Office 365 Security Assessment-Engagement Delivery Guide

Office 365 Security
Assessment
Delivery Guide
Office 365 Security Assessment
Latest version: http://aka.ms/o365securityassessment
© 2017 Microsoft Corporation. All rights reserved. This document is provided "as-is." Information and views
expressed in this document, including URL and other Internet Web site references, may change without notice.
This document does not provide you with any legal rights to any intellectual property in any Microsoft product.
Office 365 customers and partners may copy, use and share these materials for planning, deployment and
operation of Office 365 features.
Document1 Page 1 of 34
Table of Contents
Introduction .................................................................................................................................................................................. 4
Version History ....................................................................................................................................................................... 4
Audience ................................................................................................................................................................................... 4
Feedback ................................................................................................................................................................................... 4
Engagement Overview ............................................................................................................................................................. 5
Objective ................................................................................................................................................................................... 6
Recommended Skills and Experience ................................................................................................................................. 6
Timeline ..................................................................................................................................................................................... 7
Engagement Requirements................................................................................................................................................ 7
Deliverables .............................................................................................................................................................................. 8
Office 365 Security Assessment Engagement Preparation......................................................................................... 8
Preparation for the Kick-off Meeting ............................................................................................................................. 8
Preparation for the Readiness Presentations .............................................................................................................. 9
Preparation for Day One of the On-site Workshops ................................................................................................ 9
Preparation for Day Two of the On-site Workshops ............................................................................................. 10
Delivering the Office 365 Security Assessment............................................................................................................ 12
General Delivery Tips ......................................................................................................................................................... 12
Kick-off Meeting.................................................................................................................................................................. 12
Day One of the On-site Workshops............................................................................................................................. 13
On-site Engagement Overview ................................................................................................................................. 13
Office 365 Security Technical Readiness Presentation ......................................................................................... 13
Office 365 Security Overview ..................................................................................................................................... 13
Customer Security Strategy ........................................................................................................................................ 13
Review Security Questionnaire .................................................................................................................................. 13
Office 365 Secure Score Overview ........................................................................................................................... 13
Day one wrap up and Q&A ........................................................................................................................................ 14
Day Two of the On-site Workshops............................................................................................................................. 14
Day Two Briefing ............................................................................................................................................................ 14
Secure Score Recommendations / Discussion .................................................................................................... 14
Office 365 Security Roadmap Workshop .............................................................................................................. 14
Project close-out and Next steps ............................................................................................................................. 15
Example Schedule ................................................................................................................................................................... 16
Day One .................................................................................................................................................................................. 16
Day Two .................................................................................................................................................................................. 17
Office 365 Security Assessment Assets ........................................................................................................................... 18

Engagement Tools .................................................................................................................................................................. 19
Office 365 Secure Score ................................................................................................................................................... 19
Instructions on how to export the Secure Score data ...................................................................................... 20
Import the Secure Score data into the Office 356 Assessment-Remediation Checklist Tool ........... 22
Office 365 Advanced Security Management ............................................................................................................ 25
Remediation Checklist Tool ............................................................................................................................................ 30
Appendix..................................................................................................................................................................................... 33
Readiness Content.............................................................................................................................................................. 33
General.................................................................................................................................................................................... 33
Readiness Presentations .............................................................................................................................................. 33
Introduction
This document contains the delivery guidance for the Office 365 Security Assessment offering. The
Office 365 Security Assessment is a structured engagement which uses the Office 365 Secure Score
tool to evaluate and prioritize Office 365 tenant security settings of an organization. The Office 365
Security Assessment offering has been designed to help you as a partner create and present a
customized, prioritized and actionable roadmap based on the recommendations from the Office 365
Secure Score tool to your customers.
The purpose of this document is to provide guidance on how to deliver the Office 365 Security
Assessment, including details about the artefacts included within the offering.
Important! The Office 365 Security Assessment offering should be considered as an example on
how to conduct an Office 365 Security Assessment using Secure Score. The artefacts within the
Office 365 assessment must be customized so that the engagement is aligned to your
organization’s own value proposition, workflows, delivery methodologies, related work
streams and offerings. The outcome of the Office 365 Security Assessment is intended to assist
with the development a roadmap of actionable customer recommendations used to drive
additional project based work or can be used to inform a repeatable lifecycle of security
management tasks within a managed service offering.
The Secure Score is a numerical summary of your security posture within Office 365 based on system
configurations, user behaviour and other security related measurements; it is not an absolute
measurement of how likely your system or data will be breached; rather, it represents the extent to
which you have adopted security controls available in Office 365 which can help offset the risk of
being breached. No online service is completely immune from security breaches; the Secure Score
should not be interpreted as a guarantee against security breach in any manner.
Version History
Table 1 – Summary of Changes
Version Changes Date

1.0 Initial Release 12-Apr-2017
Audience
The document is intended to be used by the partner and should not be distributed to the customer.
Feedback
The artefacts within this offering will be iteratively improved based on product released as well as
direct feedback from delivered engagements. To provide feedback, use the feedback process
available through following web site: http://aka.ms/securityassessmentfeedback
Engagement Overview
The following table provides an overview of the information categories included as part of delivering
the Office 365 Security Assessment:
Category Description
Timeline Milestone One: Up to two-hour pre-engagement kick-off meeting
Milestone Two: Two days of on-site workshops
Time and material Estimated 24h engagement using the example schedule (expenses should be
added)
Target customers Customers who have already decided to adopt the cloud and Office 365 and
have an Office 365 tenant already in place.
Partner resource Security Consultant/Architect
requirements Project or Engagement Manager
Customer CSO/CISO, CEO/CFO, CIO/CTO, Enterprise/Security Architects, Security
resource Operations
requirements
Engagement The standard scope of the engagement is:
scope - Gain a mutual understanding of cloud security objectives and
requirements
- Provide guidance, recommendations and best practices on how to
successfully implement Office 365 security features
- Provide a prioritized and actionable Office 365 security roadmap. Map
Office 365 security capabilities to customer security objectives and
requirements
Engagement The deliverables of the engagement are:
deliverables - Kick-off Presentation, overview of the engagement covering vision
and objectives, requirements and next steps and actions
- Pre-Assessment Questionnaire, a questionnaire containing questions
on cloud usage/adoption, security requirements and objectives,
regulations and frameworks
- Recommendations and Roadmap Report, a presentation containing
a prioritized list of Office 365 security recommendations based on
Office 365 Secure Score
Objective
The engagement has following objectives:
Understand cloud • Gain an understanding of the customers

business requirements and how they drive
security objectives and
security objectives and requirements
requirements
• Provide guidance, recommendations and

Office 365 security best practices on how to successfully
readiness implement Office 365 security features
• Provide a prioritized and actionable Office

Create an Office 365 365 security roadmap based on customer
security roadmap security objectives and requirements
Recommended Skills and Experience

The following table describes the recommended skill set and experience for the resourcing delivering
the Office 365 Security Assessment IP:
Role Recommended resource skill sets

Delivery Management  Basic understanding of cybersecurity
(Project/Engagement Manager)  Basic understanding of Office 365
 Experience managing security engagements
Security Resource  Strong cybersecurity background and knowledge
(Security Architect/Consultant)  Good understanding of Office 365 and the security
components of Office 365
 Have prior design and implementation experience of the
Office 365 Advanced Security products including:
o Exchange Online Protection
o Exchange Advanced Threat Protection
o Advanced Security Management
o Threat Intelligence
o Advanced Data Governance
o Azure Active Directory and multifactor
authentication for Office 365
Timeline
The Office 365 Security Assessment typically consists of an up to a two-hour remote kick-off meeting
followed by the 2-day on-site assessment workshops as per following suggested engagement
timeline:
• Kick-off meeting
• Provide pre-assessment questionnaire
• Provide instructions on how to export Office 365 Secure Score data
Week One
• Customer to complete/return questionnaire

• Customer to export and send Secure Score data
Week Two and • Analyse questionnaire and Secure Score data
Three
• On-site workshops covering:

• Security objectives and requirements
• Office 365 security readiness
• Office 365 security assessment
Week Four
• Office 365 security roadmap
Engagement Requirements
This engagement requires that the customer has already acquired a production Office 365 tenant.
Scheduling an initial assessment before moving production users and data into the Office 365 tenant
is recommended, if possible, for the following reason. Completing an initial assessment would ensure
that the Office 365 tenant has the customer’s required security configuration before adding users and
data. Doing so may reduce the risk of a breach prior by implementation of the security controls
informed by the actions indicated from outcome of Microsoft Secure Score. Additional assessments
should be proposed within a lifecycle of managed security services and scheduled to be run on a
continuous basis to ensure that the Office 365 tenant is meeting the customer’s desired security state
and to catch any configuration drift.
The following Office 365 components are used as part of the engagement:
Component Description License Requirements

Office 365 Secure Score The main tool used as part of Office 365 Secure Score is available to
the security assessment. Secure organizations with an Office 365
Score analyzes Office 365 commercial subscription and who are
security based on security in the multi-tenant and Office 365
settings across the tenant and U.S. Government Community clouds.
assigns a score which can be
tracked over time. The tool is
used as part of the engagement
to create a prioritized and
actionable roadmap.
Office 365 Advanced Security As an optional component, the The Office 365 Advanced Security
Management assessment can use the Office Management tool is available in
365 Advanced Security Office 365 Enterprise E5 or as an add-
Management tool and its on subscription to Office 365. A 30-
Discovery & Insights features to day trial can be used as part of this
provide the customer with assessment.
additional visibility into 3rd
party SaaS application usage, Note that the customer must have a
also known as Shadow IT. supported firewall or proxy device to
import usage data into Advanced
Security Management. If the
customer does not have a supported
device, we recommend using your
own demo tenant to demonstrate the
Advanced Security Management
functionality.
Deliverables
The following deliverables are part of the Office 365 Security Assessment:
Deliverable, Work Product Description Delivery Date

Kick-off Presentation Overview of the engagement Kick-off meeting
covering objectives, requirements,
and next steps
Pre-Assessment Questionnaire A questionnaire on cloud After the kick-off
usage/adoption, security presentation
requirements and objectives,
regulations, and frameworks
Recommendations and Roadmap A prioritized list of Office 365 After the 2-day on-site
Report security recommendations based workshops
on Office 365 Secure Score results.
Office 365 Security Assessment Engagement Preparation

This section includes additional details to allow the delivery resources to prepare for the engagement.
It is important that all involved delivery resources go through this section in detail before delivering
the engagement.
Preparation for the Kick-off Meeting

The kick-off meeting will brief the customer on the Office 365 Security Assessment and cover the
engagement vision and objectives, an engagement overview, the required tools and next steps and
actions. To be prepared to deliver the kick-off meeting presentation we recommend following
preparation tasks:
 Prepare the kick-off meeting PowerPoint presentation

o Review the content marked as “Example”, make modifications if required, and then
remove the “Example” banner from the slides
o Modify the engagement schedule
o Modify the project governance section to match your project delivery methodologies
 Review the kick-off meeting presentation content
 Review and modify the Office 365 Security Assessment Questionnaire as required. This needs
to be delivered to the customer after the kick-off meeting
 Review any relevant Office 365 and/or security engagements that have previously been
delivered to the customer
 Confirm that all customer stakeholders will attend the meeting

 Review the “Security Assessment using Office 365 Secure Score” recorded presentation
available within the Readiness Content section
Preparation for the Readiness Presentations

The example schedule allows you to present three out of five readiness presentations that are part of
the Office 365 Security Assessment IP. The questionnaire provides guidance on what topics the
customer is interested in. Confirm the three readiness presentations as part of the kick-off meeting or
during the first session in the 2-day on-site workshops.
The following Office 365 Advanced Security readiness presentations have been included as part of the
Office 365 Advanced Security Assessment IP:
 Protect customers against Spoof Phish Malware and Spam

 Gain visibility and control with Office 365 Advanced Security Management
 Protect Sensitive information with Office 365 Data Loss Prevention
 Acquire insights into proactively protecting against advanced threats
 Advanced Data Governance
The resource delivering the readiness presentations must have a good understanding of the readiness
content and have prior design and implementation experience of the Office 365 Advanced Security
products.
Recommended training content for the readiness presentations can be found in the Readiness
Content section appendix of this document.
Preparation for Day One of the On-site Workshops

Day one of the on-site workshops focuses on establishing a mutual understanding of the Office 365
security capabilities, the customer’s security strategy, cybersecurity posture and how the Office 365
Secure Score tool is leveraged as part of the assessment. To prepared to deliver the workshops during
day one of the assessment we recommend following preparation tasks:
 Review the completed customer questionnaire, note missing answers and/or any items that
you think needs additional discussion during the Security Questionnaire Review workshop
during day one
Review and customize the workshop content delivered during day one. The example schedule is
available in the
 Example Schedule section within this document

 Read and/or view the recommended training content within the Readiness Content appendix
of this document
 Use the remediation checklist tool to insert the security actions that the customer exported
from Office 365 Secure Score
Preparation for Day Two of the On-site Workshops

Day two of the on-site workshops focuses on prioritizing security actions from the Office 365 Secure
Score tool, additional technical readiness and preparing the roadmap as part of the engagement
close-out presentation. We suggest you perform the following pre-work to ensure a successful
execution:
 Review notes or actions captured during day one of the on-site workshops
 Update project governance items as required
Review and customize the workshop content delivered during day two. The example schedule is
available in the
 Example Schedule section within this document

o Update the project close-out meeting to include your own security related offerings
and services where appropriate. Align the outcome and deliverables to the
recommendations from Office 365 Secure Score and consider a combination of
individual engagements and managed services
 Review the recommended training content within the Readiness Content appendix of this
document
Delivering the Office 365 Security Assessment

The objective of the engagement is to present customers with a customized, prioritized and
actionable roadmap based on the recommendations from Office 365 Secure Score. Propose follow on
engagements, including managed services, as part of the close-out presentation. For example,
delivering on-going security assessments provides an opportunity to introduce the customer to a
managed security service and ensures that the customer implements the recommendations from the
security assessment.
This section includes guidance on delivering the various components of the Office 365 Security
Assessment.
General Delivery Tips

 Good security principals cover people, process and technology solutions. This specific
engagement addresses Office 365 security technology solutions delivered as a project service;
however, there is an opportunity to present the security roadmap as lifecycle of managed
services that your organization can deliver.
 This engagement does not cover on-premises or hybrid scenarios. It specifically covers Office
365 and the security actions originating from the Office 365 Secure Score tool. It’s important
to discuss the importance of end-to-end security which includes securing any on-premises or
hybrid infrastructure.
 Implementation of all Office 365 Secure Score actions will not mean that the customer is
completely secure. The goal of the engagement is to improve the security posture in Office
365.
 There is no such thing as perfect security. Security is a continuous journey towards reducing
risk and raising the complexity and cost of breach and compromise.
 The engagement is based on the recommended security actions from Office 365 Secure Score.
It is important that the technical readiness resources have good knowledge on how to use
Office 365 Secure Score as well as a solid understanding of what each security action does and
the impact it might have on the customer environment. Use the readiness content to learn
about Office 365 Secure Score and make sure to analyze each security action in a lab
environment.
 During the workshops, you may increase customer value by incorporating specific information
and scenarios that the customer has shown an interest in. For example, use the answers from
the questionnaire to potentially expand into additional Office 365 products or specific
functionality that the customer would like to implement or know more about.
 The assessment will allow you access to customer stakeholders and technical resources. Make
sure you use the time to establish yourself and your organization as trusted advisors for Office
365 security.
Kick-off Meeting
The project/engagement manager typically delivers the kick-off presentation and should provide an
overall engagement overview, introduction to the team, engagement scope, and the project
governance approach. The technical resources should join the kick-off presentation to support the
project/engagement manager with some of the technical components of the kick-off meeting.
Day One of the On-site Workshops

This section contains guidance for each of the workshops delivered as part of day one of the Office
365 Security Assessment.
 Make sure to capture notes during the day. Review the notes after the first day to modify the
schedule and/or content for day two as necessary.
On-site Engagement Overview

The first session provides an overview of the 2-day on-site agenda, goals, and an opportunity to cover
Q&A and project governance. It’s also recommended to finalise the three technical readiness
presentations delivered during the on-site workshops.
 Discuss and agree on the engagement success criteria. What does the customer expect to get
out of the engagement?
 Finalize the technical readiness presentations
 Finalize the schedule for the on-site workshops
 Discuss and agree on project governance items
 Finalize workshop attendance for each workshop. It is critical to get the right audience to
participate in each workshop
Office 365 Security Technical Readiness Presentation

This is the first technical readiness presentation time slot.
 If possible, add value by weaving in related stories from your own experience with the product
Office 365 Security Overview

This session provides an overview of the approach Microsoft has taken to secure enterprise
organisations in Office 365.
 Add value by weaving in related stories from your own experience with the product if possible
Customer Security Strategy

This session allows the customer to present their goals and ambitions on their cloud security strategy.
 Use the customer security strategy presentation to guide the customer on topics for the
session
 Listen to the customer and take notes. Pay attention to concerns/topics that you can address
as either individual consulting engagements and/or managed services. Add these solutions to
the close-out presentation and the roadmap which you will present at the end of the
engagement
Review Security Questionnaire

Review the completed security questionnaire with the customer. The completed questionnaire should
have been reviewed before the on-site workshops to allow you to cover any missing answers, ask for
additional details and/or add additional questions.
Office 365 Secure Score Overview

This session provides an overview of Office 365 Secure Score and how it relates to the security
requirements.
 Demonstrate the functionality of secure score using your own lab environment as well as the
remediation checklist tool which is included as part of the Office 365 Security Assessment
Day one wrap up and Q&A

The wrap up session will allow you to provide a recap of the day.
 Allow enough time for Q&A
Day Two of the On-site Workshops

This section contains guidance for each of the workshops delivered as part of day two of the Office
365 Security Assessment.
Day Two Briefing

The first session of day two of the on-site workshops provides an overview of the second day agenda
and goals as well as an opportunity to cover Q&A.
 Discuss progress of day one and allow time for Q&A

 Discuss and agree on project governance items
 Discuss the outcomes from day one and intended outcomes from day two
Secure Score Recommendations / Discussion

This session uses the remediation checklist tool to analyze and prioritize the security actions from
Office 365 Secure Score.
 Use the remediation checklist tool to work through each security action from Office 365
Secure Score. For each security action:
o Explain what the Security Action does and if required, demonstrate the functionality
using a demo Office 365 tenant
o Work with the customer to prioritize the security action and add additional comments
in the remediation checklist tool
This is the second technical readiness presentation time slot.
This is the third technical readiness presentation time slot.
Office 365 Security Roadmap Workshop

Create an Office 365 security roadmap based on the security requirements and the prioritization of
the Office 365 Secure Score actions.
 Use the list of the prioritized Office 365 Secure Score actions to update the roadmap within
the close-out presentation
 Consider the potential for risk, difficultly of implementation, and impact ratings suggested by
each Office 365 Secure Score action. Discuss the implications with your customer in depth as
you prioritize and build the roadmap of actions. Consider time frames to fully implement and
a lifecycle of managed services opportunities for your organization.
Project close-out and Next steps

The close-out presentation is the last session of the on-site workshops and allow you to present the
customized, prioritized and actionable roadmap as well as cover recommended next steps, actions
and Q&A.
Example Schedule
Day One
Customer Scheduled
Workshop Description Outcome Time
attendees time, room
Provides an
overview of the 2-
Agreed plan and
On-site day on-site agenda,
schedule for the All project 60 <Time>,
Engagement goals and an
2-day on-site team minutes <Room>
Overview opportunity to
assessment.
cover Q&A and
project governance.
Microsoft‘s Provides a high-

Office 365
approach to level overview of All project 60 <Time>,
Security
securing enterprise Office 365 team minutes <Room>
Overview
organizations. security features.
Customer presents Provides a mutual

Customer goals and understanding of
All project 60 <Time>,
Security ambitions on their the customer
team minutes <Room>
Strategy cloud security cloud security
strategy. strategy.
Lunch 60 minutes
Review the Prioritized list of

Review Security All project 60 <Time>,
completed security security
Questionnaire team minutes <Room>
questionnaire. requirements.
Office 365 Security

Technical
Security Technical readiness Engineers
readiness 60 <Time>,
Technical presentation time
provided to Security minutes <Room>
Readiness slot.
customer team. Architects
Presentation
Overview of Office Security

Technical
Office 365 365 Secure Score Engineers
readiness on 60 <Time>,
Secure Score and how it relates
Office 365 Secure Security minutes <Room>
Overview to the security
Score. Architects
requirements.
Day one wrap up and Q&A 20 minutes
Day Two
Scheduled
Customer
Workshop Description Outcome Time time,
attendees
room
Overview of the
second day
Agreed upon All
agenda, goals, 30 <Time>,
Day Two Briefing schedule for day project
and an minutes <Room>
two. team
opportunity to
cover Q&A.
Workshop
covering current Prioritization of
Secure Score All
Office 365 Secure Office 365 120 <Time>,
Recommendations project
Score and Secure Score minutes <Room>
/ Discussion team
recommended security actions.
security actions.
Technical Technical
Office 365 Security readiness readiness
Technical presentation time provided to Security
Readiness slot. Or, Shadow customer team. Engineers 60 <Time>,
Presentation IT Analysis
or Security minutes <Room>
Workshop using
or Shadow IT Office 365 Understanding Architect
Analysis Workshop Advanced Security of current usage
Management. of Shadow IT.
Lunch 60 minutes
Office 365 Security Technical Technical Security

Technical readiness readiness Engineers 60 <Time>,
Readiness presentation time provided to Security minutes <Room>
Presentation slot. customer team. Architect
Workshop to
create an Office
365 security Defined high-
roadmap based level security Security
Office 365 Security Engineers
on the security roadmap based 60 <Time>,
Roadmap
requirements and on Office 365 Security minutes <Room>
Workshop
the prioritization Secure Score Architect
of the Office 365 security actions.
Secure Score
actions.
Provide an
Close-out engagement
All
Project close-out presentation and summary and 60 <Time>,
project
and Next steps discussion of next clear steps with minutes <Room>
team
steps. tangible
outcomes.
Office 365 Security Assessment Assets

The following assets are available as part of the Office 365 Security Assessment IP:
Artefact Description Type

Office 365 Security Guidance on how to deliver the Word document
Assessment-Delivery Guide Office 365 Security Assessment IP.
This document.
Office 365 Security Engagement kick-off presentation PowerPoint presentation
Assessment-Kick-off Meeting giving the customer an overview
of the engagements.
Office 365 Security Overview of the 2-day on-site PowerPoint presentation
Assessment-On-site workshops and project
Engagement Overview governance items.
Office 365 Security Microsoft vision for security and PowerPoint presentation
Assessment-Security and compliance in Office 365.
Compliance in Office 365
Office 365 Security Recommended discovery topics PowerPoint presentation
Assessment-Customer Security which needs to be covered by the
Strategy customer.
Office 365 Security Security questionnaire to be given Word document
Assessment-Questionnaire to the customer after the kick-off
presentation covering Office 365
and security objectives.
Office 365 Security Presentation covering how to PowerPoint presentation
Assessment-Protect customers protect against email based
against Spoof Phish Malware threats.
and Spam
Office 365 Security Presentation covering Office 365 PowerPoint presentation
Assessment-Gain visibility and Advanced Security Management.
control with Office 365
Advanced Security
Management
Assessment-Protect Sensitive Data Loss Prevention.
information with Office 365
Data Loss Prevention
Assessment-Acquire insights Threat Intelligence.
into proactively protecting
against advanced threats

Assessment-Data Governance Advanced Data Governance.
Office 365 Security Overview on how to use the PowerPoint presentation
Assessment-Security Office 365 Secure Tool as part of
Assessment using Office 365 a security assessment.
Secure Score
Engagement Tools
This section is for use by the partner technical specialists to learn how to use the tools as part of the
Office 365 Security Assessment.
Office 365 Secure Score

Office 365 Secure Score is a security analytics tool which calculates your tenant’s security score based
on existing security settings and behaviors compares them to a baseline asserted by Microsoft. It’s a
single tool which allows organizations to better understand their current security posture and based
on features that have been enabled within their Office 365 tenant. In addition, the Secure Score tool
will allow you to quickly determine and prioritize security actions which can be implemented to
reduce risk and will allow organizations to improve and track their Office 365 security posture over
time.
Note that Secure Score does not account for all possible security controls and is limited to security
controls within Office 365. Additional security controls will be added to the Secure Score tool over
time and this fact should be discussed with your customer as you propose the detect, protect,
respond security lifecycle of managed services your organization may provide.
To assist with the prioritization of the security action recommendations provided by Secure Score you
will use the “Office 365 Security Assessment-Remediation Checklist Tool-vX.X.xlsx” excel
spreadsheet. Instruct the customer to use following instructions to export the security actions and
controls to CSV so that you can copy & paste the recommended security actions in to the “Office 365
Security Assessment-Remediation Checklist Tool-vX.X.xlsx” excel spreadsheet.
Instructions on how to export the Secure Score data

After you have conducted the kick-off meeting, the customer needs to export the Secure Score data
and send it to you for analysis. You can either walk through the process over an online meeting or
send below instructions to the customer.
Ask the customer to:
1. Open the Office 365 Secure Score tool: https://securescore.office.com. Note that the customer
must sign in using their Office 365 tenant admin login credentials.
2. Verify that they have a calculated Secure Score showing in the Secure Score tool.
3. Select the Score Analyzer tab.
4. Select the Export button and select to export the “CSV – Action List” as well as the “CSV –
Control List”. Choose to save the two files to the local computer.
5. Ask the customer to send or share the exported CSV files to you, using a secure method of
transfer such as OneDrive.
Import the Secure Score data into the Office 356 Assessment-Remediation Checklist Tool
Once you receive the exported files from the customer use following procedure to import the Secure
Score data into the Office 356 Assessment-Remediation Checklist Tool:
1. Open the “CSV – Action List” excel file and copy and paste all content from row two and below
in to the ActionList tab on cell A2 within the “Office 365 Security Assessment-Remediation
Checklist Tool-vX.X.xlsx” excel spreadsheet.
2. Open the “CSV – Control List” excel file and copy and paste all content from row two and
below in to the ControlList tab on cell A2 within the “Office 365 Security Assessment-
Remediation Checklist Tool-vX.X.xlsx” excel spreadsheet.
3. In the “Office 365 Security Assessment-Remediation Checklist Tool-vX.X.xlsx” excel
spreadsheet, select the Data menu in Excel and select Refresh All. This will update the data
model used in the pivot table.
4. Go to the Results tab to view the Secure Score security actions sorted under User Impact and
Implementation Cost.
5. Work through each Secure Score security action and provide a priority based on what you
know about your customer’s current and desired security posture. For example: Quick Win 1-3
months, 3-6 months and 6 months and beyond. Additional instructions on how to use the
remediation checklist tool can be found in the Remediation Checklist ToolError! Reference s
ource not found. section.
Office 365 Advanced Security Management

The Office 365 Advanced Security Management tool provides following features:
 Threat detection - Identify high-risk and abnormal usage, security incidents, and threats
 Enhanced control - Shape your Office 365 environment with granular security controls and
policies
 Discovery & insights - Gain enhanced visibility and context into your Office 365 usage and
shadow IT
The Office 365 Assessment uses the Discovery & Insights features to provide the customer with
additional visibility of the use of Shadow IT within their organization as part of the “Office 365
Security Assessment-Gain visibility and control with Office 365 Advanced Security
Management-vX.X.pptx” readiness session. The Office 365 Assessment does not make use of any
other Advanced Security Management functionality including threat detection and or enhanced
control features.
Important! If the customer does not have a license for Office 365 Advanced Security
Management, they can sign up for a free 30-day trial from the Office 365 Admin center, Billing,
Purchase services section as per below screenshot. This will allow the customer to import their
specific firewall or proxy log to allow you to demonstrate their current usage of Shadow IT
during the “Office 365 Security Assessment-Gain visibility and control with Office 365
Advanced Security Management-vX.X.pptx” readiness session. Note that the specific firewall or
proxy must be supported by the Advanced Security Management tool as per:
https://support.office.com/en-us/article/Create-app-discovery-reports-in-Advanced-Security-
Management-3e68e691-1fc4-4d3e-a2c0-d3134eb64055?ui=en-US&rs=en-US&ad=US
In case it’s not possible to use the Office 365 Advanced Security Management tool connected
to the customer’s Office 365 tenant, or it’s not possible to import the firewall or proxy logs,
you should prepare a demo tenant and use a provided sample log file to be used during the
“Office 365 Security Assessment-Gain visibility and control with Office 365 Advanced Security
Management-vX.X.pptx” readiness session.
Use following instructions to assist the customer with the import of customer firewall or proxy logs if
using customer specific data or a sample log if using a dedicated demo tenant.
1. Open the Office 365 Security & Compliance center, and select Go to Advanced Security
Management under Alerts, Manage Advanced Alerts.
2. Select Create New Report from the Discover menu.
3. Type the name of the report, and select the data source. Note, if you are not using customer
specific data, select “Blue Coat ProxySG -Access log (W3C)” as data source for a
workaround. After selecting the Data source, select “View and Verify…”.
4. If using customer specific data, verify the log format together with the customer. If using
sample data using a dedicated demo tenant, select “Download sample log” to download a
sample log. Select close.
5. Under “Choose traffic logs”, select browse and select either the customer specific log or the
extracted sample log.
6. Select Create to generate the report. Note that it can be a time-consuming process to import
the logs dependent on the size of the file being imported. For this reason, make sure to
initiate the import process well in advance of the workshops. For example, the import of the
sample “Blue Coat ProxySG -Access log (W3C)” usually takes around 30 minutes.
Remediation Checklist Tool

The primary tool to help you verify current Secure Score security actions and prioritize these into an
actionable roadmap is the “Office 365 Security Assessment-Remediation Checklist Tool-vX.X.xlsx”
excel spreadsheet.
Use following instructions to make use of the tool:
Import the Secure Score data exported by the customer into the tool. See the This section is for use
by the partner technical specialists to learn how to use the tools as part of the Office 365 Security
Assessment.
1. Office 365 Secure Score section for details on how to export the data from Secure Score and
insert this into the remediation checklist tool.
2. As part of the workshops, work together with the customer to understand and prioritize the
security actions.
3. Copy the prioritized set of security actions as well as the charts in to the “Office 365 Security
Assessment-Close-out Presentation-vX.X.pptx” presentation which will be delivered at the
end of the engagement.
The remediation checklist tools have following Excel tabs:
Excel Tab Description

Instructions Quick instructions on how to use the tool.
ControlList Control list data copied from the “CSV – Control List” CSV file exported from Secure
Score.
ActionList Action list data copied from the “CSV – Action List” CSV file exported from Secure
Score.
Results Use the results tab to analyze and prioritize security actions as part of the
workshops. The prioritized list of security actions needs to be copied to the “Office
365 Security Assessment-Close-out Presentation-vX.X.pptx” presentation.
Charts The Charts tab contain basic charts, showing an overview of the Secure Score
results. The charts need to be copied to the “Office 365 Security Assessment-
Close-out Presentation-vX.X.pptx” presentation.
The results tab is where you view and prioritize security actions. You can filter the security actions
based on following categories:
 Status – Complete or incomplete

 Threats – Type of threat
 License – What license is required to implement the security action
You will see several columns within the Results tab. Note that all content except the Priority and
Comment columns will be automatically filled in after you have inserted the secure score data
received from the customer and refreshed the data within the excel spreadsheet.
Column Description
User Impact Impact of implemented security control on users:
 Low – little to no user productivity impact
 Moderate – some user productivity impact
Implementation Approximate cost and complexity of implementing the security action:
Cost  Low – Features that can typically be turned on without additional
licenses
 Moderate – Features that are complex to turn on and/or require
additional licenses
Security Action Name of security action.
Name
Security Action Description of security action.
Description
Security Action URL to allow configuration of security action.

URL
Security Action Can be Data, Account or Device.
Category
Baseline Baseline score for the security action. Can be between 1-50. Higher is better.
Priority Use this field to prioritize the security action. For example:
 Quick Wins (1-3 months)
 3-6 months
 6 months and beyond
Comment Provide additional details if required.
Appendix
Readiness Content
This appendix contains recommended learning material that each delivery resource should go
through before delivering the Office 365 Security Assessment.
General
 Explore and get familiar with the content in the Office 365 Trust Center
 Explore and get familiar with the content in the Microsoft Secure site
 Explore and get familiar with the content in the Secure Productive Enterprise site
 Explore and get familiar with the content in the Microsoft Cloud Service Trust Portal
 Explore and get familiar with the Office Drumbeat content
 Get familiar with the Plan for Office 365 security and information protection capabilities poster
 Read the Office 365 - Architecture and Procedure documents
 Read the Controlling Access to Office 365 and Protecting Content on Devices document
 Read Microsoft Office 365 Mapping of Cloud Security Alliance Cloud Control Matrix 3.0.1
document
 Get the latest Microsoft security updates from the Microsoft Secure Blog
 Create a demo environment and explore the Office 365 Advanced Security features as well as
Office 365 Secure Score. Partners can create Office 365 demo tenants at
http://demos.microsoft.com/
Readiness Presentations
To prepare you to deliver the included readiness presentation we recommend getting familiar with
below content:
Partner University – Covers all readiness content:
All Partner University recordings are available at the Partner University site. These recordings include
all readiness presentations that you can deliver as part of the Security Assessment offering.
Office 365 Secure Score:
 Introducing the Office 365 Secure Score

 Learn about Office 365 Secure Score: actionable security analytics
 An introduction to Office 365 Secure score
 New Office 365 capabilities help you proactively manage security and compliance risk
Advanced Threat Analytics:
 Learn how Microsoft Advanced Threat Analytics combats persistent threats

 Plan and deploy Microsoft Advanced Threat Analytics the right way
Advanced Security Management:
 Overview of Advanced Security Management in Office 365

 Get started with Advanced Security Management
 Gain visibility and control with Office 365 Advanced Security Management
Advanced Threat Protection:
 Introducing Office 365 Advanced Threat Protection

 Advanced threat protection for safe attachments and safe links
 Learn about advancements in Office 365 Advanced Threat Protection
Data Loss Prevention:
 Protect your sensitive information with Office 365 Data Loss Prevention
 Customize and tune Microsoft Office 365 Data Loss Prevention
Customer Lockbox:
 Announcing Customer Lockbox for Office 365

 Office 365 Customer Lockbox Requests
Advanced eDiscovery:
 Office 365 Advanced eDiscovery

 Video: Office 365 Advanced eDiscovery
 Reduce costs and challenges with Office 365 eDiscovery and Analytics
Advanced Data Governance:
 Advanced Data Governance overview

 Take control of your data with intelligent data governance in Office 365
 Applying intelligence to security and compliance in Office 365
Threat Intelligence:
 Applying intelligence to security and compliance in Office 365

Office 365 Security Assessment-Engagement Delivery Guide

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Office 365 Security Assessment-Engagement Delivery Guide

Uploaded by

Copyright:

Available Formats

Office 365 Security

Office 365 Security Assessment Assets ........................................................................................................................... 18

Version Changes Date

Understand cloud • Gain an understanding of the customers

• Provide guidance, recommendations and

• Provide a prioritized and actionable Office

Recommended Skills and Experience

Role Recommended resource skill sets

• Customer to complete/return questionnaire

• On-site workshops covering:

Component Description License Requirements

Deliverable, Work Product Description Delivery Date

Office 365 Security Assessment Engagement Preparation

Preparation for the Kick-off Meeting

 Prepare the kick-off meeting PowerPoint presentation

 Confirm that all customer stakeholders will attend the meeting

Preparation for the Readiness Presentations

 Protect customers against Spoof Phish Malware and Spam

Preparation for Day One of the On-site Workshops

 Example Schedule section within this document

Preparation for Day Two of the On-site Workshops

 Example Schedule section within this document

Delivering the Office 365 Security Assessment

General Delivery Tips

Day One of the On-site Workshops

On-site Engagement Overview

Office 365 Security Technical Readiness Presentation

Office 365 Security Overview

Customer Security Strategy

Review Security Questionnaire

Office 365 Secure Score Overview

Day one wrap up and Q&A

 Allow enough time for Q&A

Day Two of the On-site Workshops

Day Two Briefing

 Discuss progress of day one and allow time for Q&A

Secure Score Recommendations / Discussion

Office 365 Security Technical Readiness Presentation

This is the second technical readiness presentation time slot.

Office 365 Security Technical Readiness Presentation

This is the third technical readiness presentation time slot.

Office 365 Security Roadmap Workshop

Project close-out and Next steps

Microsoft‘s Provides a high-

Customer presents Provides a mutual

Review the Prioritized list of

Office 365 Security

Overview of Office Security

Day one wrap up and Q&A 20 minutes

Office 365 Security Technical Technical Security

Office 365 Security Assessment Assets

Artefact Description Type

Office 365 Security Presentation covering Office 365 PowerPoint presentation

Office 365 Secure Score

Instructions on how to export the Secure Score data

Ask the customer to:

Office 365 Advanced Security Management

2. Select Create New Report from the Discover menu.

Remediation Checklist Tool

Use following instructions to make use of the tool:

The remediation checklist tools have following Excel tabs:

Excel Tab Description

 Status – Complete or incomplete

Security Action URL to allow configuration of security action.