Share via


[Learningpath] Secure Score

(I am writing this post in English as it is interesting for other parts in the world as well)

Intro

I talk to partners and customers a lot about security in general but about Secure Score in special. When I start the conversation regarding Secure Score I usually begin with the question:

"Do you know how secure you are / your company is?"

And the answers are typically always the same: "I am very secure! We have a brand new firewall appliance and the latest and greatest antivirus! So I think we are very secure and besides that our CI(S)O is taking care of that, so there is no issue!". Sometimes I get "we are doing pen-testing on a regular basis" also.

But it wouldn't be me getting after that: "ok, but what does that mean? Are your security efforts taking any effect? Is what you are doing 'best practice'?"

And that's the moment I get the answer "ehm…" at a 100% rate.

That's why I think it's time for a "learning path" for Secure Score that everybody interesting in security can act in the most efficient way for himself or his customers to improve the visibility of the secure efforts and finding the low hanging fruits and next steps to move up the overall security.

This learning path will have several chapters, each chapter will have a learning content (mostly videos) and a "home work" or "check your knowledge" section

Agenda

    1. What is the Microsoft Secure Score (level 100)
    2. Understanding your/your customers security posture with Microsoft Secure Score (level 200)
    3. Getting into the Secure Score discussion (level 300)
    4. Using the Microsoft 365 Security Assessment (level 300)
    5. Using the Secure Score API (level 400)

 

Chapter 1: What is the Microsoft Secure Score (level 100)

In this video you will see how Secure Score is looking and what you can expect from it.

In my own words: Secure Score is a benchmark for your Microsoft (cloud) security - based on telemetry information and your real actions in the settings and of your users.

Homework (for Microsoft partners with access to MPN):

  1. Logon to https://demos.microsoft.com  with your MPN identity
  2. Create a new tenant by
    1.  clicking "my environment" in the header navigation
    2.  clicking "create a tenant"
    3.  Selecting the right region (for Germany this is "Europe, Middle East, Africa")
    4.  Clicking on "create tenant" in the "Microsoft 365 Enterprise Demo Content" selection area.
  3. When the tenant is ready (this shouldn't take longer than seconds/very few minutes!) logon to the Secure Score of the tenant with the credentials provided in https://demos.microsoft.com
  4.  Get a feeling for the Secure Score, e.g. follow the click demo of the above video.

Chapter 2: Understanding your/your customers security posture with Microsoft Secure Score (level 200)

Homework:

In your demo tenant (see chapter 1) activate MFA for

  1. Your admins with the baseline CA MFA policy
  2. all users

by using the Secure Score.

Chapter 3: Getting into the Secure Score discussion (level 300)

This video is about understanding how to talk about Secure Score, what is "usual", what are the customers doing right now, …
The ppt of this session: https://aka.ms/stephanus/blog/lp/secscore/stayingsec-ppt

Btw. one important point from the video (and I always yell into everybody's face): admins working without MFA are acting grossly negligent! It's easy, it's cheap, it's inevitable! And Secure Score can help you easily to move to a 99.9% less attack surface with MFA! #gopasswordless

Homework:

  1. Download the PowerBI desktop client from the Windows Store
  2. Download the PowerBI template from Github
  3. Open the PowerBI template "Secure Score Blank Data Prepared Complex.pbix"
  4. Find out why your Secure Score grew/shrinked over the last cupple of days/weeks

Chapter 4: Using the Microsoft 365 Security Assessment (level 300)

There is a toolbox available for a Microsoft 365 Security Assessment. It is designed and meant to be used by Microsoft partners trained to deliver and execute this assessment. Never the less it is nowadays available for all interested persons on the planet willing to achieve more.
I described the assessment in a former blogpost. This blogpost is available in German - or using automated translation (yes, AI is still learning to better translate languages...).

  1. Read the blogpost de / en
  2. View the video starting at ~15:45min, this is only available in German
  3. Download the Microsoft 365 Security Assessment

Homework:

  1. Export your demo secure score
  2. Import it into the Microsoft 365 Secure Score Assessment Remediation Checklist Tool
  3. Design a prio list for a "contoso" customer
  4. Present your list to a colleague as it would be a real customer using the "Microsoft 365 Security Assessment-Close-out Presentation-v1.2.pptx"

Chapter 5: Using the Secure Score API (level 400)

Next to that video there is a blogpost describing how to get into the Secure Score APIs: https://aka.ms/SecureScore_APIBlog and the older blog post by Brandon Koeller.

See also the Graph API documentation!

Homework:

  1. Go to the Microsoft Graph Explorer
  2. Logon with the admin account of your demo tenant (button on the left upper side)
  3. See what you can do with the Secure Score APIs, e.g. start with https://graph.microsoft.com/beta/reports/getTenantSecureScores(period=9)/content

If you want to drill deeper into the Secure Score API go to Github and work with the provided scripts and information there. (or talk to us about potential solutions you want to develop and bring to the market!)