Dec 13 2018
- last edited on
Feb 19 2021
Secure score control AuditEnabled (Turn on audit data recording) is being NotScored in Secure score portal. Why is this happening?
The api /security/secureScoreControlProfiles also returns [Not Scored] in the api, and /security/secureScores does not return the control.
The control is not deprecated, and IMO is a relatively important control, with a really easy implementation. I've checked it in many of our customer's tenants and it's always not scored.
Dec 13 2018 10:07 AM
Probably because of the fact that audit is going to be enabled by default now.
Dec 13 2018 11:43 PM
AFAIK what's going to be enabled by default is mailbox auditing. https://techcommunity.microsoft.com/t5/Security-Privacy-and-Compliance/Exchange-Mailbox-Auditing-wil... which has a different security control "MailboxAuditingEnabled" - Turn on mailbox auditing for all users that actually HAS score.
Dec 14 2018 12:01 AM
Nope, Unified Audit log event collection will also be enabled by default for all new tenants.
Dec 14 2018 09:46 AM
It was mentioned at one of the sessions at Ignite, cannot recall which one.
Dec 19 2018 12:35 AM
I've found in the official docs that they're in the process of turning on auditing by default as you mentioned. https://docs.microsoft.com/en-us/office365/securitycompliance/search-the-audit-log-in-security-and-c...
Anyway since I've started this thread now the AuditEnabled is scored again, I sense a black hand that fixed it after they read this thread xD