Forum Discussion

Brandon Koeller's avatar
Brandon Koeller
Icon for Microsoft rankMicrosoft
Aug 12, 2016

Announcement: Office 365 Secure Score Released to Public Preview

Microsoft is pleased to announce the preview availability of a new security analytics service called the Office 365 Secure Score. The Secure Score is a security analytics tool that will help you unde...
  • Julian Knight's avatar
    Julian Knight
    Dec 15, 2016

    Another issue with Secure Score.

     

    "You should require that all of your users reset their password at least every 60 days"

     

    This is no longer current best practice where strong passphrases and 2FA are used since more rapid enforced change of passwords leads to the use of weaker ones.

VasilMichev's avatar
VasilMichev
MVP
Aug 12, 2016

Wasn't it in Preview already? Or was that Private? Cause the links were publicly accessible and I've even showcased it on a local user group session... whoops? :)

 

Anyway, the idea is awesome, the tool was lacking some stuff last time I tried it though. Will give it a spin over the weekend and report back :)

 

  • Brandon Koeller's avatar
    Brandon Koeller
    Icon for Microsoft rankMicrosoft
    Aug 12, 2016

    Hey Vasil!

    Yep, it was in an alpha preview and was based on a manual collection of data via powershell. The new site is a non-alpha preview, and the collection is all automated. We've done a lot of work to refine the consumption experience, and have around 30 controls' worth of data collection automated. Goal is to have all 77 controls automatically collected, and to have all controls with a two-click remediation. Feedback is greatly appreciated!

    Thanks,

    Brandon Koeller

    • VasilMichev's avatar
      VasilMichev
      MVP
      Aug 14, 2016

      Well, I do miss the PowerShell bit - always good to know what exactly a tool is doing. In this regard I do think you should update the consent part, for example make sure that the publisher is listed as Microsoft, and provide a clear explanation why you need the type of permissions ("write directory data" can be a hard sell to some organizations as it can easily be taken out of context).

       

      Other that that - it's cool. Obviously needs some more work, lots of UI glitches, lots of missing/inactive controls, but overall I like it. A "rescan" button might be handy? Also some sort of filter/template per industry or per security standard, so that people can easily check where they stand in terms of meeting compliance for their particular needs.

       

      Will do a more detailed review/blog post in the next days and send some additional feedback your way. Lots has changed in the service since the last time I spammed o365securescore@microsoft.com :)

Resources