Secure Score - User alternate contact info is completed for all users

%3CLINGO-SUB%20id%3D%22lingo-sub-45215%22%20slang%3D%22en-US%22%3ESecure%20Score%20-%20User%20alternate%20contact%20info%20is%20completed%20for%20all%20users%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-45215%22%20slang%3D%22en-US%22%3E%3CP%3E%26nbsp%3B%22We%20found%20that%20you%20have%205%20accounts%20that%20do%20not%20have%20completed%20information.%22%3C%2FP%3E%3CP%3EIt%20says%20it%20wants%20an%20alternate%20email%20address%20or%20cell%20phone%20number.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhen%20I%20run%20the%20powershell%20command%20Get-MSOLUser%20to%20find%20AlternateEmailAddresses%20and%20MobilePhone%20none%20of%20this%20matches%205.%3C%2FP%3E%3CP%3EWe%20have%2013%20accounts%20with%20Alternate%20Email%20and%206%20with%20both%20Alternate%20Email%20and%20Cell%20Phone.%3C%2FP%3E%3CP%3EThe%20rest%20of%20our%20500%2B%20Users%20have%20not%20filled%20in%20this%20information.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHow%20do%20I%20resolve%20this%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%2C%3C%2FP%3E%3CP%3EDenise%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-45536%22%20slang%3D%22en-US%22%3ERe%3A%20Secure%20Score%20-%20User%20alternate%20contact%20info%20is%20completed%20for%20all%20users%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-45536%22%20slang%3D%22en-US%22%3E%3CP%3EHey%20Denise%2C%3C%2FP%3E%0A%3CP%3EThanks%20for%20reaching%20out%20and%20sorry%20for%20the%20trouble.%20I%20suspect%20this%20may%20be%20an%20issue%20with%20the%20telemetry%20stream%20from%20AAD.%20Engineering%20team%20is%20investigating.%3C%2FP%3E%0A%3CP%3EThanks!%3C%2FP%3E%0A%3CP%3EBrandon%20Koeller%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-45530%22%20slang%3D%22en-US%22%3ERe%3A%20Secure%20Score%20-%20User%20alternate%20contact%20info%20is%20completed%20for%20all%20users%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-45530%22%20slang%3D%22en-US%22%3E%3CP%3EThank%20you%20Vasil.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20do%20not%20have%20AAD%20Premium%20but%20I%20was%20able%20to%20view%20my%20account%20and%20see%20that%20the%20alternate%20email%20does%20not%20match%20what%20I%20set%20up%20in%20O365.%3C%2FP%3E%3CP%3EI%20am%20not%20able%20to%20update%20the%20alternate%20email%20in%20AAD%20to%20match%20O365.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHowever%2C%20I%20am%20going%20to%20see%20if%20the%20Secure%20Score%20number%20changes%20to%204%20from%205%20because%20I%20did%20not%20have%26nbsp%3Ban%20alternate%20phone%20number%20until%20I%20added%20it%20just%20now.%20I%20only%20had%20an%20alternate%20email%20listed.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20Secure%20Score%20does%20change%20to%204%20then%20I%20will%20know%20the%20other%204%20Admins%20to%20ask%20to%20verify%20their%20settings.%20Some%20use%20MFA%20and%20some%20SSPR.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-45452%22%20slang%3D%22en-US%22%3ERe%3A%20Secure%20Score%20-%20User%20alternate%20contact%20info%20is%20completed%20for%20all%20users%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-45452%22%20slang%3D%22en-US%22%3E%3CP%3EI%20know%20which%20attributes%20you%20are%20referring%20to%2C%20however%20the%20ones%20actually%20used%20by%20SSPR%2FMFA%20might%20be%20the%20authenticationphone%2Fauthentication%20that%20even%20admins%20cannot%20see%20(via%20PowerShell).%20Check%20here%20for%20more%20info%3A%20%3CA%20href%3D%22https%3A%2F%2Fblogs.technet.microsoft.com%2Fenterprisemobility%2F2014%2F12%2F03%2Fimproved-privacy-for-azure-ad-mfa-and-password-reset-phone-numbers%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fblogs.technet.microsoft.com%2Fenterprisemobility%2F2014%2F12%2F03%2Fimproved-privacy-for-azure-ad-mfa-and-password-reset-phone-numbers%2F%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-45345%22%20slang%3D%22en-US%22%3ERe%3A%20Secure%20Score%20-%20User%20alternate%20contact%20info%20is%20completed%20for%20all%20users%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-45345%22%20slang%3D%22en-US%22%3E%3CP%3EHere%20is%20the%20quick%20command%20I%20used%20with%20AAD%20Powershell%20just%20to%20see%20if%20I%20could%20find%20something.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EGet-MsolUser%20-All%20%7C%20Sort%20DisplayName%20%7C%20Select-Object%20FirstName%2CLastName%2CDisplayName%2CUserPrincipalName%2CIsLicensed%2C*AlternateEmailAddresses%2C*MobilePhone%20%7C%20out-gridview%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ENot%20sure%20what%20else%20to%20look%20for%20since%20it%20doesn't%20specify.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EDenise%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-45300%22%20slang%3D%22en-US%22%3ERe%3A%20Secure%20Score%20-%20User%20alternate%20contact%20info%20is%20completed%20for%20all%20users%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-45300%22%20slang%3D%22en-US%22%3E%3CP%3EIf%20those%20are%20the%20email%2Fphone%20used%20for%20SSPR%20and%20MFA%2C%20they%20are%20not%20necessarily%20visible%20with%20PowerShell.%20In%20any%20case%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F2898%22%20target%3D%22_blank%22%3E%40Brandon%20Koeller%3C%2FA%3E%26nbsp%3Bshould%20be%20able%20to%20give%20proper%20answer.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Contributor

 "We found that you have 5 accounts that do not have completed information."

It says it wants an alternate email address or cell phone number.

 

When I run the powershell command Get-MSOLUser to find AlternateEmailAddresses and MobilePhone none of this matches 5.

We have 13 accounts with Alternate Email and 6 with both Alternate Email and Cell Phone.

The rest of our 500+ Users have not filled in this information.

 

How do I resolve this?

 

Thanks,

Denise

5 Replies

If those are the email/phone used for SSPR and MFA, they are not necessarily visible with PowerShell. In any case @Brandon Koeller should be able to give proper answer.

Here is the quick command I used with AAD Powershell just to see if I could find something.

 

Get-MsolUser -All | Sort DisplayName | Select-Object FirstName,LastName,DisplayName,UserPrincipalName,IsLicensed,*AlternateEmailAddresses,*MobilePhone | out-gridview

 

Not sure what else to look for since it doesn't specify.

 

Denise

 

 

 

I know which attributes you are referring to, however the ones actually used by SSPR/MFA might be the authenticationphone/authentication that even admins cannot see (via PowerShell). Check here for more info: https://blogs.technet.microsoft.com/enterprisemobility/2014/12/03/improved-privacy-for-azure-ad-mfa-...

Thank you Vasil.

 

We do not have AAD Premium but I was able to view my account and see that the alternate email does not match what I set up in O365.

I am not able to update the alternate email in AAD to match O365.

 

However, I am going to see if the Secure Score number changes to 4 from 5 because I did not have an alternate phone number until I added it just now. I only had an alternate email listed.

 

If Secure Score does change to 4 then I will know the other 4 Admins to ask to verify their settings. Some use MFA and some SSPR.

 

 

Hey Denise,

Thanks for reaching out and sorry for the trouble. I suspect this may be an issue with the telemetry stream from AAD. Engineering team is investigating.

Thanks!

Brandon Koeller