Forum Discussion
Secure Score - identifying actions marked as Resolved through Third Party
At the moment we have some recommendations that are addressed through a third party application (e.g. we use a third party to assess email for impersonation risk). I can mark this in secure score as resolved through Third Party which is great (we've found that email flow is too slow if we 'double' up the protection).
What I'm trying to work out is that, if we decide to stop using the third party software, is there a way I can find the recommendations that have been marked as Resolved through Third Party? I can see that tagging the recommendation with the name of the Third Party might help identify them - but I can't see any way to filter or find the recommendations in Secure Score that do not have a Status of 'To address'?
Can you filter on Status in the Secure Score section of Defender? If not, is there another way to access this underlying data and update it?
2 Replies
Thank you. Whilst I've managed to export to CSV and filter to find them, I've realised that hasn't helped me if I need to update them. So I'm going to have to learn PowerShell to use Secure Score effectively which feels as though it slightly defeats the point of Secure Score as it decreases its usefulness as an 'on-going' method of monitoring your security.
Hi, unfortunately, there’s no built‑in filter in the Secure Score UI for “Resolved through Third Party”
-You can export your Secure Score to CSV and filter on the Status or ResolvedThroughThirdParty column.
-Or automate it via the Microsoft Graph Security API (/security/secureScores or secureScoreControlProfiles) or the Microsoft.Graph.Security PowerShell module, query, filter and then update recommendation statuses directly via API/PowerShell.
