Forum Discussion

EduardoNZ's avatar
EduardoNZ
Brass Contributor
Apr 03, 2017

Grant access to Security Administrators on Secure Score

Hi,   The Security & Compliance portal has a 'security administrator' role, why couldn't members of that role been granted access to Secure Score?   At least the same security team that looks aft...
  • Brandon Koeller's avatar
    Brandon Koeller
    Jun 27, 2017

    Hey Gents,

    The non-global-admin access has been in place since April 2017. Any users with admin roles are able to access the Secure Score experience, but will not be able to make changes unless that change is in scope for the admin role they are assigned. If you aren't seeing that behavior, please do escalate to Microsoft support so they can help get it resolved.

    Thanks!

    Brandon Koeller

Brandon Koeller's avatar
Brandon Koeller
Copper Contributor

Hey Gents,

The non-global-admin access has been in place since April 2017. Any users with admin roles are able to access the Secure Score experience, but will not be able to make changes unless that change is in scope for the admin role they are assigned. If you aren't seeing that behavior, please do escalate to Microsoft support so they can help get it resolved.

Thanks!

Brandon Koeller

Paul Bendall's avatar
Paul Bendall
Iron Contributor
Jun 28, 2017

Brandon Koeller thanks for the information. Any plans to allow the "Security Reader" role the ability to view the data in the Secure Score portal? For example in our organisation we would like to be able to provide management a view on the state of compliance but don't want them to have admin rights . They could inadvertently change a setting with admin privileges but more importantly we don't want to contaminent an on-prem user identity  with access to email and the web having admin privileges in O365.

The other solution would be if you plan to produce a PowerBI content pack that consumes the data from Secure Score portal

Many thanks

Paul  

  • Brandon Koeller's avatar
    Brandon Koeller
    Copper Contributor
    Jun 28, 2017
    Hey Paul,
    Thanks for the follow-up. Straight up, I didn't even realize there was a role in AAD called Security Reader. :) I've added a task to our backlog to get this role added to the allow list. Thanks for the feedback!
    Brandon Koeller
    • Peter Williams's avatar
      Peter Williams
      Copper Contributor
      Feb 28, 2018

      Hi Brandon, Any news on the Security Reader role getting access to the Security Score pages?

    • Deleted's avatar
      Deleted
      Sep 18, 2018

      +1 on having the Security Reader or Security Administrator role access to securescore without having the ability to modify settings.  I lead the InfoSec team and the system admins do not want my team to have modify access.   We are also getting the 403 "You are not an administrator for your tenancy. The Secure Score requires some kind of administrative role for access" error.   Is there a status?  Thanks!

      • Brian Wasko's avatar
        Brian Wasko
        Copper Contributor
        Nov 14, 2018

        @Brandon Koeller - adding another vote to allow 'Security Reader' to … um  … read … security … kind of sounds like what's it mean to do, huh?

         

        I would absolutely love the ability visit https://securescore.office.com or see the data from a widget on https://protection.office.com without bothering my O365 Administrators. 

         

        Can you please add these abilities to the 'Security Reader' role?

Resources