May 19 2023 07:08 AM
Hello,
Our Secure Score added several Intune related items end of April 2023. Items such as "require screen time lockout", "require device encryption", "block jail broken devices", "require device PIN" etc... simple stuff. Items that we already had set up via Intune compliance policies and config profiles for years.
The problem is that the recommendations are not reflecting or updating based on our setup, so we are not getting completion credit for items that are already set up. Worse yet if I manually edit one of these new to us Intune recommendations and mark as mitigated through alternate it saves and then on page reload the change is immediately lost.
We have been using Intune for several years so these recommendations I assume did not show up due to any "new" changes or services added on our end.
Is this a bug or is there something wrong with our tenant? If so is there a contact address to reach out to anyone can suggest?
Thanks
May 23 2023 04:12 AM
@Damir we experience the exact same issue with the newly added actions.
i opened up a service request for that allready: 2305161420000166
May 25 2023 01:19 PM
May 25 2023 01:22 PM
Jul 19 2023 09:10 AM
Solution@Damir
Per the Secure Score update blog at https://learn.microsoft.com/en-us/microsoft-365/security/defender/microsoft-secure-score-whats-new?v...
This was an intended change for all tenancies with an active "Defender for Cloud Apps" license. Can confirm these new controls are only present in tenancies with this license as I have a mix of customers with and without it.
I can't for the life of me comprehend why so many "Intune" items were put under a "Defender for Cloud Apps" requirement since in theory you could have Defender for Cloud Apps WITHOUT an active Intune license and/or using/enrolling any devices in intune.
Furthermore, from my testing these items are completely broken at the moment. Their "Implementation" information is laughable and getting credit for them is incredibly inconsistent. At the moment I am recommending to my team we mark all of them as "Alternate Mitigation" and move on with our lives.
It's an embarrassment that this half-baked update was pushed to production. Microsoft should pull this back and fix all of these.
Jul 19 2023 09:41 AM - edited Jul 19 2023 09:41 AM
@MzPhoenixthat is good to know that something did change and it wasn't just us imagining things. Agree on all your points and yes we've gone down the Alternate Mitigation route ourselves as a "solution".
Jul 31 2023 05:19 PM
Jul 19 2023 09:10 AM
Solution@Damir
Per the Secure Score update blog at https://learn.microsoft.com/en-us/microsoft-365/security/defender/microsoft-secure-score-whats-new?v...
This was an intended change for all tenancies with an active "Defender for Cloud Apps" license. Can confirm these new controls are only present in tenancies with this license as I have a mix of customers with and without it.
I can't for the life of me comprehend why so many "Intune" items were put under a "Defender for Cloud Apps" requirement since in theory you could have Defender for Cloud Apps WITHOUT an active Intune license and/or using/enrolling any devices in intune.
Furthermore, from my testing these items are completely broken at the moment. Their "Implementation" information is laughable and getting credit for them is incredibly inconsistent. At the moment I am recommending to my team we mark all of them as "Alternate Mitigation" and move on with our lives.
It's an embarrassment that this half-baked update was pushed to production. Microsoft should pull this back and fix all of these.