Forum Discussion
Secure score doesn't score if utilized via CA
Niklas Jern you could use Azure AD's PIM so that you don't have any persistent global admins. If you don't have persistent global admins, then there's nothing for the score reporting service to check against for ensuring that your global admins are MFA-protected. That may end up getting you the score that you're after.
- Niklas JernSep 12, 2019Copper Contributor
Thomas Garrity The problem isn't the amount of GA. The issue is that Secure Score doesn't score properly when you have fulfilled the task via CA
- Thomas GarritySep 14, 2019Brass Contributor
Niklas Jernyou might be missing my point. If you have 0 GA's, then maybe you get a full score because therefore none of your GA's would fall into the category of not being forced to MFA, since you don't have any GA's.
I believe it's worth a shot. It doesn't hurt to spin up a trial instance to test it out...
- Niklas JernSep 15, 2019Copper Contributor
Thomas Garrity I get it, it might work with this work around . But it still doesn't fix that the secure score is broken. + PIM is an E5 functionality, that doesn't help either