Three self-assessment tools for Office 365 and Azure that are often overlooked

I often speak with customers who have existing Microsoft online tenancies, configuration, resources and security controls that have been configured in a manner to suit a particular projects pre-requisites (e.g. an Office 365 Pilot).

In some instances, there are long-term implications from these initiatives that have been overlooked.

Even if the implementation at the time was deemed best practice, keeping up with the pace of change within Microsoft Cloud technologies means that best practice is far from a static state.

This article is intended to provide an overview on three specific tools you have at your disposal. These tools will help you make a more informed decision on an appropriate course of action, and are to be used as a part of a wider security strategy and framework.

Let’s break down the three items we will be diving deeper on:

1. Office 365 Secure Score – Offers an in-depth analysis of your Office 365 implementation, providing a ‘score’ to improve on with a list of recommended actions to improve your security posture within Office 365.
2. Azure Advisor – A guide to Azure best practices focussing on providing recommendations and proactive best practice guidance for optimally configuring your Azure resources.
3. Azure Security Center – Provided to prevent, detect and respond to threats with increased visibility and control over the security of your Azure resources.

Office 365 Secure Score

Microsoft offers the Secure Score service as a complimentary feature, which is available to all Office 365 customers.

Secure Score analyses the services currently in use (e.g. OneDrive, SharePoint, Exchange Online), and performs an analysis on your settings and activities, and compares them to a baseline established by Microsoft. Your Office 365 tenant is then subsequently stacked against your peers in terms of how you compare, and where you can improve.

After the Secure Score service has finished running its analysis, a score is presented (as shown below) with a subsequent ‘call to action’ on tasks to improve your Secure Score. It’s unlikely you will want to action all recommendations within your environment, however by looking at the severity and the effort to implement, it is likely that you will find some valuable recommendations – such as enabling multi-factor authentication (MFA) for administrative accounts.

^{Figure 1: Secure Score and Comparison}

^{Figure 2: Secure Score Example Recommendation}

To get started with Secure Score, head on over to securescore.office.com.

Keep in mind, this just a minor component of addressing security within Office 365 and is a great introduction to some of the advanced offerings found within Microsoft Enterprise Mobility and Security.

Azure Advisor

Continuing on the self-assessment and recommendation path provided by Secure Score for your Office 365 tenancy, let me introduce Azure Advisor. Azure Advisor is a personalised recommendation engine that provides proactive, best practice guidance for optimally configuring your Azure resources.

Azure Advisor performs analysis on your resource configuration and usage to provide recommendations to reduce costs, improve the performance, security, and reliability of your applications.

The recommendations are provided within the following four categories:

1. The security of the solution – Prevent, detect, and respond to threats with increased visibility into, and control over, the security of your Azure resources (this is the data captured via Security Center – see the next section of the post).
2. The availability of the solution – Ensure and improve the continuity of your business-critical applications.
3. The performance of the solution – Improve the speed and responsiveness of your business-critical applications.
4. The cost of the solution – Optimise and reduce your overall Azure spend by identifying idle and underutilised resources (see below example).

^{Figure 3: Example Azure Advisor Recommendations}

The results from Azure Advisor can open a number of questions around your current implementation:

• One of the key benefits provided by Azure is guaranteed SLAs around Virtual Machines (VMs), but have you configured the appropriate availability sets?
• Are you utilising the right tier of disk for your solution? Sure, Microsoft guarantees VM connectivity to at least one instance within an availability set 99.5% of the time, but what if it is a single instance VM using standard storage?
• Maybe you have some high spec VMs that were provisioned for a project to perform some initial stress testing and no one has resized the VM since? This is where Azure Advisor shines – stepping in and providing a recommendation that you can choose to supress or action.

Whilst understanding the recommendation from Azure Advisor is one hurdle to cross, the next is to execute on the tasks required to action the recommendation.  Azure Advisor aims to address this by providing step-by-step suggested actions to follow to allow you to achieve this.

Azure Advisor can be accessed now through your Azure Portal. Even if it is just a sanity check or a bit of self-validation on services you have deployed, it is worthwhile checking out.

Azure Security Center

Azure Security Center helps you prevent, detect, and respond to threats with increased central visibility into and control over the security of your Azure resources. It provides integrated security monitoring and policy management across your Azure subscriptions, helps detect threats that might otherwise go unnoticed, and works with a broad ecosystem of security solutions. Let’s break it down at a high level.

^{Figure 5: Azure Security Center Overview}

Prevention

Microsoft Azure Security Center provides a number of preventative controls out of the box, monitoring the security state of all Azure resources.

Security policies are configured to check for risks, such as systems that are out of date and haven’t been patched, current OS vulnerabilities, endpoint protection configuration and incorrect network security groups. Once the policies are configured, you will be presented with a list of recommendations and appropriate steps to remediate the issue. Users can also deploy services from other vendors, such as security appliances, right from inside the Security Center.

Detection

Threat detection is driven by advanced analytics systems within Azure, Machine Learning is utilised to perform next-generation threat detection, rapidly adapting to thwart evolving attacks. Over time, Microsoft Azure Security Center’s threat detection technology understands each system and user patterns and can make intelligent recommendations based on prior activity and abnormalities within these patterns. Users can also collect and analyse security data from Azure resources, and tap into external resources such as the Microsoft Security Response Center to identify vulnerabilities and security issues.

Response

Microsoft Azure Security Center provides the following response mechanisms:

• Priority List of security incidents and alerts.
• Deep Insight into the source of the attack and impacted resources.
• Recommended actions on how to stop the attack and prevent future attacks.

One common example is Remote Desktop Protocol (RDP) attacks on Windows servers. When the network security group allows access to that protocol (TCP port 3389) from any source, it’s not uncommon to see a large number of attacks against that service. Microsoft Azure Security Center identifies this, and provides guidance on how to secure your network security groups with ingress rules that restrict access.

If this is the first you have heard of Azure Security Center or you have been meaning to define that first policy to get started, set yourself a few minutes after reading this and head on over to Azure Security Center. Given the current security landscape, it is imperative to assess your current risk levels and current configuration – you may be surprised at what you may pick up.

For some additional reading on the stages of a security attack and how this relates to Azure Security Center, I highly recommend checking out the following blogs:

• Petya ransomware prevention & detection in Azure Security Center
• How Azure Security Center helps reveal a Cyberattack
• How Azure Security Center detects a Bitcoin mining attack

Azure Security Advisor comes in two tiers – Security policy, assessment and recommendations are free of charge and can be accessed now through your Azure Portal. Refer to the pricing details for further information.

To summarise, Microsoft has given a number of tools to help asses and summarise potential security risks to your Office 365 or Azure tenancies. These are basic ways to check potential security and misconfiguration issues.

For more information, feel free to connect with me on LinkedIn.