Home

Enhancing Microsoft Secure Score with Compliance and Service Health Information

In talking with organizations about Secure Score, I am excited to hear that it is just more than Security Administrators and IT Pros who are interested in the solution.  Over the past months I have heard more and more compliance administrators looking at Secure Score to see how they can partner with their security team and drive an increased security position.  We understand that many of these compliance administrator are also using Compliance Manager to help them understand the shared responsibility model reflecting both Microsoft's and their organization’s data protection and compliance posture. 

 

The Secure Score and Compliance Manager teams thought how we could make these groups better work together and understand each other’s world a bit more.  To that end we thought it would be great to surface some of Compliance Manager information in the Secure Score controls.  Today we are happy to share that this is now available.

 

As part of many Secure Score actions you will now see a new section called “Compliance Controls”.  This is where we share which standards and regulations like ISO 27001:2013 and European Union General Data Protection Regulation (GDPR) along with the corresponding control number in the standard that this action helps you meet.   In the future we plan to make more of the compliance controls hyperlinks, so you can go directly into Compliance Manager and get more information on the control about how to design your procedure and people policy.

 

compliance.jpgCompliance control information as part of a Secure Score action

 

I also know that it is frustrating when Secure Score is not updated the latest telemetry.  As you can imagine collecting and collating eighty plus signals over millions of organizations is not a simple process and sometimes we run into issues.  To help you better understand the health of the service we have introduced a way for you to see if there is an issue.  If we detect an issue with Secure Score you will see a small triangle appear right next to the date in the Microsoft Secure Score summary section.  By hovering over this, you will see information regarding the issue.

 

health.jpgHow a service health issue will be shown in Secure Score

 

We hope you find these updates useful and you can check them out now by logging in at https://securescore.microsoft.com.  If you are interested in learning more about how Compliance Manager can help you simplify your compliance process, you can read this white paper.  If you have any suggestions on other features you would like to see added to Secure Score or what additional compliance data you would like to see integrated, please share it in the comments below.

2 Comments
New Contributor

The compliance references are not included in the exports.  (CVS - Control List & CSV - Action List)  Are there plans to include those?

Microsoft

@william white No plans right now to include in csv export. We are working on incorporating this as a part of the API for November and you can extract the list via the Graph: https://developer.microsoft.com/en-us/graph/docs/api-reference/beta/resources/securescorecontrolprof...