Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community
SOLVED

Secure Score not Scoring....

Copper Contributor

Hi there,

 

I've been using Secure Score for a few months now to test the security baseline and see how customers can get the most out of it.  However every Tuesday I do the weekly reports which for the last two weeks are not showing up on my score.  You can see at the beginging of last month that it works and all the weekly reports are showing, however a few weeks ago even though I keep spending some 45 mins doing the weekly reports I dont see any score being registered.

 

Is there something I'm missing, I'm going directly to the report am I surposed to only go to the report via the Secure Score webpage?  Any help would be most welcome, I know that it can take upto 48 hours for things to show up but for it to never show up for weeks on end something must be wrong?

 

Thanks

James

75 Replies

We have exactly the same problem with reviewing the reports, mailbox auditing and other areas not showing as completed. Is there a general fix being worked on or does every tennent need to looked into individually?

how do I PM?

Hi Peter,

The mailbox auditing issue is something that we are seeing across mutliple accounts and the engineering team is working on fixing this.  For reviewing reports, there was some work we did on that recently.  If you are still seeing an issue on getting points when you run the report from Secure Score, send me a private message with your tenant details or use the feedback button in the Secure Score user interface to report the problem.

Hi Everyone,

 

The team has pushed out a patch to fix the mailbox auditing issue.  You should be seeing points now.  If not, please chime in on the thread.

Just reran the script and can confirm AuditEnabled=true, AuditLogAgeLimit=365.00:00:00
as yet, the 'enable mailbox auditing for all users' is still in my "actions in the queue"
I'll check tomorrow.

Hello,

I am facing the same issue , I opened a case on office365 support but they redirect me here.

For example audit data recording for your Office 365 ,enable mailbox auditing for at least ninety percent of all users,not allow anonymous calendar sharing,review report,... are showing not completed and score 0 . Could you help me on this?

 

Thks.

Jean-Marc.

 

Hi Jean-Marc,

 

Please PM me your tenant name and I will have the team take a look.

 

Sorry for the poor support experience.  They should have helped you directly and I will have this looked into.  If you have the ticket details please send them as part of the PM.

Hello,

 

I am watching this post for a while now, but it seems this is not fixed yet.

At least, not for me. Several items are not updated.


A few examples:

[Not Scored] Enable audit data recording (using it almost weekly)
[Not Scored] Set outbound spam notifications (set months ago, and a few weeks ago again)

[Not Scored] Do not use transport rule to external domains (only 1 rule exist for preventing client client rules to external)

[Not Scored] Do not use transport white lists (no whitelists exist)

 

Also, there are several rules that can only be applied to Enterprise environments, we have Business Premium.

 

Thx.

Andreas

Hi Andreas,

 

The items you called out below don't provide points as we don't have the telemetry for these controls wired into Secure Score.  When we do, the points will be added if you have done this action.  This is the case for all items that start with "[Not Scored]"

 

For you comment on the other controls that apply only to enterprises that you don't have as part of Business Premium, we want to show you the entire list of security features hence you see things you don't own.  However, the denominator of your score is only based on the features you can use.

Hi Anthony,

 

OK, this makes things clear. So for now it is not possible to achieve maximum points.

Concerning the difference between Enterprise and Business Premium, indeed when the default "Balanced" target is set only those doable actions are shown. Thanks for your answers.

Hi Anthony,

 

I have tried several times to navigate from the Secure score to enable auditing. But still its showing the score as 0.

[Not scored' Enable audit data recording 0/15

Please let me know whether this issue is still there or is it fixed already?

Per this article: https://support.office.com/en-us/article/Introducing-the-Office-365-Secure-Score-c9e7160f-2c34-4bd0-...

 

Actions labeled as [Not Scored] are ones you can perform in your organization but won't be scored because they aren’t hooked up in the tool (yet!). So, you can still improve your security, but you won’t get credit for those actions right now.

Suggestion - it would definitely reduce the confusion if you removed the [Not Scored] items from the Score Analyzer -> Incomplete Actions tab.  Just make a 3rd tab for all of the recommendations that you don't have wired up yet.

Hello,

 

We are not getting a score on Audit data recording. 

 

We found that your enablement is set to [Not Measured].  

 

We do have audit logging turned on for all mailboxes.

Same here, we have it enabled but receive the [Not Scored] tag to the "Enable audit data recording" feature and score 0/15 even though it is enabled.

Hi Anthony,

 

Happy New Year to you and the rest of the community!

 

I have a few questions in relation to the Secure Score:

1. I am trying to understand how does secure score collects the metrics on weekly reviews of reports:

a. Is it marked as completed if a report is viewed once and then reverts back if not viewed next week, or

b. marked as complete only if viewed >1 consecutive week, but reverts back if the schedule is missed?

 

2. If I action any of the findings in the report, eg. mark Suspicious activity as a False Positive is there any feedback to the Secure Score Report Review action eg. "Review signs-ins from multiple geographies report weekly"

 

3. Several report review Action items refer to the same blade/report:

https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/RiskySignIns

egg:

Review signs-ins after multiple failures report weekly

Review sign-ins from unknown sources report weekly

Review signs-ins from multiple geographies report weekly

?: Does is mean the reviewing report for one purpose will mark all these action items as complete?

 

Regards,

Yaroslav

Hi Yaroslav,

  1. If you review a report and then don't review within the time frame specified from the last time you reviewed it the points will revert.  For example, if you review a report on January 2nd and then on January 4th and control asks you to review weekly then you must review by January 11th to continue to get the points.
  2. The report is not owned by the Secure Score team so they will not see the feedback.  The Azure team that owns this report should receive this though.
  3. Even though multiple actions leverage the same report, at this time you need to click the “review” button for each action to get the points.  We are currently working on changing this where there will be fewer actions, so you will only need to review the same report once.
Thank you for your reply, Anthony!

I'm also having this Issue. My reports stopped updating my points this month.

Hi Denis,

 

Thanks for the note.  I noticed this yesterday too and have escalated this to the development team along with a few other bugs that I have seen pop up like the average score data falling dramatically.