understanding of computer networking
- General knowledge of different threat types
In this video, we'll be exploring Microsoft Secure Score and how it can improve your organization's overall security posture. By the end of this lecture, we'll be able to identify Secure Score's benefits and how we can use it to better understand our organization's risk. Secure Score is a single number represented as a percentage, as you can see right here. It measures your preparedness for various threats. It's broken down into multiple categories as every organization has different goals for their security posture.
So, first, let's take a look at the overview screen. Here we are at security.microsoft.com. This is the homepage. From the homepage, just click 'Secure Score' and we arrive at the Microsoft Secure Score Overview page. The first thing you'll notice is your Secure Score, represented as a percentage once again, and a graphic to go along with it to show historical performance of your Secure Score. So, as you can see, in this particular example, back in August, our Secure Score was only a 29%. But since then, we've gone up to 54% and 63%. And for further detail on this track record, you can scroll down to the History.
So, you can see on August 15th, we earned 10 points by completing this particular action item requiring MFA, multi-factor authentication, for administrative roles. This is actually one of the suggested improvement actions, in this pane over here, under Top Improvement Actions. This is a list of suggestions by Microsoft. Under this list, we can see that we have six items that have yet to be addressed. You can see that by the status set as "To address". Now, I'm going to come in here and we can click on one of these improvement actions for further detail. But before I do that, I'd like to mention that if you click 'View All', this actually brings you to the Improvements tab.
So, I'm going to click 'View All' and you can see we've hopped on over to the Improvement actions, where we see a larger list of suggestions by Microsoft. And for example, this policy right here, number nine, was one that was not actually displayed on the shortlist, but it is shown here under Improvement actions, which is the full list. Again, which you can access by clicking 'View All'. When you click on the policy, the first thing you get is an explanation of the policy. Here, this policy is telling us that most compromises come from older legacy authentication.
Legacy authentication can lead to bypassing the more modern and secure multi-factor authentication, which can leave us open to a possible breach. Under Action Plan, we can tag our decision about what to do about this vulnerability. In this case, we've already completed it, but we can also choose to accept the risk if we believe it is not applicable to our organization, or also mark it as resolved by other means, either by a third party or an alternate mitigation, such as a spam filter service or firewall, for example. Also note that if you select one of the bottom three here, an action plan is required. Here you can provide your comments about your selection and also add some tags.
Over to the right, we can see under At a glance, that this is under the Identity category and it protects us against password cracking and account breaches. We're also shown which Microsoft product this policy will be configured in; in this case, Azure Active Directory. And of course, we have the scope of the impact. In this case, this policy affects all Microsoft 365 users. All policies also come with implementation instructions over to the right. Here, we can see if we have the necessary prerequisites and instruction steps as a guide to implementation. Scrolling down a little further, you can click on any of these links for further information and documentation.
So, this was an overview of the details inside of each policy. You can scroll through the ones before or after by clicking the up and down arrow. But for now, I'm just going to click 'X' to close and we're brought back to our Improvement actions screen. Now, let's take a look at the History tab. Here we have an expanded view of what we saw on our Overview page. We have a larger version of the line graph depicting our history. And on the bottom, we have a history log detailing the history of our actions and impact to our score. Moving on over to the Metrics & trends tab, we can actually set a Secure Score Zone.
So, clicking 'Add score zones', we can set a range for Good, Okay, and Bad scores. So, if my range is set to 30 and 70, the score will be Okay if it's between 30 and 70, bad if it's less than 30, and Good if it's higher than 70. Clicking 'Save and close'. We can now see our overall performance based on the Secure Score Zone that we've just set. This is going to feed into our analytics to give us a visual representation of how we're doing. It will also track our increases and regressions, which we can see by clicking 'View Current Regressed Actions', of which we don't have any, that's pretty good.
So, I can either hit 'Back' on the browser or go back to Metrics & trends. I can also click 'View History', which brings us simply over to the History tab. And now let's go back to Metrics & trends. And finally, we can see what kind of risk have we accepted. So, we just click 'View Current Risk Accepted Actions'. And again, in this particular case, we don't have any. So, to sum up, Secure Score is a very powerful tool. It helps plan for a customized security posture, identify action items to execute your plan. And once policies are implemented and your score improves, Secure Score transitions into becoming more of a monitoring tool and security management suite. In terms of reporting, Microsoft provides an API to integrate directly into Microsoft graph, as well as other power apps and services so that viewing reports is accessible by other users or stakeholders that may not have admin access. That about does it for the Secure Score overview. We'll see you in the next video.
Aaron has been in the IT industry for 10 years servicing a variety of industries, from small retail businesses to multi-billion dollar hedge funds. Specializing in workflow optimization, he has helped users at all levels increase their productivity and efficiency ranging from tasks like taking medical offices to paperless, to administering patch management, JIRA, Confluence, and other project management platforms.
Prior to starting his IT career, Aaron was a test prep teacher, helping high school students improve their standardized test scores for college admissions. He joins Cloud Academy to combine his two passions, technology and teaching.