You may not know about the Microsoft Office 365 secure score, it is a note Microsoft gives you depending on how your tenant is configured. It is part of the Security & Compliance center (https://protection.office.com)
What is surprising is that the average score for all Microsoft tenants is extremely low… So, have you checked your score yet?
Should I be worried?
Well if you have a low score… definitively!
First of all you should definitively set up the features that gives you the most points, like the option to enforce multi factor authorization for admin accounts and enabling mailbox auditing. The Exchange audit is not enabled by default. Have a look at this article to set it up.
Make sure you regularly have a look at the Azure Active Directory audit reports, especially the Risky sign-ins one, we also recommend checking the Failed login attempts report. To be sure you don’t forget to check these you can setup a reminder in Outlook. These checks will give you some additional points.
Your score may not take into account the review of some reports if you access them directly. If you want the related points to be taken into account, consult them directly from the Secure Score page, by clicking “Learn more” then “Review” for each review report recommendation.
Security in Office 365
Office 365 automatically includes many security features like the Smart Lockout, but there are some other tools that need to be configured and monitored manually, and you cannot just assume that everything will be automatically handled.
The Security Center is very powerful and Microsoft is adding new tools like the Office 365 Attack Simulator, and you should definitively have a look at it.
The secure score is a good way to have an idea of where you are. But do not focus too much on what score you obtain, instead make sure your company has clear Office 365 security policies defined.
Do you want us to check your Office 365 security? Do not hesitate to contact us.