Forum Discussion

Brass Contributor

May 19, 2023

Solved

Secure Score and New Intune Category Additions

Hello, Our Secure Score added several Intune related items end of April 2023. Items such as "require screen time lockout", "require device encryption", "block jail broken devices", "require devic...

microsoft intune

microsoft secure score

MzPhoenix
Jul 19, 2023
Damir

Per the Secure Score update blog at https://learn.microsoft.com/en-us/microsoft-365/security/defender/microsoft-secure-score-whats-new?view=o365-worldwide#april-2023

This was an intended change for all tenancies with an active "Defender for Cloud Apps" license. Can confirm these new controls are only present in tenancies with this license as I have a mix of customers with and without it.

I can't for the life of me comprehend why so many "Intune" items were put under a "Defender for Cloud Apps" requirement since in theory you could have Defender for Cloud Apps WITHOUT an active Intune license and/or using/enrolling any devices in intune.

Furthermore, from my testing these items are completely broken at the moment. Their "Implementation" information is laughable and getting credit for them is incredibly inconsistent. At the moment I am recommending to my team we mark all of them as "Alternate Mitigation" and move on with our lives.

It's an embarrassment that this half-baked update was pushed to production. Microsoft should pull this back and fix all of these.

MzPhoenix

Copper Contributor

Jul 19, 2023

Damir

Per the Secure Score update blog at https://learn.microsoft.com/en-us/microsoft-365/security/defender/microsoft-secure-score-whats-new?view=o365-worldwide#april-2023

This was an intended change for all tenancies with an active "Defender for Cloud Apps" license. Can confirm these new controls are only present in tenancies with this license as I have a mix of customers with and without it.

I can't for the life of me comprehend why so many "Intune" items were put under a "Defender for Cloud Apps" requirement since in theory you could have Defender for Cloud Apps WITHOUT an active Intune license and/or using/enrolling any devices in intune.

Furthermore, from my testing these items are completely broken at the moment. Their "Implementation" information is laughable and getting credit for them is incredibly inconsistent. At the moment I am recommending to my team we mark all of them as "Alternate Mitigation" and move on with our lives.

It's an embarrassment that this half-baked update was pushed to production. Microsoft should pull this back and fix all of these.

Urvi_Lad
Copper Contributor
Aug 01, 2023
Yes we have same issue. I have opened case with MS Defender support twice but no correct and satisfactory answer received yet.
Damir
Brass Contributor
Jul 19, 2023
MzPhoenixthat is good to know that something did change and it wasn't just us imagining things. Agree on all your points and yes we've gone down the Alternate Mitigation route ourselves as a "solution".