Office 365 has launched a new service called Secure Score which analyzes your Office 365 deployment and gives a numerical rating.
Secure Score gives you a different way of managing your risk. Rather than reacting or responding to security alerts, the Secure Score lets you track and plan incremental improvements over a longer period of time.
The Secure Score does not express an absolute measure of how likely you are to get breached. It expresses the extent to which you have adopted controls which can offset the risk of being breached.
In running this tool for the first time I was surprised to see some of the areas that we had neglected to implement and also areas that were ranked that will never be implemented by us. Getting a near perfect score will be tough for any enterprise. But, this is a great starting point for looking into your deployment.
Secure Score figures out what Office 365 services you are using, then looks at your configuration and behaviors and compares it to a baseline asserted by Microsoft. If your configuration and behaviors are in line with best practices, you will get points, which you can track over time.
When I first ran the tool I had a score of only 48, out of a possible 243. Above is a small sample of the areas that were checked. To the right shows your score in each area and then a drop down of what can be improved.
I suggest everyone that runs Office 365 run Secure Score as they fully develop and tune the tool. The more environments that use it, the better the best practices and capabilities will be in the actual scoring mechanism.