Blog Post

Microsoft Security Community Blog
3 MIN READ

Updates to Microsoft Secure Score, New API and Localization

Anthony Smith (A.J.)'s avatar
Anthony Smith (A.J.)
Icon for Microsoft rankMicrosoft
Sep 12, 2018
We love that the community has great discussions on Microsoft Secure Score.  One of the topics we hear from you and other organizations is on the Secure Score API.  This is a great way to programmati...
Updated May 11, 2021
Version 7.0
Microsoft Secure Score
security
Himanshu Singh's avatar
Himanshu Singh
Copper Contributor
Nov 15, 2018

We need to programmatically access the scores for the criteria displayed on secure score portal. We came across securescore endpoint/ method of graph API in beta version to get the secure score. We observed that securescore from graph API doesn’t render score for all the criteria displayed in secure score portal. 

 

Could you please suggest a way by which we can get the score of all the criteria programmatically. 

 

Below are the criteria for which we are not getting data using secure score graph API:

1.     Require PC and mobile devices to have advanced security configurations

2.     Enable Enhanced Jailbreak Detection in Microsoft Intune

3.     Mark devices with no Microsoft Intune Compliance Policy assigned as Non-Compliant

4.     Review blocked devices report weekly

5.     Require PC and Mobile devices to be patched, have anti-virus, and firewalls enabled

6.     Enable audit data recording

7.     Set outbound spam notifications

8.     Enable Information Rights Management (IRM) service

9.     Do not use transport rule to external domains

10.  Do not use transport white lists

11.  Review permissions & block risky OAuth applications connected to your corporate environment

12.  Discover risky and non-compliant Shadow IT applications used in your organization

13.  Set automated notification for new OAuth applications connected to your corporate environment

14.  Enable Office 365 Cloud App Security Console

15.  Set automated notifications for new and trending cloud applications in our organization

16.  Identify Shadow IT application usage in your organization by automating log upload from firewalls

17.  Detect Insider Threat, Compromised account, and Brute force attempts in cloud applications

18.  Set custom activity policy for your organization to discover suspicious usage patterns in cloud apps

19.  Do not use mail forwarding rules to external domains

20.  SPO Sites have classification policies          

21.  Do not allow anonymous calendar sharing

22.  Do not allow external domain skype communications      

23.  Do not allow calendar details sharing

24.  Tag documents in SharePoint 

 

Also the secure score gives only score data but no specific details like detailed information ex. It doesn’t provide all the admin MFA accounts for which MFA is not enabled for Enable MFA for Azure AD privileged roles. Is there a way to get such data programmatically (without using MSOnline)