Forum Discussion
Secure score not improving after implementing ASR
I need some help on the following;
Improving secure score for one of our customers.
For example, the secure score is improving for identity. I implemented user risk and sign in risk CA policies on the 14th and on the 18th defender is increasing the secure score
However i also implemented ASR rules 23rd of september but it still says ASR are recommended actions.
Etcetera.
I powershelled into one of the targeted endpoints and confirmed the ASR rules are active on the machine.
Connector is on
The are using Crowdstrike as primary AV.
Can the 2 AVs work together so the score gets updated for device?
Would i need to manually create exeptions for every rule? I hope not..
Thank you in advance.
Regards,
Andrew
1 Reply
Hi AndrewNLD,
That’s normal - Secure Score only updates if Microsoft Defender for Endpoint is the active antivirus.
Since CrowdStrike is the primary AV, Defender runs in passive mode and doesn’t report ASR rule status back to Secure Score.
Your ASR rules are still working on the devices, they just don’t count toward the score unless Defender is active or running in EDR Block Mode.
You can double-check by running:
Get-MpComputerStatus | Select AMServiceEnabled, AMRunningMode
If it shows Passive, that’s why the score hasn’t moved.
