Microsoft Entra Suite Tech Accelerator
Aug 14 2024, 07:00 AM - 09:30 AM (PDT)
Microsoft Tech Community

Secure Score: I just don't get it

Iron Contributor

I must be doing something wrong.  I went through Secure Score and went through both the incomplete and complete actions within the last 2 days.  I selected each one, launched the report, went into the reports, did a few searches, etc.  Now my score is lower by 30+ points.  I really like Secure Score, but it is frustrating to come back and find the score lower.  Reports like the Rule Forwarding.  It brings me to the PowerShell script.  I have that running on a weekly basis from a server that runs PowerShell scripts and it sends me the results in an email.  How can I have that be checked off?  Most of the reports are in the Azure Active Directory.  I go through those.  I think I read that each report has to be initiated from within Secure Score.


What is the best practice on using Secure Score?  How should one go into Secure Score and review the score/reports?  Does browser type matter?  Chrome vs FireFox vs Internet Explorer? Is there a sure-fire method that can be used so that you are current on the reports and Secure Score reflects the effort?  It is too bad, but understandable, that there is not immediate feedback on if a certain report has been completed/checked off.  


Keep up the good work on Secure Score!  It can only make us better Administrators.  <smile>


EDIT: Just noticed this: Two reports the same in the compare score but different scores:

Secure Score Compare ResultsSecure Score Compare Results


1 Reply

I think you are following the right steps, so it's just a case of persisting I think and seeing if Secure Score starts registering the points.  Each report does have to be initiated regularly from Secure Score for them to be seen and counted, within the timeframe mentioned. 


For 'Review mailbox forwarding rules weekly' it considers running the PowerShell script to be required at least once a week, for good measure, run/schedule it every six days perhaps and see if that follows through with adjusting the score.  I think it could be clearer with what exactly triggers the points with this measure, as the Audit Log Search can also be used as well to find this information.


Browsers should not make any difference.  If the scores still persistently don't match with the actions you are carrying out, it might be worth opening a service request, if nothing else is forthcoming!


Big fan of Secure Score here as well but it does occasionally show irregular results, at least I have noticed that recently on a dev tenant, that corrected itself afterwards around a week later.