Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

Secure Score API - Displaying limited controls and missing Data and Device controls

Copper Contributor

When i make a Rest API call to SecureScore API, i get only 12 to 14 controls. I am getting results for Identity controlCategory but not for Data / Device.

 

In Microsoft Graph Explorer, without login in, run secure score API, it will execute the API from sample data and displays controlScores for 70 items. When i sign in using my credentials and execute the same API, I am getting results for only 14 controls. Data, Device and many others are missing.

 

Any idea, how to get all control categories?

 

geekganesh_0-1598525284602.png

 

 

7 Replies

@geekganesh I am having the same issue, the UI shows information about devices but the API is missing information related to devices. This is what I get after running the GET API call https://graph.microsoft.com/beta/Security/secureScores 

KloudynetShashank_0-1600147112834.png

 

Total score: 303, my current score:77, where as on the UI its totally different and not matching.

KloudynetShashank_1-1600147341252.png

Let me know if you find a solution for this.

 

We're experiencing the same issue when trying to get Secure Scores from graph, they just dont match up with the Secure Score GUI. Its frustrating as we're actively wanting to implement this into a service, and we can't because its incredibly unreliable.

 

On our E5 tenancy, we have 110 controls on our GUI. On Graph, we're pulling less than 50.

 

What are we doing wrong?

In addition to the above, I've found that if running the same endpoint via PowerShell WebInvoke, i get 1400+ controls returned... how is this possible.

Hey,

Could you share some details on how you managed to get those many controla via Webinvoke ? Maybe we can use that to get some additional details that are missing via graph.

@KloudynetShashank 

 

We used the script from https://blog.ciaops.com/2019/10/04/capturing-all-microsoft-secure-score-items/

Only difference i can see is that it uses "App Registration" in Azure AD with delegated and application permissions, instead of our "Enterprise Application".

@CuratrixTechnologies 

 

Surprised. We are getting only 12 controls in our GUI. Why the number differ between users? We are getting only 12 in the GUI and the same in API.

 

geekganesh_0-1604928914715.png

 

@geekganesh 

 

Hey,

I had the same problem, and I just found the solution. There is a "-all" flag you can provide when calling the "Get-MgSecuritySecureScoreControlProfile" endpoint.  Without this flag, I assume the API will only return a portion of the control profiles. I used powershell to do this and you can see the example below.Screenshot 2024-02-29 100808.png