As the old adage goes “you don’t know what you don’t know”. Whilst in general, I take a dislike to statements like that, it’s quite true when it comes to security and Office 365.
Imagine the scenario. You buy Office 365 a year or two ago, and at the time, configure it based on what a) a Microsoft partner tells you is a good idea, b) based on what is available at the time within Office 365 and c) based on whatever licences you bought at the time.
This in general means that because time has moved even if you did assess what features were applicable a year or two ago, then things have changed so much that you need to re-assess what is available.
The difficultly in doing that is you then enter the minefield that is Microsoft licensing – what are you licenced for? Does this feature require Azure AD premium, InTune, EMS E3 or E5? Have I already enabled it? Is it configured correctly in my tenant? So many questions that you might start out fairly confident that your tenant is secure but after thirty minutes scouring Microsoft licensing information you may be more confused than ever.
Now, whilst Microsoft probably should make their product information clearer (look at this page and tell me what EMS actually includes, for example) and simplify their licensing a little, there is some hope.
This is where Secure Score comes in and is actually a very useful tool that you can use to get two key things.
Firstly, a high level overview of where your Office 365 tenant sits compared to all others, and where the high level areas are that you could improve.
Secondly – detailed tasks that you can perform to improve security, along with an impact assessment (of sorts).
To help you get started with Secure Score, I’ve written a longer article over on the Content and Code website to show you what Secure Score is, what information is available and how to interpret the information it provides.