SOLVED

Secure Score - How much should I believe it?

%3CLINGO-SUB%20id%3D%22lingo-sub-1401736%22%20slang%3D%22en-US%22%3ESecure%20Score%20-%20How%20much%20should%20I%20believe%20it%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1401736%22%20slang%3D%22en-US%22%3E%3CP%3EOur%20company%20is%20just%20getting%20to%20the%20point%20where%20we%20are%20nearly%20sorted%20for%20security%20and%20best%20practice.%3C%2FP%3E%3CP%3EWell%2C%20we%20are%20trying%20to%20be%20for%20a%20small%20company%2C%20M365%2F%2020%20users%2F%20Intune%20etc.%20Staff%20self-taught.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20sort%20of%20visit%20secure%20score%20but%20it%20doesn't%20feel%20like%20its%20accurate.%3C%2FP%3E%3CP%3EIt%20seems%20to%20vary%20widely%20sometimes.%20So%20I%20don't%20know%20how%20much%20to%20trust%20it%20as%20a%20measure%20of%20how%20safe%20we%20are%20as%20a%20business%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20am%20aware%20they%20have%20been%20changing%20things%20recently%20to%20make%20it%20better.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESo%20should%20I%20trust%20it%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThoughts.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1401736%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ECompliance%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESecurity%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1402074%22%20slang%3D%22en-US%22%3ERe%3A%20Secure%20Score%20-%20How%20much%20should%20I%20believe%20it%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1402074%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F592435%22%20target%3D%22_blank%22%3E%40Jeremy_Heath%3C%2FA%3E%26nbsp%3BHello%20again%2C%20I%20would%20like%20to%20suggest%20that%20you%20look%20at%20the%20Secure%20Score%20a%20guidance%20as%20the%20'improvement%20actions'%20aren't%20quite%20applicable%20for%20all%20businesses%20and%20scenarios.%20We've%20been%20struggling%20sometimes%20but%20can%20fulfill%20one%20'improvement%20action'%20with%20another%20solution%2C%20for%20example%20third-party%20or%20similar%2C%20and%20the%20Secure%20Score%20hasn't%20any%20data%20about%20that.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1402117%22%20slang%3D%22en-US%22%3ERe%3A%20Secure%20Score%20-%20How%20much%20should%20I%20believe%20it%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1402117%22%20slang%3D%22en-US%22%3EHi%20again%2C%3CBR%20%2F%3EYes%20it%20does%20seem%20a%20bit%20vague%20sometimes.%3CBR%20%2F%3E%3CBR%20%2F%3EI%20have%20even%20followed%20the%20suggestions%20(e.g.%20DLP)%20and%20it%20doesn't%20seem%20to%20understand%20I%20already%20have%208%20DLP%20policies%20enabled%3F%3CBR%20%2F%3E%3CBR%20%2F%3EAnyway%20i%20will%20do%20as%20you%20suggest%20and%20not%20take%20it%20to%20literally%3CBR%20%2F%3E%3CBR%20%2F%3EThanks%20again%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1424753%22%20slang%3D%22en-US%22%3ERe%3A%20Secure%20Score%20-%20How%20much%20should%20I%20believe%20it%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1424753%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F551905%22%20target%3D%22_blank%22%3E%40bec064%3C%2FA%3E%26nbsp%3BIf%20you%20have%20used%20a%203rd%20party%20solution%20to%20meet%20the%20requirement%2C%20you%20should%20be%20able%20to%20mark%20it%20as%20'complete%20via%20third%20party'%20and%20get%20the%20points%20for%20that.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1424896%22%20slang%3D%22en-US%22%3ERe%3A%20Secure%20Score%20-%20How%20much%20should%20I%20believe%20it%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1424896%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F95001%22%20target%3D%22_blank%22%3E%40Greg%20Smith%3C%2FA%3E%26nbsp%3BFair%20enough%20Greg.%20Although%20my%20example%20was%20the%20actual%20data%20collected%20by%20Secure%20Score.%20Meaning%20not%20choosing%20'Resolved%20by%20third-party'%20(as%20we%20ended%20up%20doing%20during%20an%20assessment).%20Anyway%2C%20thanks%20for%20your%20reply.%20I%20believe%20it%20will%20be%20appreciated%20by%20all%20reading%20this%20(at%20least%20by%20me!).%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1425980%22%20slang%3D%22en-US%22%3ERe%3A%20Secure%20Score%20-%20How%20much%20should%20I%20believe%20it%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1425980%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F95001%22%20target%3D%22_blank%22%3E%40Greg%20Smith%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHi%20Greg%20we%20dont%20have%20any%20third%20party%20stuff%20enabled%2C%20but%20thanks%20for%20the%20info%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Occasional Contributor

Our company is just getting to the point where we are nearly sorted for security and best practice.

Well, we are trying to be for a small company, M365/ 20 users/ Intune etc. Staff self-taught.

 

I sort of visit secure score but it doesn't feel like its accurate.

It seems to vary widely sometimes. So I don't know how much to trust it as a measure of how safe we are as a business?

 

I am aware they have been changing things recently to make it better.

 

So should I trust it?

 

Thoughts.

5 Replies
Highlighted
Solution

@Jeremy_Heath Hello again, I would like to suggest that you look at the Secure Score a guidance as the 'improvement actions' aren't quite applicable for all businesses and scenarios. We've been struggling sometimes but can fulfill one 'improvement action' with another solution, for example third-party or similar, and the Secure Score hasn't any data about that.

Highlighted
Hi again,
Yes it does seem a bit vague sometimes.

I have even followed the suggestions (e.g. DLP) and it doesn't seem to understand I already have 8 DLP policies enabled?

Anyway i will do as you suggest and not take it to literally

Thanks again
Highlighted

@bec064 If you have used a 3rd party solution to meet the requirement, you should be able to mark it as 'complete via third party' and get the points for that. 

Highlighted

@Greg Smith Fair enough Greg. Although my example was the actual data collected by Secure Score. Meaning not choosing 'Resolved by third-party' (as we ended up doing during an assessment). Anyway, thanks for your reply. I believe it will be appreciated by all reading this (at least by me!).

Highlighted

@Greg Smith 

Hi Greg we dont have any third party stuff enabled, but thanks for the info