Forum Discussion

Niklas Jern's avatar
Niklas Jern
Copper Contributor
Sep 08, 2019

Secure score doesn't score if utilized via CA

Hi,

 

Is it just me or is the secure score not scoring something that is implement it it being utilized via Conditional Access?

For example 'Require MFA for Azure AD privleged roles', we are using Condtional Access on all the admin roles. We still haven't score full points on this one.

 

Regards

 

  • Niklas Jern  you could use Azure AD's PIM so that you don't have any persistent global admins.  If you don't have persistent global admins, then there's nothing for the score reporting service to check against for ensuring that your global admins are MFA-protected.  That may end up getting you the score that you're after.

    • Niklas Jern's avatar
      Niklas Jern
      Copper Contributor

      Thomas Garrity The problem isn't the amount of GA. The issue is that Secure Score doesn't score properly when you have fulfilled the task via CA

      • Thomas Garrity's avatar
        Thomas Garrity
        Brass Contributor

        Niklas Jernyou might be missing my point.  If you have 0 GA's, then maybe you get a full score because therefore none of your GA's would fall into the category of not being forced to MFA, since you don't have any GA's.

         

        I believe it's worth a shot.  It doesn't hurt to spin up a trial instance to test it out...

Resources