Secure Score not Scoring....

Secure score never update. i think we should not relay on this

same here, we have been reviewing sign-ins after multiple failure report weekly, however, we haven't got any score on the secure score.

I am having exactly the same problem, I have enabled data loss prevention polies.  They have been applied for months.  I have tried turning them on and off to kickstart the points however It just isn't being picked up at the moment.  Someone please help me?

christopherp- I feel like a standing ovation is in order for your statement you just made! As an IT Security, Risk and Compliance professional I whole heatedly agree with your entire statement. O365 available roles are not being appropriately allocated to match the real world roles that actually align with IT compliance guidelines that must be kept. One also must be a global admin in O365 to access, read and use items from ATP and TI which is not the role of a Global Amin which is why they are listed under the Security and Compliance area of O365.

75 days later since we opened our ticket, here is our answer as to why reviewing reports as a compliance administrator, security reader, or as any other role besides global admin fails to give credit and increase the secure score:

"The issue is this: in order to get points for these controls, the user reviewing these reports must be a Global Administrator. A user set as a Compliance Administrator isn't able to raise their securescore by reviewing reports, it must be a Global Admin.”

One of the securescore recommendation is to designate five or fewer global admins. Now we have to designate one of those five just to look at reports and increase our score? What about separation of duties, and principle of least privilege? I, as a security professional, do not want access to functions I will never use (but a hacker certainly would, should my account become compromised) just so that I can read reports and increase our score. The actual global admin doesn't want to spend her day reading security reports - that is my job. She wants to focus on turning on the new features that secure score recommends be implemented in our tenant.

Hi Zeff,

Thanks for bringing this to my attention.  You have a good point.

The spirit of the "Review role changes weekly" report was to have you see if someone was made a global admin, while the "Review non-global administrators weekly" report focuses on roles like billing admin, user admin, etc.  The "Review role changes weekly report" does not correctly communicate the spirit.  In talking with the engineering team they are going to make a change to merge the two actions into one and update the text to say that you need review changes to your global and non-global admin roles weekly.  No ETA yet on when that will get updated.

Thanks again for bringing this to my attention!

Anthony, what is the difference between Review Non-Global Administrators and Review Role Changes?  They both point to the same place.  You are reviewing the same data from what I can tell...

Hi Christopher B.

Sorry to hear that you are having issues with getting support.  Private message me your ticket number and if you have the name of any technical person you talked to at Microsoft about your ticket and I will look into it.

Hi Christopher W.

Are you reviewing the reports from the Secure Score user interface?  If you have bookmarked the reports and are going directly to the report, Secure Score will not provide the points as the reports don't provide telemetry on if you went to them.  You have to use the review button in Secure Score.

I go through each reviewable metric and click on Review. After I have done something on the page (like clicking on 7 days or 30 days for the Risky Signins or looking at the Administrator Role Changes), I go back to the page with the Review button and click on the X in the upper right to close it (I assume that Cancel will nullify whatever you did), and go to the next metric.

I've had a ticket open with Premier support since 4/19 for this issue. We (myself and the 3rd party guy who got the ticket) are still waiting for an MS Engineer to pick the ticket up so we can even START troubleshooting. Seems to me waiting 5+ weeks for the ticket to even get touched is well beyond the realm of reason.

I guess my point is this interface is horribly broken and MS seems to have little to no interest in correcting the issue. My advice is not to waste your time on Secure Score if you want a metric that is actually useful.

I am also curious about the same questions. 

What does "review" mean in this case?  I have been running these reports from the Secure Score portal for weeks and not getting a score update.  If anything our score keeps dropping with very little information as to why.  

How can we implement best practices if we cannot show that we are actually doing the requested items?  And why can't we use something like Power Bi to automate the daily/weekly reporting?  

Global admin makes no difference on our tenant from what I can see

I am also unable to receive credit (increased score) for reviewing reports. I have the Security Reader role. I am not a global admin.

Can anyone else confirm what AdminSeg365 has posted - that credit is given if you review the report as a global admin?

Also, can anyone explain what the definition of "review" is here, including if the definition varies from report to report? Wondering if I need to drill down into x number of rows, leave a report open in the browser for x number of minutes, request and download a scheduled report, or something else, to satisfy the "review" requirement.

Same here, but when we use global admin for activities, they get scored.

I do not like to use global admin for operational/day to day activities.

Hi Andy,

We would be happy to take a look at that for you.  If you can use the feedback button in the bottom right of any Secure Score page to provide us the details and check the box that we can contact you that would be great.

Secure score on our tenant has never shown anything on the time lines: always "not enough data".  Unfortunately, none of the scored reports generate a change in the score either. Ran them again today, so perhaps might see something tomorrow!

Hi Pieter,

I am not sure why you are not getting points for these two things if you have enabled them over two weeks ago.  In my own demo tenant I see points for OneDrive so this might be an isolated issue with you tenant.  Can you please use the feedback button on the bottom right of any Secure Score page to provide us this feedback.  This will give us more info about your tenant so we can investigate.

Hi Anthony,

Thanks for your reply. My secure score is updated again. But before March 1:

• I have enabled the built-in Office 365 MFA for my admin account and my personal account. 
• I also put data on my Onedrive for business and that is not reflected in the secure score.

Nevertheless, secure score indicates that I have not taken these actions. Can you tell me how that is possible?

Hi Tan and Pieter,

There is currently an issue with scores being updated.  The last day of data you should see is March 8th.  If there are items that are not being score and you enabled them before this date (and they don't say "Not Scored" as these don't give you points yet), please feel free to use the feedback button in bottom right of any Secure Score page and let us know what is not scoring.

I have the same problem. I made some changes but the Secure Sccore is not adjusted at all. Since 2 March 2018 already no longer. 

Does that mean that the changes I have made not have been processed or is there a problem whith my Secure Score update at all since 2 March 2018?

Regards, 

Pieter

Hi,

Anyone has a fix for this?

Our Secure Score did not increase even we've enabled MFA and Mailbox Audit etc...

Hi Britton,

Sorry for the poor experience you have been having with Secure Score and our support team.  For us to best understand your situation, would you mind entering feedback via the feedback button in the bottom right side of the Secure Score page.  Please include in your feedback the controls that are not being scored and the ticket number you had with support.

For the controls you are having problems with, Enable Client Rules Forwarding Block is also not working for me so I will escalate that to the development team.  For the reporting actions, I see those being scored in my tenant so I am not sure what is happening there.  The only thing I can think of is that you have to view the report from Secure Score as there is no telemetry to tell if you go directly to the report location.  Mailbox auditing is also working on my tenant too so this is something we should investigate in your tenant.

I started using this for the first time this past week having very positive hopes for it as there are many good points that businesses should be looking at. However, as I went through things I saw things that we have already had implemented for months was not scored (Enable Client Rules Forwarding Block) and then many other items that I completed for the weekly audits with zero recording of points to show it was in fact taken care of. We had previously had mailbox auditing enabled, but for the heck of it I went in and ran the script to ensure that all types of mailboxes had auditing turned on. Confirming that there was a success of all 4,000+ accounts were enabled minus only 5 accounts which puts it well above the 90% mark for that score with once again no score being given. Can someone please help me look into this as to why this is not functioning properly as O365 support when I opened a ticket was less than helpful and only wanted to tell me over and over that "Microsoft could not guarantee that you will not be breached" which was never part of my questions or conversation...