Nov 14 2018 12:35 AM
Nov 14 2018 12:35 AM
We've come in today (UK) to find our Secure Score value has decreased from 108 to 42 even though we have made steps forward since the 108 was registered. Secure Score isn't validating things like MFA enablement for admins, nor recognising that we do in fact have global admins.
Is this just for our tenancy or is this a global issue?
Nov 14 2018 01:49 AM
there must be some telemetry reporting issue as the scores are going down in the last 3 days. We went from 470 to 230
Nov 14 2018 06:13 AM
I was once at 435 before plateauing at 399. Just in the last 2 weeks, I have seen it drop down to 314 (today). I wish that if the telemetry cannot be confirmed, then the points should not be deducted. Obviously, there is some sort of error occurring that I would get dinged for not having more than one global administrator (we have 9... complicated reasons and also due to some apps needing global administrator in order to administer them), use non-global administrative roles (we have a whole bunch), enable data loss prevention policies (even the description says we have 9 enabled), user alternate contact info says we have 0 people who have not completed it, store documents in OneDrive for Business says we have it set to True (but someone stated that there was another reason why this was taken away, even though I personally store documents in there), etc.
Secure Score is a great concept and I use it to remind me of the administrative tasks that I should take. It is kind of fun to try and get the score to inch up. But, if the checks are not reliably being made, then the secure score does not have much meaning. Hopefully, they will be able to fix the issues soon.
Nov 14 2018 07:15 AM
I had a 100 point drop in 1 day. Based on the discussion, it seems there should be some form of alerting or notices with with telemetry changes or risks. I share the score with our C-Level executives. But I may have to change due to the un-controlled variability.
Can a Microsoft professional weight in?
Nov 14 2018 07:25 AM
That echoes my worry, we tout the scores as being a sign of how we are looking to be security conscious but then a telemetry goes offline etc and we look like we have broken stuff!
Nov 14 2018 07:27 AM
I agree, we were quite excited to find the feature and thought it would be of great use to help us ensure we were filling the holes. Now it has started failing to detect our changes it has taken the shine off somewhat.
Nov 14 2018 08:49 AM
My Score dropped on Nov 2nd when Microsoft added the Compliance Control Information to MS Secure Score. Some of the items that I had implemented and are still active now have a score of 0.
Nov 14 2018 01:46 PM
Checking back to see if anyone got a response from Microsoft?
Nov 14 2018 01:48 PM
Nov 15 2018 12:29 AM
There seems to be some issue with the api. We have that problem too. Using the graph api, you can see with /security/secureScores that since 13-nov-2018 it's not returning data from many controls. Checking against /security/secureScoreControlProfiles, those controls are NOT deprecated so it suggest something on MS dailyprocesing is broken.
We've alse created a post in the graph api community (secure score api now technically belongs there) https://techcommunity.microsoft.com/t5/Using-Microsoft-Graph-Security/Secure-Score-Identity/m-p/2864...
Nov 15 2018 03:38 AM
Nov 15 2018 04:45 AM
My score went up overnight. Still 40 points lower than earlier in the week.
Nov 15 2018 07:34 AM
We are back to where we were before we made all the changes so at least that is a step forward. Still not registering our recent changes so maybe we will get them on the next update @ 9am PST. 🙂