Forum Discussion
Secure score portal and wrong readings
Hi,
we have a Office 365 tenant, including Azure, Intune etc few years now.
New portal - https://securescore.office.com/ is pretty exicitng.
I have a problem with the portal that it has wrong readings from the system/tenant information. (For example, it says auditing is turned off, but we are sure that it is turned on, etc.)
Lot of scores/sensors are wrong for our tenant.
Who to contact to take a look at the tenant and why readings are wrong?
Thank you,
Kind regards
Hi Steve,
Thanks for the message.
So basically any control at the moment marked as [Not Scored] means we have not implemented that controls data stream yet. We have a large backlog list of controls we are adding, given the sheer number of controls we had to be quite specific in what ones we did first. Now we are busy going through the rest of the [Not Scored]. Each time we do make an addition it will be added to the Dashboard annoucment widget.
As for the "Strong Outbound Spam" score fluctuating, this was a bug in the datastream job, when the data aggregator ran each evening, if the data stream for a control happended to be offline for maintenance etc, it would get a zero score, then the moment it came online, it would get scored again, giving the appearance of a bouncing score. This was a bug and the code has just been checked in to fix this behaviour. Now if a stream is offline, the backend code will keep the previous score for that control and not relcalculate.
Glad you like the idea, it will only get better as we work out some of the early snags, really appreciate your input.
Stu
We have the same issue with our Office 365 tenant. We have performed may of the suggested security improvements, but many of the entries in the Secure Score site say [Not Scored]. We have another entry for "Strong Outbound Spam" policy that toggles back and forth. We have an outbound spam policy in place, but some days it doesn't get seen so our score drops 15 points. Then a few days later, it gets seen and the score comes up 15 points. This pattern has repeated for several weeks. We haven't made any changes to the Outbound Spam settings.
The Secure Score seems like a great idea. I wish the scoring worked reliably and predictably.
Steve
Stu ClarkMicrosoft
Hi Steve,
Thanks for the message.
So basically any control at the moment marked as [Not Scored] means we have not implemented that controls data stream yet. We have a large backlog list of controls we are adding, given the sheer number of controls we had to be quite specific in what ones we did first. Now we are busy going through the rest of the [Not Scored]. Each time we do make an addition it will be added to the Dashboard annoucment widget.
As for the "Strong Outbound Spam" score fluctuating, this was a bug in the datastream job, when the data aggregator ran each evening, if the data stream for a control happended to be offline for maintenance etc, it would get a zero score, then the moment it came online, it would get scored again, giving the appearance of a bouncing score. This was a bug and the code has just been checked in to fix this behaviour. Now if a stream is offline, the backend code will keep the previous score for that control and not relcalculate.
Glad you like the idea, it will only get better as we work out some of the early snags, really appreciate your input.
Stu
We are working on increasing our Secure Score and find that we have enabled items that are not being scored for more than a few days.
Enable Data Loss Prevention policies
Configure expiration time for external sharing linksAnother issues is with
Enable mailbox auditing for all users
The number fluctuates every time we add new users. Since this requires Owner Activity to get a score our number goes up and down constantly. Can this be weighted? Otherwise I have to check every couple days and re-run the powershell command to enable for the new users.
Thanks,
Denise
Brandon Koeller should be able to help. Or maybe you can jump in the original thread here: https://techcommunity.microsoft.com/t5/Security-Privacy-Compliance/Announcement-Office-365-Secure-Score-Released-to-Public-Preview/m-p/38571#M184
I have more than 10 readings wrong (they are regarding to auditing/retention in Exchange and SharePoint which are in place) and regarding to device management (Intune) etc.
I believe that they need to be resolved one by one.
I have looked all recommendations and configured like it says, and I have audits enabled, it passed about 30 days, but still no changes on score board.
- Stu Clark
Hey Hrvoje,
I'm a PM working with Secure Score.
Sorry to hear you having some challenges, can you ping me a message when you get a chance I'd like to get the tenant ID from you so we can take a look.
Regards
Stu
Hi,
Would you happen to know how the Deletion widget (User Currently covered by deletion policy gets computed?) . I think there's a discrepancy, I've seen reports exceeding thousand percent. ThanksYeah, I'm seeing some strange numbers with the widget too. I've been meaning to complain about it, thanks for reminding me. I will try to ping few folks...
David Bjurman-BirrI've been playing with SecureScore and the API. Love the concept! Here are a few things I've noticed.
1. The date/time displayed in my score report is Feb 7, 7:00PM as of Feb 9, 10:45am local time (GMT-5). Is the display in GMT? Or local? It might be a good idea to display the GMT offset for clarity.
2. The last entry via an API call looks like it's Feb 8; however, score report shows Feb 7:
tenantId : 58b8fb07-2aea-45ff-a678-fbc6edefd588
createdDate : @{Year=2017; Month=2; Day=8}3. I made several changes on 2/8; however, none of those are refected in the score report yet. I understand score report is supposed to run every 24 hours. I think most users would respond well to immediate results. (At least people like me with ADD would!). Perhaps the interface could have checkboxes to tick off what's been done with score updating in real time so users could see immediate results without waiting for the next update to the database.
4. I think it would be nice to show next run date/time so users know when to expect score to update.
David
I too am having many issues with completed Actions not being scored.
I have completed some actions that are not being scored. Other actions listed as incomplete are actually enabled and completed. Secure Score does not recognize some actions already complete as completed with an associated score. Other actions taken using the tool to initiate completion do no increase my Secure Score. I can understand if there's a back log and the actions prefaced with [Not Measured] will not be scored but those the other actions once completed should change the score.
I still sometimes have issue about correctly detecting info from tenant...
