Office 365 Secure Score
What is Secure Score?
Microsoft evaluates the security of each cloud customer and compiles a list of actions that can improve each customer's cloud security. These are summarized into a single number as the Secure Score. This number tells you how secure your cloud presence is. Because these are broken down by corrective action, you can also get step-by-step instructions on how to improve your security posture.
RocketCyber's Secure Score app gathers this data from all your Microsoft tenants and makes it available in a single convenient location. Our Cloud Dashboard provides a single graph that shows trends for all your customers. We also order the corrective actions so that the most important display first, and tell you how many of your customers need that particular action. The cloud dashboard can be accessed via the main menu on the left side of the screen, directly below "Defender Manager". If it does not display, ensure that you have enabled at least one cloud app.
Sometimes there are rules that are good ideas in theory, but don't really work in your situation. That's why you can whitelist items from the secure score rules. That way if you cannot hire more administrators, your customer refuses to enable two factor, or some other common business case; your display will not be cluttered with alerts for items you know will never happen. Since this is a list of work items that are needed to improve security, MSPs that bill on an hourly or per-work basis are especially fond of this app.
How Should I Use It?
The Secure Score apps essentially gives a list of actions that will improve your security posture. It is recommended you view this through the Cloud Dashboard as described above, since that gives a better overall display of all your customers' needs.
Look at the graph to get a feel for overall trends, then look at the first chart. This lists changes that would help, and is ordered so that those with the biggest impact are at the top. Work through those and decide which to implement. The directions for implementation are under details on the right side of each line.
What Do These Results Mean?
These results are different than all other RocketCyber results in that they do not represent a potential attack already in progress. Instead, these results warn you of how an intruder may attack you in the future. Therefore, it is not necessarily required that you fix all of these items immediately.
When Should I Be Worried?
The Secure Score graph in the Cloud Dashboard has been scaled to display 0-100% of all items completed. If you are consistently below 10-20%, or if your security posture has not improved over an extended period of time; these are causes for concern.
Because Secure Score represents potential future attacks, it is not an absolute requirement that they be fixed immediately. However, the longer you leave these vulnerabilities unaddressed, the more likely they will be used against you. An extended flat line on the graph indicates that you are not trying to improve your security stance. Over the long run, that is more troubling than failing to implement any one specific rule.
Should I Implement All of These?
Not necessarily. All items on the list are security best practices. However, there are sometimes business reasons to not follow a best practice. For example, it is best practice to have 2-5 admins so that losing one admin does not lock you out of the entire company; and so that the admins can check one another and ensure the other(s) aren't misusing their position.
That is a great theory...unless you are the only admin at your MSP because it is very small. That is an excellent reason to not follow this rule.