Forum Discussion
BrandonKoeller
Microsoft
MicrosoftAnnouncement: Office 365 Secure Score Released to Public Preview
Microsoft is pleased to announce the preview availability of a new security analytics service called the Office 365 Secure Score. The Secure Score is a security analytics tool that will help you unde...
Another issue with Secure Score.
"You should require that all of your users reset their password at least every 60 days"
This is no longer current best practice where strong passphrases and 2FA are used since more rapid enforced change of passwords leads to the use of weaker ones.
Unable to access this, I get the following:
403
Sorry! Access denied :(
You don't have permission to open this page. If you're a new user or were recently assigned credentials, please wait 15 minutes and try again.
Anyone else seeing this?
403
Sorry! Access denied :(
You don't have permission to open this page. If you're a new user or were recently assigned credentials, please wait 15 minutes and try again.
Anyone else seeing this?
BrandonKoellerMicrosoft
MicrosoftHey Chris,
Sorry for the trouble. The most likely cause is that the acocunt you are using has not been assigned the global administrator role. The Secure Score requires that privilege level at the moment.
Thanks!
Brandon Koeller
- InfoSec teams who'd find securescore useful for GRC purposes wouldnt want or shouldn't get the permission required to access it. Segregation of roles associated with access to this kind of functionality would be v useful.
- BrandonKoeller
Hey John,
Thanks for the feedback. So, the way the access model is implemented users of the tool are only able to perform actions that align with their assigned role. So, if a control requires global admin permissions and the user is assigned an Exchange Online Admin role, they won't be able to make the change. This leaves some roles such as Security Administrator as functionally read-only roles. Most of the read-only state and configuration data is already accessible to all those roles anyway (although it would take more work to get the state data). We tried to strike a balance between exposure of the recommendations to the right set of company stakeholders while respecting the constraints of their assigned roles.
Thanks!
Brandon Koeller
Hi Brandon,
I've granted all my InfoSec guys access in the Security and Compliance center as Security Administrators and Compliance Admins, but that doesn't seem to allow them to access SecureScore.
I then gave them Custom Administrator/Reports Reader, but they still got 403 when accessing the page. Will try going up to Service Admins and see if that allows them in. I also noticed that Compliance Admin is not listed in the available admin roles for Office 365 users. Am I missing a preview feature or something?
Thanks for the reply, however I'm using my account and I am a global administrator.
