Let’s cut to the chase. Many of your clients—oodles of them—use Microsoft services. And that presents plenty of opportunities and some unique challenges. Here’s a few things to keep in mind.
Microsoft Security Scores Present New Opportunities
The cyber insurance world has often been described as a Wild West all on its own. This nascent industry is learning and evolving at the pace of cyberthreats and countermeasures—no small feat. MSPs often are asked to help their clients with their cyber insurance applications (new and renewal alike), particularly considering the increasingly technical details insurers are requesting. One question that’s cropped up in this latest round of applications centers on Microsoft security scores.
If you’re new to Microsoft security scores, think of them this way:
As its name suggests, a Microsoft security score is a way of measuring the security of your clients’ Microsoft accounts. Each company’s score is based on many variables, including password strength, the number of factors used in multi-factor authentication (MFA) and whether or not they’ve been using Microsoft’s recommended security practices.
The score is intended to provide current account security feedback that can be used to help plan a security strategy. Microsoft presents raw scores and also compares them to “similar” companies so your clients can get a bead on what their scores could (or should) be.
And at least one cyber insurance provider is now connecting directly to Microsoft instances to obtain scores and help its clients boost them (and is also claiming to lower premiums in the process).
This highly specific focus by cyber insurers provides a valuable opportunity to address cyber resilience [CF1]with your clients, based on a powerful outside force. As your clients seek assistance with bringing their scores up to increase their chances to secure coverage, the door opens wide to discussions about cyber resilience and all the components they need to be resilient in the world’s increasingly complicated threat landscape.
Here are some talking points to bring up as your clients are asking for help reporting and boosting their scores:
- Your cyber insurance company’s interest in your Microsoft security score shows you how vital cloud and application security are becoming. It will only become more so the further we go into our new work-from-anywhere (WFA) era.
- Even with Microsoft security boosts, you can lose data. Some of the biggest breaches in history have targeted Microsoft products. You still need to have resilience in today’s world—for Microsoft services and all the other potential vectors the bad guys can use to attack you.
- Some services—like Microsoft 365 backup—can deliver endpoint-level protection you can use to quickly restore a single user without having to roll back the organization.
This emerging focus on Microsoft security scores may prove particularly potent when dealing with customers who are dragging their feet on new or deeper adoption of cyber resilience services. Even those without cyber insurance will (or should!) be interested to learn that cyber insurance companies are focusing heavily on Microsoft-oriented security. This dynamic provides you with a natural opening for discussions that may help you get your foot in the door with those clients you’ve been eyeing—even if you must start with a baby step like just helping them boost their scores.