Microsoft released the preview availability of a new security analytics service called the “Office 365 Secure Score”
What is Office 365 Security Score?
Office 365 Security Score is a security analytics tool which will help you to quickly evaluate your Office 365 security settings based on industry standard and give you score for your security adoption. This tool additionally allows you to improve your security score by doing some recommended action.
How the Secure Score is Calculated?
First, the total available points for your tenant is calculated by accounting the services which are active or enabled in your tenant. Next, your tenant score is calculated by checking all the security settings applied to those services. Once both the point is calculated you get your Secure Score.
There are totally 77 security actions are identified and implemented in the current preview.
How to Access this Tool?
You can head to https://securescore.office.com to access this tool. You need to a global admin in order to use this tool.
- Target Score : It allows you to set your target score, and list out the necessary security changes that need to be applied to achieve that score.
- Take Action : Helping you figure out which actions to take to improve your score is the purpose of the Secure Score.
- Compare Your Score : It allows you to compare your score with the O365 average score. The Office 365 Average Secure Score is calculated from every Office 365 customer’s Secure Score.
- Score Analyser : It shows you the trend map of your score alone with the industry average. This data can be exported to PDF or CSV format.
- Risk Assesment : It shows the top threats in the tenant and gives the particular configuration and behaviours.
You can see the Microsoft release announcement about this tool here.
Microsoft just announced the preview of Azure AD Conditional Access policies for Exchange and SharePoint Online. This option allows us to enable multi-factor authentication (MFA) or block access based on network location. These policies will only work on Exchange and Sharepoint Online. This will be helpful to improve the security of Exchange and Sharepoint.
As part of the current preview release, the following rules are supported in Exchange and SharePoint Online:
- Always require MFA
- Require MFA when not at work
- Block access when not at work.
Microsoft recommends enabling these polices alongside risk based Conditional Access policy available with Azure AD Identity Protection. The risk based policies give an advanced baseline of coverage, challenging users for MFA or blocking access as risk is detected. Then apply a per-application policy, like always requiring MFA, for services with additional security or compliance requirements.
>Know more about conditional access
>See the Microsoft Announcement
When you try to create a new group in Office 365 Admin Center you will be provided with 4 options.
- Distribution lists : Allows you to send email to all members of the list. You can even allow people outside your organization send email to a list.
- Security groups : Allows you to control access to OneDrive and SharePoint and are used for Mobile Device Management for Office 365.
- Mail-enabled security group : Security groups with mailing option.
- Office 365 groups : This is a great way for teams to collaborate by giving them a group email and a shared workspace for conversations, files, and calendar events.
In the above list, there will be always some confusion about Office 365 Groups as it is the new addition. Now let us see the benefits of Office 365 groups over Distribution lists.
1. Every Office 365 Group has a shared mailbox with a searchable history of email conversations within the group, so new members have access to all of the content and context that predates their membership
- With a Distribution Group, new members only see discussions starting from when they joined
2. By default, Office 365 Groups are ‘public,’ i.e., discoverable for users within your Office 365 tenant. That makes it easy for people in your organization to search for a topic name and/or description and join any related groups.
- Distribution Groups are often searchable by name only
3. Office 365 Groups provide a convenient self-service option for an organization’s users to create new groups, as well as join or depart groups
- Creating Distribution Groups, as well as adding and removing members, is usually done by the organization’s Exchange administrators on behalf of the users.
4. Group members also have access to a shared calendar, document library, OneNote notebook, etc. for collaboration needs beyond email
- Distribution Groups are designed for collaborating via email. Separate sets of manual steps are required to set up and use addition collaboration tools such as a shared calendar or a OneNote notebook.
It’s a Time for Upgrading your Distribution Groups
If you are impressed with Office 365 Groups over Distribution Groups then it’s a time to upgrade your Distribution Groups to new shiny Office 365 Groups.
You can do this in Exchange Admin Center as shown above or you can do this bulk using powershell. You can get more information about upgrade in this Microsoft article
Currently, all the Distribution Groups can’t be upgraded to Office 365 groups. Check out the limitation as below.
- Nesting – a Distribution Group which has another Distribution Group as one of its members
- Moderation – messages sent to the Distribution Group must be approved by a moderator before they’re delivered to the members
- Hidden groups in the Global Address List – Distribution Groups can be hidden, so that they don’t appear in the organization’s Global Address List.