Security Experts:

Connect with us

Hi, what are you looking for?


Risk Management

Microsoft Unveils New Security and Risk Capabilities in Office 365

Microsoft has unveiled several new capabilities in Office 365 to help customers better manage risks and protect against threats, including Office 365 Secure Score, Threat Intelligence Private Preview, and Advanced Data Governance Preview.

Microsoft has unveiled several new capabilities in Office 365 to help customers better manage risks and protect against threats, including Office 365 Secure Score, Threat Intelligence Private Preview, and Advanced Data Governance Preview.

Office 365 Secure Score was designed as a security analytics tool that applies a score to the customers’ Office 365 security configuration. Secure Score, says Alym Rayani, director for Microsoft’s Office Security and Compliance team, was created to provide customers with improved visibility into their Office 365 security configuration and into the security features available to them.

With the help of this new tool, customers will not only be able to understand their current Office 365 security configuration, but also to learn how implementing additional controls can improve their security and reduce risk, Rayani says.

Secure Score provides access to Score Analyzer via the Secure Score Summary. The Secure Score (or the numerator) is the sum of the points associated with the security configurations that a customer has adopted. The total score (or the denominator) is the sum of the points associated with all of the security controls available on the customer’s Office 365 plan.

The Score Analyzer allows customers to track and report their score over time. Customers are provided with access to a graph that shows their score on any date in the past, while also offering info on the specific actions they completed and which were available to them. The tool also offers support for exporting the score results to a CSV file for further use within an organization.

Secure Score also offers suggestions on possible actions that could improve one’s security position. These suggestions, Microsoft says, are prioritized depending on their effectiveness and impact to end users, meaning that those that are highly effective but have low impact on user experience are placed at the top.

The Office 365 Threat Intelligence, now in private preview, leverages the Microsoft Intelligent Security Graph to deliver actionable insights to global attack trends. The cost of data breaches is increasing, but even organizations that are properly prepared for a breach can diminish long-term costs.

The new Office 365 feature, Microsoft says, was designed to analyze data from global datacenters, Office clients, email, user authentications and other incidents and to deliver information about malware families inside and outside organizations, including breach information. Furthermore, it integrates with other Office 365 security features, including Exchange Online Protection and Advanced Threat Protection.

“Office 365 Threat Intelligence provides this visibility, along with rich insights and recommendations on mitigating cyber-threats, ultimately supporting a proactive defense posture, leading to long-term reduced organizational costs,” Rayani notes.

With the help of Office 365 Advanced Data Governance, customers can find and retain important data while eliminating redundant, obsolete and trivial data. By leveraging machine learning, it can deliver proactive policy recommendations; can classify data based by analyzing numerous factors, including data type, age, and user interaction; and can take action such as preservation or deletion.

According to Microsoft, this means that organizations have a better grasp of their data and no longer expose themselves to unnecessary risks because they retain data they no longer need, but which could be exposed in the event of a data breach.

While Office 365 Secure Score is now available to organizations with an Office 365 commercial subscription and which are in the multi-tenant and Office 365 U.S. Government Community clouds, Office 365 Threat Intelligence and Advanced Data Governance should become available by the end of March 2017 as part of the Office 365 Enterprise E5 plan and the Secure Productive Enterprise E5 offering.

Related: Office 365 Business Users Targeted in Punycode-based Phishing

Related: Office 365 Flaw Made Fake Microsoft Emails Look Legitimate

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

Risk Management

A threat-based approach to security often focuses on a checklist to meet industry requirements but overlooked the key component of security: reducing risk.

Risk Management

CISA has published a report detailing the cybersecurity risks to the K-12 education system and recommendations on how to secure it.

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


More than 4,000 internet-accessible Pulse Connect Secure hosts are impacted by at least one known vulnerability, attack surface management firm Censys warns.

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem