Microsoft’s threat protection portal has recently been enhanced with a potentially useful scorecard function.
Microsoft Defender Advanced Threat Protection (ATP) now contains a feature known as Microsoft Secure Score for Devices. This tool has the ability to dynamically monitor an enterprise network, to identify vulnerabilities and to provide recommendations for boosting security.
According to Microsoft, its aim is for the Secure Score to become “the go-to posture management app for security administrators”. Here’s a closer look at how the new feature fits into Microsoft’s existing toolkit – and at what this means for security posture management.
Microsoft Defender ATP at a glance
- This is aimed at those responsible for IT and security administration within businesses/organizations.
- For ATP to work, you need to ensure that devices on your organization’s network run on Windows 10 1709 (Fall Creators Update) or later. Microsoft has recently rolled out Microsoft Defender for Android, and an iOS version is expected later in the year.
- It works on the principle of real-time endpoint detection and response (EDR). This means that it continually scans your network, looking for vulnerabilities. It reduces the need for administrators to manually carry out full network scans, freeing up your time.
- The ATP sensors scan for device, software and application vulnerabilities. They also scan your organizational configuration (i.e. the details of how your security measures are set up, and how they relate to each other).
- Issues are reported via a central Threat & Vulnerability Management dashboard of the Microsoft Defender Security Center, together with recommendations for changes.
- You can then fix the issues highlighted using Microsoft’s Intune and Endpoint Configuration Manager tools, which give you remote access to user devices and installed apps.
- All of this can help alert you to new and emerging threats and pinpoint active breaches. It gives you the chance to make changes quickly – and better protect the assets under your care.
What is Microsoft Secure Score for Devices?
- When issues appear with multiple devices across a network, it can sometimes be difficult to work out what’s happening – and what order to fix things.
- Microsoft Secure Score for Devices is meant to offer a more user-friendly and actionable way of seeing what’s happening across your network – and how it’s actually affecting your security stance.
- Your configuration score for devices is visible in the threat and vulnerability management dashboard of the Microsoft Defender Security Center.
- The score reflects the state of your security configuration across your network as a whole. A higher score, the stronger your overall security stance.
- To formulate a score, the Microsoft Secure Score feature analysesthe state of your devices, focusing on security across applications, operating system, network, individual accounts, and security controls.
- The tool continually looks for vulnerabilities and potential misconfiguration issues, based on security intelligence and best configuration benchmarks.
- The scorecard feature also includes a list of security recommendations. Click on an item from the list and you’ll see a panel giving further info, along with remediation options.
- You can of course decide to fix the issue there and then. Alternatively, there’s an ‘Export all remediation activity data to CSV’ option, enabling you to easily attach it to an email or add to a spreadsheet for follow-up.
- As issues are fixed, your Microsoft Secure Score for Devices improves automatically, demonstrating that your organization is becoming more resilient against threats and vulnerabilities.
Posture management: why it matters
- If you want to make a move into enterprise or organizational IT security, that phrase, Cyber Security Posture Management (CSPM) needs to be on your radar.
- An enterprise’s cyber security posture refers to the overall security status of its networks, data and systems, along with the capabilities the enterprise has in place to protect its assets.
- No organization stands still. For instance, new software is introduced, upgraded or reconfigured; the location of data and workloads can shift (especially if the business is moving into the Cloud), and users come and go. This has been especially relevant over recent months, with so many of us accessing work systems remotely for the first time.
- This is why your security posture is never static. Each time your IT infrastructure undergoes a change, it has a direct impact on your posture; sometimes positive, sometimes negative.
- At the same time, the threat landscape is constantly evolving: new vulnerabilities are discovered, while new threats emerge.
- “How effective is our security posture?” What steps do we need to take to ensure our assets are secure? You need to ask these questions on a rolling basis. This is what CSPM is all about.
If you are interested in growing your skills then try our cyber security career development platform VIP membership.
Nathan, thanks for sharing this advancement with us. I want to ask whether the score will depend upon the total number of improvement actions taken on security recommendations?
Hi Nathan, thanks for the article. I’ve noticed omadmclient.exe being a major contributor of bandwidth and CPU usage in Process Explorer in some Office 365 environments. Do you know if this is the agent that enables endpoint detection & response?
Is this different from baselining?
A baseline is getting your system to a standard of security configuration. This is looking for vulnerabilities.
hmmm nice to use
Thanks again for posting this article and for deleting my previous comment. I was just about to do the same thing.
Do you currently have plans or a timetable to incorporate courses for vendor-specific cloud security certifications into your cybersecurity school like the MS-500: Microsoft 365 Security Administration?
Yes. Lots of top Cloud courses and certiification training in VIP here; https://courses.stationx.net/courses/category/Cloud
Sorry, I should’ve been more specific. I was wondering about the big three’s (AWS, Azure, & GCP) security-labelled certifications. I did just see the “Intro. to Cloud Sec. with Azure” course in the school that covers a good deal of the AZ-500, though:
– Microsoft Certified: Azure Security Engineer Associate (AZ-500 exam)
– GCP: Professional Cloud Security Engineer
– AWS Certified Security – Specialty
The MS-500 was a poor example as it’s not exactly Azure. However, the platform is cloud-based and interesting, and directly relates to the blog post.
Thanks, I’ll keep an eye on courses added in that category over time and focus on all the other ones I have yet to learn for now.
Thank you for the productive information.
Hi Nathan, Thanks for sharing such a great and informative post here.
How do I check my PC’s Security Performance using Secure ScoreCard ?