Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

Office365 secure score - Not scoring

Copper Contributor

Few actions are not getting scored like "Use audit data", "Review role changes weekly".

21 Replies

Hi Surya,

 

Just to confirm are you saying that your not getting points for reviewing the reports from Secure Score?  If so, can you share when you last clicked the review button for these reports?  In my tenant, I am getting points for review role changes weekly as I clicked on it last week.

 

reviewrole.png

We added several of those reports to our DAILY checklists and have for weeks.  But we are not getting any Secure Score points from the reviews.  

I'm seeing lots of reports from other communities about exactly the same thing.  

Hi Christopher and Surya,

 

Are either of you using a global admin account when clicking the review button in Secure Score for these reports?  If not, please try as a global admin and let me know if that works.  

 

We are not aware of any issues on the report scoring data telemetry and I want to see if this is a permissions issue.

 

Thanks!

We also review reports weekly (using a Global Admin account) but are not seeing points assigned for doing this. Is it a requirement to have to review the reports using the 'Review' button in Secure Score? If so, that may be the reason why it is not being scored as we access the weekly reports using links in a recurring weekly appointment.

 

We also see the following not being correctly scored by Secure Score:

  • Not correctly identifying the number of Global Admins who’s accounts have been MFA enabled
  • Not correctly identifying the Customer Lockbox feature has been enabled

Hi Matthew,

 

The requirement is that you click the review button versus going directly to the report.  The reason is that the reports don't have any telemetry.  The review button is the only way we know you have looked at the report.

 

For the other issues, I would recommend using the feedback button in the bottom right of Secure Score with that info as I see this working correctly and might be something specific to your tenant.

 

Thanks!

Hi Anthony,

 

Thanks for your reply.

 

Not sure if there are any future plans to use telemetry as it's so much easier to access the reports from a pre-defined set of links in one location (i.e. a recurring weekly appointment). Having to go to Secure Score to launch the review of the various reports takes quite some time to do.

 

I'll go ahead and use the Feedback button for the other issues.

 

Thanks again,

 

Matt

Hi Christopher and Surya,

 

I looked at my tenant this morning and noticed that the reports I reviewed yesterday are being scored.  See screenshot below for my score comparison view.

 

reports.png

Mine is still not scored.

Hi Surya,

 

Can you try viewing the report from the Secure Score user interface with an account that is a global admin?

Hi Anthony,

 

For scoring for actions on Mobile Devices, it seems that this is only applicable if you use Mobile Device Management for Office 365? (not Microsoft Intune). As an example, one of the Actions is 'Require mobile devices to use a password', which we have configured but are not seeing points assigned for this. Would this be because it is only scoring for Mobile Device Management for Office 365? (not Microsoft Intune).

 

Thanks,

 

Matt

Hi Matthew,

 

Your assumption is correct.  We currently have the telemetry for only the Office 365 MDM solution.  The Intune telemetry steam has had some issues and is not wired up at the moment.  I hope to share more info on this in the next week or two.

Thanks very much for your reply Anthony. I appreciate you sharing that there may be more information on this in the near future.

Hi Anthony, do you have an update on how to get Intune enablement to affect our Office 365 security score?

I noticed I lost 20 points for Mobility within the last week.  I am guessing this is the prelude to Mobility/Intune being set up.

Hi Zeff and Shane,

 

For the Intune question, we are very close to getting this turned on for everyone.  I know many have been looking for this but we have had a lot of setbacks.

 

For losing points in mobility, we have had some telemetry stream issues over the past week.  If you don't see the points back yet please use the feedback button in the bottom right of a Secure Score page.

 

 

I am finding over the last 10 days we are not being scored on "Review" items.  We are using Global Administrator, performing the check every day since Sept 17th and initiating the Review from the SecureScore Launch.  This was escalated to the Support Portal but they just redirected the issue here for resolution.  

 

  • "Review sign-ins after multiple failure reports weekly"
  • "Review role changes weekly" 
  • "Review account provisioning activity report weekly" 
  • "Review non-global administrator weekly" 

From my experience with Secure Score, all reports must be initiated from the secure score list.  So, for each of those you mentioned, expand the topic, click on the button below to get further explanation and click on Update button at the bottom to get to the report.

 

You cannot just go to the report in the Admin console.  Secure Score have hooks in their lists that will trigger a score when you go a review them.

Yes I am aware. I stated that we were initiating the Reviews from within the SecureScore Launch.