Sep 22 2022 02:24 AM - edited Sep 22 2022 03:38 AM
Dear community members,
I have a 365 tenant with Business Standard and Defender for Office P1 licenses.
At the moment, Secure Score for this tenant is ~50%, even though Standard Protection preset policy is applied to all recipients.
If I also manually create all the different policies, Secure Score jumps to ~80%, however to my understanding this is purely cosmetic as these policies never get applied - the preset policy always take precedence.
Am I missing anything here, or Secure Score ignores preset policies?
EDIT:
One more example for this issue is that in Recommended Actions there are recommendations to enable Safe Links and Safe Attachments, which are already enabled by Standard Protection.
Sep 25 2022 02:26 AM
Oct 03 2022 08:50 AM - edited Oct 03 2022 08:53 AM
I'm seeing the same behavior currently, adding my experience hoping someone has some insight here.
We've enable the standard protection policy for all recipients as of 9/30/22 and still are not seeing any points gained in the recommended actions the standard protection policy should cover, such as safe links/attachments and impersonated user/domain actions. I've seen many reports of the score updating being delayed, but I would expect it to be reflected by now. We've also confirmed policies are in effect for users manually so not a case of it being incorrectly applied. The security score "scanning" is still occurring at 8pm each day as well, just not catching and updating our score on policies added by the standard policy. @RRELS15
Oct 14 2022 01:46 PM
I'm seeing the same thing with secure score not representing my settings via preset security policy.
The number one top ranking secure score item in my tenant is "Create Safe Links policies for email messages " Implementation status: 100% of users aren’t affected by policies set from the following domains.... I have configured "Preset Security Policy" to "apply Protection to" "All Recipients".
I have confirmed that Safelinks and Safe Attachments are defiantly working, I have seen it working and I have viewed the logs.
I followed this guide to confirm that Standard Preset Security Policy is Enabled https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/preset-security-policie...
I recently saw a sharp dip in our secure score.
I raised a case with Office365 Support to be sure that I had not made a misconfiguration and with the help of support was able to confirm that my settings were correct.
Personally I do not like to see the low secure score number i am seeing but I'm not worried about it because I have checked my settings are valid and are working.
Also, you i believe you are correct in what you said about Order of precedence for preset security policies and other policies. I had Custom policies for safe links and safe attachments, but I turned them off because Preset Security Policy was handling the settings. My Secure Score points regressed to 0 for these items once the custom policy was off.
Oct 19 2022 01:37 AM
@ADM_TOR Thank you for your reply,
As you said - it's a purely cosmetic issue, but an annoying one. Microsoft Feedback team has contacted me and I provided them some additional information, I hope this will be resolved sometimes in the near future.
Nov 04 2022 08:45 AM
Nov 04 2022 09:55 AM
Thanks for the notification. The secure score issue has recently been fixed in my tenant too.