Forum Discussion

RRELS15's avatar
RRELS15
Copper Contributor
Sep 22, 2022

Secure Score and preset security policies

Dear community members, I have a 365 tenant with Business Standard and Defender for Office P1 licenses. At the moment, Secure Score for this tenant is ~50%, even though Standard Protection preset p...
ADM_TOR's avatar
ADM_TOR
Copper Contributor
Oct 14, 2022

I'm seeing the same thing with secure score not representing my settings via preset security policy. 

 

The number one top ranking secure score item in my tenant is "Create Safe Links policies for email messages " Implementation status: 100% of users aren’t affected by policies set from the following domains.... I have configured "Preset Security Policy" to "apply Protection to" "All Recipients". 

I have confirmed that Safelinks and Safe Attachments are defiantly working, I have seen it working and I have viewed the logs. 

 

I followed this guide to confirm that Standard Preset Security Policy is Enabled https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Flearn.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Foffice-365-security%2Fpreset-security-policies%3Fview%3Do365-worldwide%23use-powershell-to-view-rules-for-preset-security-policies&data=05%7C01%7CADM_TOR%40ttmhealthcare.com%7C7ae67aff8dd74d10ded408daad2d735d%7C4e57bc08074a47a19de692dec6a50c73%7C0%7C0%7C638012707982040411%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=zGFtB9X8bMV0Farw4BqB6O1Njxs21J10Aldvzm1jdsg%3D&reserved=0

 

I recently saw a sharp dip in our secure score. 

I found this Message Centre https://pupuweb.com/mc429465-microsoft-secure-score-adding-new-improvement-actions-impersonation-protection-sharepoint-online/ message about Secure score changes. 
 
it says the following items will now be scored in the secure score calculation:
  • Set the phishing email level threshold at 2 or higher
  • Enable impersonated user protection
  • Enable impersonated domain protection
  • Ensure that mailbox intelligence is enabled
  • Ensure that intelligence for impersonation protection is enabled
  • Quarantine messages that are detected from impersonated users
  • Quarantine messages that are detected from impersonated domains
  • Move messages that are detected as impersonated users by mailbox intelligence
  • Enable the ‘show first contact safety tip’ option
  • Enable the user impersonation safety tip
  • Enable the domain impersonation safety tip
  • Enable the user impersonation unusual characters safety tip
my understanding of the following link tells me that a lot of these settings should be set by the Standard Preset Security Policyhttps://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Flearn.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Foffice-365-security%2Frecommended-settings-for-eop-and-office365%3Fview%3Do365-worldwide&data=05%7C01%7CADM_TOR%40ttmhealthcare.com%7C7ae67aff8dd74d10ded408daad2d735d%7C4e57bc08074a47a19de692dec6a50c73%7C0%7C0%7C638012707982040411%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=ai3deZ1oAoOpGAoFt5tW3Q04k%2FjGXPG4xXLQbk0J7%2FE%3D&reserved=0

 

It looks to me like the Standard Preset Security Policy is on, the settings are configured, but Secure Score is not reflecting that they are set, even after weeks since the Standard Preset Security Policy was set to protect "All Recipients" . 
 

I raised a case with Office365 Support to be sure that I had not made a misconfiguration and with the help of support was able to confirm that my settings were correct. 

Personally I do not like to see the low secure score number i am seeing but I'm not worried about it because I have checked my settings are valid and are working. 

 

Also, you i believe you are correct in what you said about https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/preset-security-policies?view=o365-worldwide#order-of-precedence-for-preset-security-policies-and-other-policies I had Custom policies for safe links and safe attachments, but I turned them off because Preset Security Policy was handling the settings. My Secure Score points regressed to 0 for these items once the custom policy was off. 

 

RRELS15 

  • RRELS15's avatar
    RRELS15
    Copper Contributor
    Oct 19, 2022

    ADM_TOR Thank you for your reply,

    As you said - it's a purely cosmetic issue, but an annoying one. Microsoft Feedback team has contacted me and I provided them some additional information, I hope this will be resolved sometimes in the near future.

    • RRELS15's avatar
      RRELS15
      Copper Contributor
      Nov 04, 2022
      TomDufour
      ADM_TOR
      Just wanted to let you guys know that the Secure Score issue was fixed, at least for me - please check your tenants as well. I'm at 85%, and recommendations are valid.
      • ADM_TOR's avatar
        ADM_TOR
        Copper Contributor
        Nov 04, 2022

        RRELS15 

        Thanks for the notification. The secure score issue has recently been fixed in my tenant too. 

Resources