Office 365 secure score overview

What is Secure Score?

Microsoft evaluates each cloud customer's security and compiles a list of actions that can improve each customer's cloud security. These are summarized into a single number, the Secure Score. This number tells you how secure your cloud presence is. Because these are broken down by corrective action, you can also get step-by-step instructions on how to improve your security posture.

RocketCyber's Secure Score app gathers this data from all your Microsoft tenants and makes it available in a single, convenient location. Our Office 365 Manager provides a single graph showing all your customer's trends. We also order the corrective actions so that the most important is displayed first and tell you how many of your customers need that action. To access the Office 365 Manager, go to the left menu and click Office 365 Manager. If it does not display, ensure you have enabled at least one cloud app.

Sometimes, certain rules may seem like good ideas in theory but may not work in your specific situation. This is why you can allowlist items from the secure score rules. For instance, if you cannot hire more administrators or your customer refuses to enable two-factor authentication (or if there are other common business constraints), your display will not be cluttered with alerts for items that are unlikely to happen. Since this is a list of work items needed to improve security, MSPs that bill hourly or per-work especially appreciate this app.

How should I use it?

The Secure Score app essentially provides a list of actions that will improve your security posture. It is recommended that you view this through the Office 365 Manager, as it offers a better overall display of all your customers' needs.

Start by examining the graph to get an understanding of overall trends. Next, look at the first chart, which lists recommended changes in order of potential impact, with those having he most significant effect at the top. Work through these suggestions and decide which ones to implement. Detailed implementation guidelines can be found on the right side of each item.

What do these results mean?

These results are different from all other RocketCyber results in that they do not indicate a potential attack already in progress. Instead, they highlight how an intruder may attempt to attack you. Therefore, you are not necessarily required to fix all of these items immediately.

When should I be worried?

The Secure Score graph in the Office 365 Manager is scaled to display 0-100% of all items completed. If you consistently score below 10-20% or if your security posture has not improved over an extended period, that should raise concern.

Since Secure Score represents potential future attacks, it is not imperative to address all vulnerabilities immediately. However, the longer you leave these issues unresolved, the more likely they will be used against you. An extended flat line on the graph indicates that you are not actively trying to improve your security posture, which can be more troublesome than failing to implement any single specific rule.

Should I implement all of these?

Not necessarily. While all items on the list are considered security best practices, there may be legitimate business reasons for not following every guideline. For example, it is generally recommended to have 2-5 admins so that losing one admin does not lock you out of your company and enables checks and balances among admins to prevent misuse.

This is a sound theory—unless you are the sole admin at a very small MSP. In such a case, there is a valid reason to deviate from this guideline.

	Need troubleshooting help? Open the Kaseya Helpdesk.
	Want to talk about it? Head on over to the Community!
	Have an idea for a new feature? Want to learn about upcoming enhancements? Visit the Ideas forum!
	Provide feedback for the Documentation team.