Blog Post

Microsoft Security Community Blog
1 MIN READ

New Office 365 Secure Score features

Anthony Smith (A.J.)'s avatar
Anthony Smith (A.J.)
Icon for Microsoft rankMicrosoft
Jul 05, 2017

Since we announced the general availability of Office 365 Secure Score we have received a lot of feedback on how it could be optimized for our customer’s needs. Two requests that came up regularly were that organizations wanted Secure Score to award points in situations where a control was being met by a third party product and the ability to ignore a control because it was not relevant to them. Based on this feedback we are happy to share that these two options are now available.

 

 

By ignoring a control, we will no longer calculate this action as part of your Secure Score. Any points you have earned from this control will be removed. The control’s points will also be removed from the denominator of your score. When you designate a control as covered by a third party, we give you the full set of points for that control.

 

If at a later date want to remove the ignore or third party designation from a control, you can go to the Score Analyzer page and under the “Ignored Actions” and “Third Party Actions” tabs you can revoke these options from a control.

Updated May 11, 2021
Version 4.0
microsoft 365
security

18 Comments

Show More
  • Anthony Smith (A.J.)'s avatar
    Anthony Smith (A.J.)
    Icon for Microsoft rankMicrosoft
    Aug 15, 2017

    Hi Stephen,

    For reports, you need to launch them from the Secure Score site.  Going directly to the Azure page will not trigger the points.  The other items that are scored (like have DLP polies or having auditing enabled) does not need to be triggered from Secure Score.  You can enable these item from their native user interface.  For the "sending Outbound spam to an account" control, I don't see this in the product or the exportable control list.  The only spam related ones I see are "[Not Scored] Set outbound spam notifications" and "[Not Scored] Do not use transport white lists".  Can you clarify which control you are asking about?

  • Stephen Crowe's avatar
    Stephen Crowe
    Copper Contributor
    Aug 15, 2017

    Thanks Anthony.   So the process is to go to the Secure Score website weekly and then through the criteria and launch from there?    Going directly to Azure to run/download the reports will not trigger the score?     Also, we noticed other criteria such as "sending Outbound spam to an account", which we have had for close to a year, but that is not scored.   There are items like that that do not appear to be showing points and I just wanted to clarify what actually should be triggering each criteria.  

  • Anthony Smith (A.J.)'s avatar
    Anthony Smith (A.J.)
    Icon for Microsoft rankMicrosoft
    Aug 15, 2017

    Hi Stephen,

    If you are running/launching the reports via the Secure Score user interface then you should be getting points.  At this time we don't have a way to measure if you go directly to the report source to review the report.

  • Stephen Crowe's avatar
    Stephen Crowe
    Copper Contributor
    Aug 15, 2017

    Is there a way to get a list of the Office 365 functions that trigger a score to be calculated or not?   For example, one of the scores is for reviewing certain reports weekly.    However, we both review and download the reports mentioned in the score criteria but the score shows as 0.    It would be helpful to understand the actual field, check box, or parameter necessary to trigger a score to be fulfilled.

  • Anthony Smith (A.J.)'s avatar
    Anthony Smith (A.J.)
    Icon for Microsoft rankMicrosoft
    Jul 28, 2017

    Hi Tobias,

     

    Sorry if the post was not clear but there is no way for a 3rd party product to directly intergrate with Secure Score.  If you press the 3rd party button we don't prompt you for further info on the solution you are using to meet that control.

     

  • Tobias Zimmergren's avatar
    Tobias Zimmergren
    Iron Contributor
    Jul 28, 2017

    This sounds like a great addition;  Do you have any documentation or links for the third party integration points and capabilities?

    Thanks!

  • David Rosenthal's avatar
    David Rosenthal
    Icon for Microsoft rankMicrosoft
    Jul 06, 2017

    There should be some of these you don't allow to be ignored. The one in your picture is a good example. Save people from themselves. ;)

  • Cian Allner's avatar
    Cian Allner
    Silver Contributor
    Jul 05, 2017

    Thanks for the update, these are great additions, making Office 365 Secure Score even more agile.