Forum Discussion

JurjenOskam's avatar
JurjenOskam
Copper Contributor
Jun 15, 2021

Secure Score: Security Defaults doesn't award full points for improvement points stated in the docs

Hi,

 

The Secure Score documentation states the following about Security Defaults:

 

If you turn on security defaults, you'll be awarded full points for the following improvement actions:

  • Ensure all users can complete multi-factor authentication for secure access (9 points)
  • Require MFA for administrative roles (10 points)
  • Enable policy to block legacy authentication (7 points)

However, in a tenant I manage this is not what happens. I am awarded full points for the second and last bullets, but not for the first bullet. For that improvement action, I am only awarded 4.33 out of 9 points, and under "Implementation status" it states that: "You have 25 out of 52 users registered and protected with MFA."

 

The documention is very clear: enabling Security Defaults should award full points. Does the fact that this does not happen in this tenant mean the documentation is incorrect, or that something is wrong with the tenant?

Resources