Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community
New Office 365 Secure Score features
Published Jul 05 2017 07:53 AM 15.6K Views

Since we announced the general availability of Office 365 Secure Score we have received a lot of feedback on how it could be optimized for our customer’s needs. Two requests that came up regularly were that organizations wanted Secure Score to award points in situations where a control was being met by a third party product and the ability to ignore a control because it was not relevant to them. Based on this feedback we are happy to share that these two options are now available.

 

ignoresecurescore.png

 

By ignoring a control, we will no longer calculate this action as part of your Secure Score. Any points you have earned from this control will be removed. The control’s points will also be removed from the denominator of your score. When you designate a control as covered by a third party, we give you the full set of points for that control.

 

If at a later date want to remove the ignore or third party designation from a control, you can go to the Score Analyzer page and under the “Ignored Actions” and “Third Party Actions” tabs you can revoke these options from a control.

18 Comments
Silver Contributor

Thanks for the update, these are great additions, making Office 365 Secure Score even more agile. 

Microsoft

There should be some of these you don't allow to be ignored. The one in your picture is a good example. Save people from themselves. ;)

Iron Contributor

This sounds like a great addition;  Do you have any documentation or links for the third party integration points and capabilities?

Thanks!

Hi Tobias,

 

Sorry if the post was not clear but there is no way for a 3rd party product to directly intergrate with Secure Score.  If you press the 3rd party button we don't prompt you for further info on the solution you are using to meet that control.

 

Copper Contributor

Is there a way to get a list of the Office 365 functions that trigger a score to be calculated or not?   For example, one of the scores is for reviewing certain reports weekly.    However, we both review and download the reports mentioned in the score criteria but the score shows as 0.    It would be helpful to understand the actual field, check box, or parameter necessary to trigger a score to be fulfilled.

Hi Stephen,

If you are running/launching the reports via the Secure Score user interface then you should be getting points.  At this time we don't have a way to measure if you go directly to the report source to review the report.

Copper Contributor

Thanks Anthony.   So the process is to go to the Secure Score website weekly and then through the criteria and launch from there?    Going directly to Azure to run/download the reports will not trigger the score?     Also, we noticed other criteria such as "sending Outbound spam to an account", which we have had for close to a year, but that is not scored.   There are items like that that do not appear to be showing points and I just wanted to clarify what actually should be triggering each criteria.  

Hi Stephen,

For reports, you need to launch them from the Secure Score site.  Going directly to the Azure page will not trigger the points.  The other items that are scored (like have DLP polies or having auditing enabled) does not need to be triggered from Secure Score.  You can enable these item from their native user interface.  For the "sending Outbound spam to an account" control, I don't see this in the product or the exportable control list.  The only spam related ones I see are "[Not Scored] Set outbound spam notifications" and "[Not Scored] Do not use transport white lists".  Can you clarify which control you are asking about?

Copper Contributor

 Thanks AJ, that helps.  The Not Scored items were somewhat confusing and one I was referencing.   Even though we had the spam notifications set, we still had a 0 score.    It was confusing as to what Not Scored meant, even though we had the setting populated.   Security Officers tend to ask about those settings in the list whether populated or not, so the Not Scored adds a bit of ambiguity with management.  I am guessing we should just Ignore the Not Scored items even if we have them populated.

Hi Stephen,

I would recommend reviewing all the actions in Secure Score, even if they say "Not Scored".  These are still effective controls that you should consider using even though they don't give you points.  The reason we don't give you points for them yet is because the Secure Score team has not found the backend data source for the control and incorporated it into the score calculation.  We are working on reducing the number of Not Scored objects, but we have had so much feedback on the product we have prioritized other features (like the 3rd party and ignore buttons).

Microsoft

I would like to see about adding a control to disable legacy protocols of POP/IMAP if not needed by the customer. This can be done per mailbox. Set-CASMailbox user@domain.com -PopEnabled $false -ImapEnabled. In addition, consider disabling Remote PowerShell for the Users. This would not include Admins who are using Remote PowerShell in their daily tasks. Set-User -RemotePowerShellEnabled $false

Copper Contributor

Hi AJ,

How can we run a report on secure score site? i don't see an option there..

Thanks,

Prakash

Hi Prakash,

 

In the upper right of the Score Analyzer tab there is an export button that you can use.

 

export.png

Copper Contributor

I cannot export any other reports from there except Action Lists - completed and incomplete reports in the .csv or pdf file.

 

Hi Prakash,

 

There should be two lists to export.  An action list in PDF and CSV, and a control list in CSV.  Is there another type of report that you would like to see?

Copper Contributor

is the control list report you were talking about? yeah that has multiple activity logs captured.

Also, We are using MFA from third party called OKTA and i have submitted as third party for Global Admin and users couple days ago but, still i cant see the scores ( 50+30= 80) increased there! any idea? Thanks.

 

Hi Prakash,

 

The control list shows the list of controls Secure Score has and how we stack rank them.  The action list shows you the controls and their completion status.  For the points that are not registering, this is due to an issue that we discovered where the score is not updating.  The team is working to correct this.

Iron Contributor

HI Team, 

 

Any possibility to ignore a set of users from Secure Score or perhaps only target a specific group? The reason is, we see a inaccurate score just because we do not enforce all measures to all users. Hybrid users (synchronized) are a exception in our case. 

Version history
Last update:
‎May 11 2021 01:54 PM
Updated by: