Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community
SOLVED

Secure score portal and wrong readings

MVP

Hi,

we have a Office 365 tenant, including Azure, Intune etc few years now.

New portal - https://securescore.office.com/ is pretty exicitng.

 

I have a problem with the portal that it has wrong readings from the system/tenant information. (For example, it says auditing is turned off, but we are sure that it is turned on, etc.)

Lot of scores/sensors are wrong for our tenant.

 

Who to contact to take a look at the tenant and why readings are wrong?

 

Thank you,

Kind regards

21 Replies

I have more than 10 readings wrong (they are regarding to auditing/retention in Exchange and SharePoint which are in place) and regarding to device management (Intune) etc.

I believe that they need to be resolved one by one.

 

I have looked all recommendations and configured like it says, and I have audits enabled, it passed about 30 days, but still no changes on score board.

Hey Hrvoje,

 

I'm a PM working with Secure Score.

 

Sorry to hear you having some challenges, can you ping me a message when you get a chance I'd like to get the tenant ID from you so we can take a look.

 

Regards

Stu

 

Thank you, I have sent you a private message here with tenant ID

I've determined that somewhere between Dec20-24 my the scorecard stopped properly scoring all my device items. We have default MDM policy enabled, passwords, device wipe, etc. Love to get your throughts on what might have occured.

We have the same issue with our Office 365 tenant. We have performed may of the suggested security improvements, but many of the entries in the Secure Score site say [Not Scored]. We have another entry for "Strong Outbound Spam" policy that toggles back and forth. We have an outbound spam policy in place, but some days it doesn't get seen so our score drops 15 points. Then a few days later, it gets seen and the score comes up 15 points. This pattern has repeated for several weeks. We haven't made any changes to the Outbound Spam settings.

 

The Secure Score seems like a great idea. I wish the scoring worked reliably and predictably.

 

Steve

Can you get me your Tenant ID/Name Roland?, then I can take a look, private reply me with the details.

best response confirmed by William Barr (Occasional Reader)
Solution

Hi Steve,

 

Thanks for the message.

 

So basically any control at the moment marked as [Not Scored] means we have not implemented that controls data stream yet. We have a large backlog list of controls we are adding, given the sheer number of controls we had to be quite specific in what ones we did first. Now we are busy going through the rest of the [Not Scored]. Each time we do make an addition it will be added to the Dashboard annoucment widget.

 

As for the "Strong Outbound Spam" score fluctuating, this was a bug in the datastream job, when the data aggregator ran each evening, if the data stream for a control happended to be offline for maintenance etc, it would get a zero score, then the moment it came online, it would get scored again, giving the appearance of a bouncing score. This was a bug and the code has just been checked in to fix this behaviour.  Now if a stream is offline, the backend code will keep the previous score for that control and not relcalculate.

 

Glad you like the idea, it will only get better as we work out some of the early snags, really appreciate your input.

 

Stu

 

 

cd62b7dd-4b48-44bd-90e7-e143a22c8ead

CPGPLC

We are working on increasing our Secure Score and find that we have enabled items that are not being scored for more than a few days.

 

Enable Data Loss Prevention policies
Configure expiration time for external sharing links

 

Another issues is with

Enable mailbox auditing for all users

The number fluctuates every time we add new users. Since this requires Owner Activity to get a score our number goes up and down constantly. Can this be weighted? Otherwise I have to check every couple days and re-run the powershell command to enable for the new users.

 

Thanks,

Denise

I've been playing with SecureScore and the API.  Love the concept!  Here are a few things I've noticed.

 

1. The date/time displayed in my score report is Feb 7, 7:00PM as of Feb 9, 10:45am local time (GMT-5).  Is the display in GMT?  Or local?  It might be a good idea to display the GMT offset for clarity.

 

2. The last entry via an API call looks like it's Feb 8; however, score report shows Feb 7:

tenantId              : 58b8fb07-2aea-45ff-a678-fbc6edefd588
createdDate           : @{Year=2017; Month=2; Day=8}

 

3. I made several changes on 2/8; however, none of those are refected in the score report yet.  I understand score report is supposed to run every 24 hours.  I think most users would respond well to immediate results.  (At least people like me with ADD would!).  Perhaps the interface could have checkboxes to tick off what's been done with score updating in real time so users could see immediate results without waiting for the next update to the database.

 

4. I think it would be nice to show next run date/time so users know when to expect score to update.

 

David

Our tenant also seems to have this same issue.  Can you contact me to review?

My test tenant has consistent issues with scores not appearing to be correct. Like your case, we enabled mailbox auditing days ago, but the score doen't update to reflect that change.

 

Same thing for third party integrations. It is turned off, and has been for two weeks or so. No change.

 

I love the idea, but right now this scoring seems very inconsistent.

Hi,

 

We have the same issue with scores not being added for actions I know that we have taken (for instance adding auditing for Exchange). Would it be possible to have a look into our issue too?

 

Thanks and kind regards,

 

Susie

I too am having many issues with completed Actions not being scored.

I have completed some actions that are not being scored. Other actions listed as incomplete are actually enabled and completed. Secure Score does not recognize some actions already complete as completed with an associated score. Other actions taken using the tool to initiate completion do no increase my Secure Score. I can understand if there's a back log and the actions prefaced with [Not Measured] will not be scored but those the other actions once completed should change the score.

I too am having this same problem. A lot of the scores are being reported as "We founds that the last time you reviewed this report was on 1/1/0001."

Any ideas? It is working on some of the Actions though.
Thanks!
Chris

Hi, 


Would you happen to know how the Deletion widget (User Currently covered by deletion policy gets computed?) . I think there's a discrepancy, I've seen reports exceeding thousand percent. Thanks 

Yeah, I'm seeing some strange numbers with the widget too. I've been meaning to complain about it, thanks for reminding me. I will try to ping few folks...

1 best response

Accepted Solutions
best response confirmed by William Barr (Occasional Reader)
Solution

Hi Steve,

 

Thanks for the message.

 

So basically any control at the moment marked as [Not Scored] means we have not implemented that controls data stream yet. We have a large backlog list of controls we are adding, given the sheer number of controls we had to be quite specific in what ones we did first. Now we are busy going through the rest of the [Not Scored]. Each time we do make an addition it will be added to the Dashboard annoucment widget.

 

As for the "Strong Outbound Spam" score fluctuating, this was a bug in the datastream job, when the data aggregator ran each evening, if the data stream for a control happended to be offline for maintenance etc, it would get a zero score, then the moment it came online, it would get scored again, giving the appearance of a bouncing score. This was a bug and the code has just been checked in to fix this behaviour.  Now if a stream is offline, the backend code will keep the previous score for that control and not relcalculate.

 

Glad you like the idea, it will only get better as we work out some of the early snags, really appreciate your input.

 

Stu

 

 

View solution in original post