I tend to spend a lot of time on the Office 365 Road Map site lately. The site publishes all of the changes that are constantly coming to Office 365. One of the released features that recently caught my eye was Office 365 Secure Score.
Office 365 secure score is an analytics tool that figures out what Office 365 services you are using and your configuration and assigns a “security” score based on what features you’ve used. The end goal is to reduce your chances of data breach and increase your overall Office 365 security. The site can be found at https://securescore.office365.com.
I LOVE that this kind of site exists, but I am frustrated that you can’t seem to select what’s most important to you and be graded against that. It’d be really useful if Security can give you a checklist of important things they expect and you ranked yourself against that as well as the overall score.
There is a slider that you can set, to give you a target. However; it’s just that and it seems very random. say I want to set the slider at 293 out of 430, what does that mean as far as tasks? I’d like the option to set the tasks and features that are important to me, and the score can be set based on that.
On the Score Analyzer section, about halfway down you do get some recommendations for Actions you have completed such as “Designating more than one global admin” and a section of Incomplete Actions that you can act on with scores attached to each. But what if multifactor authentication wasn’t important to you as a threat to data breach or security. One could argue that it’s always important, but what if it’s not a security requirement?
There’s a really nice feature to track your progress over time, and compares you to the average Office 365 score…anyways I am on the fence about this feature. I think it can be very useful, I don’t think it’s as useful as it could be.
These days I often use the feedback widget that shows up on many of the Microsoft features to let them know how I feel things could be more useful, I’ve learned at a Microsoft event recently that engineers do get those and have to review them.