The following is provided from Microsoft Security and Compliance blogs at TechCommunity:
Last week was an exciting time in Las Vegas where we hosted our largest annual partner networking event for thousands of Microsoft Partners from more than 130 countries. This was particularly true for Microsoft Secure Score where we spoke to an audience of well over 100 partners to demonstrate how it can help them grow their businesses.
At Microsoft Inspire 2018, Microsoft Secure Score was a relatively new feature and many partners at the event were learning about it for the first time. Since then much has changed. Customer and Microsoft Partner awareness has reached critical mass and adoption and usage has ramped significantly.
New Microsoft Secure Score Location and Layout
Much of this occurred when Microsoft 365 security center reached general availability and became the new centralized experience for security administrators. This new console also became the new home for Microsoft Security Score which dramatically enhanced its discoverability. Prior to this change, the Microsoft Secure Score experience was several clicks deep in the Office 365 Security & Compliance portal. Below is a view of the new Microsoft 365 Security Center which is where Microsoft Score is now located.
In addition, we released a completely revamped user experience in March 2019 to improve usability and create a more action oriented experience for users. With these changes we saw utilization of Microsoft Security Score triple by the end of April and it’s continued to rise from there.
In the image below you’ll see the new Microsoft Secure Score interface. The product-based donut scores from before have been removed and we aligned its organization around the Microsoft Threat Protection model which includes five pillars: Identity, Data, Devices, Apps, and Infrastructure. This change was based on feedback from our customers and partners who wanted to see a more category-based approach instead of scores for each product (Office 365, Windows, etc.). In addition, summary views for History and Improvement Actions have been added to the main Overview page and then if you drill down into either of them you’ll find more significant changes to help you work more efficiently.
The Microsoft Partner Opportunity
From a Microsoft Partner perspective, 2019 has been the year of adoption with many introducing Microsoft Secure Score into their programs, offerings, and tools. Some of these partners are listed below. One partner told us that they’ve used Secure Score to successfully drive cold call related lead quotes from 3% to 15% – a whopping 5X increase for them. Other partners have reported tremendous opportunities in security services work as a result of offering low cost Microsoft Secure Score assessments. As a result, often clients request to raise their secure score leading to additional licensing and services work to implement items such as data protection and smart phone management using product suites such as Microsoft 365.
While your mileage may vary, what we know for certain is that customers are exhausted by the news and articles describing the latest cyber-security breaches. And while organizations eagerly continue their hunt for better preventative and incident response technologies they’re increasingly searching for new solutions after coming to terms with the fact that 93% of cyber security breaches are the result of failures in basic cyber hygiene (Online Trust Alliance). Based on this statistic, they are also looking for solutions that provide active insights and expert guidance to help them maintain cyber-hygiene and maximize their security posture.
Microsoft Secure Score is just such a tool and when a Microsoft Partner shows their clients how Microsoft Secure Score provides them with a methodical approach to help them achieve basic cyber hygiene it is a real eye opener for them. Clients are amazed to learn about the simple things they can do to immediately increase their security posture and avoid becoming tomorrow’s next news story.
Microsoft Secure Score provides a unique ability for those using the Microsoft Cloud to review, understand, and improve their own security posture. But there are many organizations who are unaware or who do not have the technical expertise to translate that knowledge into action. Many organizations are focused 100% on running their businesses and if their services seem to be working, they assume everything is fine.
This operational reality provides a large services opportunity for Microsoft Partners. By positioning Microsoft Secure Score as part of a low-cost security assessment, Microsoft Partners can advertise this as a service. As displayed in the Microsoft Secure Score portal, on average most organizations have a very low score and a long list of important recommendations they should prioritize. Based on this knowledge, a partner like you can engage with almost any customer knowing what the assessment will surface to the customer (i.e.: low score needing significant improvement). From here the value add you can offer customers is to provide them with deeper level of explanation and knowledge, plans on how to address the top recommendations, and of course services to implement them. Through this engagement process, Microsoft partners are in a unique position to learn much more about the client environment which will often lead to additional opportunities.
While Microsoft Partners have the option to develop a Microsoft Secure Score Assessment as a stand-alone offer, some partners already have an established Security Assessment offering using a variety of utilities and report generators. For partners like these we’ve seen them add Microsoft Secure Score to their existing assessments which has enabled them to surface additional opportunities for improvement. Others have utilized the Microsoft Secure Score API to extend the capabilities of their scanning utilities. Some Microsoft Managed Services Providers (MSP) now export their client Microsoft Secure Score and review it during normal quarterly meetings. These types of reviews open up doors for many opportunities, not to mention it becomes a strong reminder of how a client’s previously low score is now trending much better because of the Microsoft Partners efforts.
To assist Microsoft Partners with the design and marketing of a Microsoft Secure Score Assessment offer, we have designed a marketing template as a place to start and generate ideas. This marketing template is only an example and we highly encourage Microsoft Partners to customize it by adding their own differentiators. The marketing template is available here: aka.ms/SecureScoreOfferTemplate
In addition to developing and marketing a Microsoft Secure Score Assessment, we recommend that Microsoft Partners first evaluate their own Microsoft Secure Score. Consider the improvement actions you’d recommend implementing in your own environment. Understand why you’d implement some but not others. Finally, assess the impact of implementing each improvement action on your environment, your users and business? This will help you generate a personal story that will help you assert why YOU’RE the best partner to provide this type of assessment service.
We’ve talked to a lot of partners about integrating Microsoft Secure Score into their offerings and we’ve been excited to see them using the Graph API to go beyond what we’ve offered natively.
QualityHosting is perfect example of partner that is using the Graph API to take make it an even better solution and it impressed us enough that we invited them to speak about it on stage at Inspire. When QualityHosting first saw Microsoft Secure Score they saw its potential, but they also quickly noticed that its user experience was designed for customers rather than partners. The specific challenge they noticed was is that it didn’t enable them to monitor scores and implement improvements across more than one customer tenant at a time. With Quality Hosting’s Managed Security 365 multi-tenant service they solved this challenge for themselves and then they productized the capability for other partners to take advantage of. More information on it can be found in the product video which can be found on their YouTube channel.
Enabling Technologies has incorporated a Microsoft Secure Score evaluation into its already well established and very successful SPARC security engagement program. This is their custom end-to-end security solution that focuses on Strategy, Policy, Awareness, Response, and Compliance with their clients. Discussions about their client’s Microsoft Secure Score has led many to request services to improve their security posture in the following areas just to name a few: securing iOS and Android devices with Intune, enabling multi-factor authentication on privileged accounts, etc. All have increased licenses sold, increased implementation services work, and further protected their clients from cyber risks.
Secure Score makes it easy for Agile IT to communicate the need, value, and impacts of its AgileSecurity program. Agile IT’s automation toolkit, combined with the Microsoft Graph API allows them to reach time-to-value and time-to-security faster, but it is Secure Score that tells the story with their clients. Simple visualizations help spur conversations with non-IT business decision makers, while its recommendations help them build prioritized roadmaps with IT leadership. The best part is that Secure Score provides impartial guidance since it is neither an Agile IT nor customer standard.
In addition to covering partner momentum, opportunities and new resources at our Inspire session we also offered a sneak-peak at some upcoming improvements that we will be releasing later this year. While the details are still being developed, the list below represents some of the key features Microsoft Partners and customers can look forward to:
- Improved scoring system
- Metrics and trends
- Improved history and comparisons
- Near real-time status
- More action oriented Ux
- and much more…
Below is a screen capture of one of the latest Microsoft Secure Score builds which, if you look closely, reveals a bit more than I mentioned above. The Microsoft Secure Score team will publish new blogs about the improvements as they reach General Availability (GA).
Wrapping it up
So, there you have it – a quick recap of Microsoft Secure Score session at Inspire.
If you are a partner that is new to Microsoft Secure Score now is the time to learn more and start planning how to take advantage of it. Consider developing a Microsoft Secure Score offer using these resources, educate your sellers, integrate a secure score evaluation into your customer meetings.
If you are a partner who has already integrated Microsoft Secure Score we thank you for the support and feedback, all of which has helped shape the latest release and features coming in the future. Be sure you are fully capitalizing on the business opportunity, make sure you have updated your offering and sellers with the latest changes released in March 2019, and then consider using the Graph API to provide innovative and differentiated offerings to your customers.
The above was provided from Microsoft Security and Compliance blogs at TechCommunity