Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community
SOLVED

Secure Score - How much should I believe it?

Copper Contributor

Our company is just getting to the point where we are nearly sorted for security and best practice.

Well, we are trying to be for a small company, M365/ 20 users/ Intune etc. Staff self-taught.

 

I sort of visit secure score but it doesn't feel like its accurate.

It seems to vary widely sometimes. So I don't know how much to trust it as a measure of how safe we are as a business?

 

I am aware they have been changing things recently to make it better.

 

So should I trust it?

 

Thoughts.

5 Replies
best response confirmed by Jeremy_Heath (Copper Contributor)
Solution

@Jeremy_Heath Hello again, I would like to suggest that you look at the Secure Score a guidance as the 'improvement actions' aren't quite applicable for all businesses and scenarios. We've been struggling sometimes but can fulfill one 'improvement action' with another solution, for example third-party or similar, and the Secure Score hasn't any data about that.

Hi again,
Yes it does seem a bit vague sometimes.

I have even followed the suggestions (e.g. DLP) and it doesn't seem to understand I already have 8 DLP policies enabled?

Anyway i will do as you suggest and not take it to literally

Thanks again

@ChristianBergstrom If you have used a 3rd party solution to meet the requirement, you should be able to mark it as 'complete via third party' and get the points for that. 

@Greg Smith Fair enough Greg. Although my example was the actual data collected by Secure Score. Meaning not choosing 'Resolved by third-party' (as we ended up doing during an assessment). Anyway, thanks for your reply. I believe it will be appreciated by all reading this (at least by me!).

@Greg Smith 

Hi Greg we dont have any third party stuff enabled, but thanks for the info

1 best response

Accepted Solutions
best response confirmed by Jeremy_Heath (Copper Contributor)
Solution

@Jeremy_Heath Hello again, I would like to suggest that you look at the Secure Score a guidance as the 'improvement actions' aren't quite applicable for all businesses and scenarios. We've been struggling sometimes but can fulfill one 'improvement action' with another solution, for example third-party or similar, and the Secure Score hasn't any data about that.

View solution in original post