SecureScore bugs

You are absolutely right. As of October 2025, there is still no consistent and straightforward way to submit feedback directly from the Microsoft 365 Secure Score portal, despite the fact that many of the recommendations and links clearly need to be updated. Your examples are accurate. The Safe Attachments recommendation often fails when using a custom quarantine policy, even if it is restricted to admins only. The Outbound Spam filter guidance still shows incomplete criteria compared to the real documentation.

The main issue is that Secure Score checks for particular configurations rather than functional equivalents. If you apply a custom setting that meets the same security intent, the system does not recognize it and flags it as noncompliant. That is why many admins have to mark items as resolved through alternate mitigation even when they are correctly configured. It is not misleading on your part. It is simply how the scoring logic works.

The best way to share this feedback is from inside the Defender portal. On the Secure Score page, open the settings menu and select Give feedback. That message goes to the product group. You can also submit detailed notes through the Microsoft Feedback Hub under Security and Compliance, or leave a comment at the bottom of the related Microsoft Learn pages. The documentation team monitors those comments, which often lead to internal updates. Your examples provide solid feedback that the Secure Score team takes seriously once they receive enough reports. Please hit like if you like the solution.