Another score not being registered:

I started using this for the first time this past week having very positive hopes for it as there are many good points that businesses should be looking at. However, as I went through things I saw things that we have already had implemented for months was not scored (Enable Client Rules Forwarding Block) and then many other items that I completed for the weekly audits with zero recording of points to show it was in fact taken care of. We had previously had mailbox auditing enabled, but for the heck of it I went in and ran the script to ensure that all types of mailboxes had auditing turned on. Confirming that there was a success of all 4,000+ accounts were enabled minus only 5 accounts which puts it well above the 90% mark for that score with once again no score being given. Can someone please help me look into this as to why this is not functioning properly as O365 support when I opened a ticket was less than helpful and only wanted to tell me over and over that "Microsoft could not guarantee that you will not be breached" which was never part of my questions or conversation...

Hi Britton,

Sorry for the poor experience you have been having with Secure Score and our support team.  For us to best understand your situation, would you mind entering feedback via the feedback button in the bottom right side of the Secure Score page.  Please include in your feedback the controls that are not being scored and the ticket number you had with support.

For the controls you are having problems with, Enable Client Rules Forwarding Block is also not working for me so I will escalate that to the development team.  For the reporting actions, I see those being scored in my tenant so I am not sure what is happening there.  The only thing I can think of is that you have to view the report from Secure Score as there is no telemetry to tell if you go directly to the report location.  Mailbox auditing is also working on my tenant too so this is something we should investigate in your tenant.

Hi,

Anyone has a fix for this?

Our Secure Score did not increase even we've enabled MFA and Mailbox Audit etc...

I have the same problem. I made some changes but the Secure Sccore is not adjusted at all. Since 2 March 2018 already no longer. 

Does that mean that the changes I have made not have been processed or is there a problem whith my Secure Score update at all since 2 March 2018?

Regards, 

Pieter

Hi Tan and Pieter,

There is currently an issue with scores being updated.  The last day of data you should see is March 8th.  If there are items that are not being score and you enabled them before this date (and they don't say "Not Scored" as these don't give you points yet), please feel free to use the feedback button in bottom right of any Secure Score page and let us know what is not scoring.

Hi Anthony,

Thanks for your reply. My secure score is updated again. But before March 1:

• I have enabled the built-in Office 365 MFA for my admin account and my personal account. 
• I also put data on my Onedrive for business and that is not reflected in the secure score.

Nevertheless, secure score indicates that I have not taken these actions. Can you tell me how that is possible?

Hi Pieter,

I am not sure why you are not getting points for these two things if you have enabled them over two weeks ago.  In my own demo tenant I see points for OneDrive so this might be an isolated issue with you tenant.  Can you please use the feedback button on the bottom right of any Secure Score page to provide us this feedback.  This will give us more info about your tenant so we can investigate.

Secure score on our tenant has never shown anything on the time lines: always "not enough data".  Unfortunately, none of the scored reports generate a change in the score either. Ran them again today, so perhaps might see something tomorrow!

Hi Andy,

We would be happy to take a look at that for you.  If you can use the feedback button in the bottom right of any Secure Score page to provide us the details and check the box that we can contact you that would be great.

Same here, but when we use global admin for activities, they get scored.

I do not like to use global admin for operational/day to day activities.

I am also unable to receive credit (increased score) for reviewing reports. I have the Security Reader role. I am not a global admin.

Can anyone else confirm what AdminSeg365 has posted - that credit is given if you review the report as a global admin?

Also, can anyone explain what the definition of "review" is here, including if the definition varies from report to report? Wondering if I need to drill down into x number of rows, leave a report open in the browser for x number of minutes, request and download a scheduled report, or something else, to satisfy the "review" requirement.

Global admin makes no difference on our tenant from what I can see

I am also curious about the same questions. 

What does "review" mean in this case?  I have been running these reports from the Secure Score portal for weeks and not getting a score update.  If anything our score keeps dropping with very little information as to why.  

How can we implement best practices if we cannot show that we are actually doing the requested items?  And why can't we use something like Power Bi to automate the daily/weekly reporting?  

I've had a ticket open with Premier support since 4/19 for this issue. We (myself and the 3rd party guy who got the ticket) are still waiting for an MS Engineer to pick the ticket up so we can even START troubleshooting. Seems to me waiting 5+ weeks for the ticket to even get touched is well beyond the realm of reason.

I guess my point is this interface is horribly broken and MS seems to have little to no interest in correcting the issue. My advice is not to waste your time on Secure Score if you want a metric that is actually useful.

I go through each reviewable metric and click on Review. After I have done something on the page (like clicking on 7 days or 30 days for the Risky Signins or looking at the Administrator Role Changes), I go back to the page with the Review button and click on the X in the upper right to close it (I assume that Cancel will nullify whatever you did), and go to the next metric.

Hi Christopher W.

Are you reviewing the reports from the Secure Score user interface?  If you have bookmarked the reports and are going directly to the report, Secure Score will not provide the points as the reports don't provide telemetry on if you went to them.  You have to use the review button in Secure Score.

Hi Christopher B.

Sorry to hear that you are having issues with getting support.  Private message me your ticket number and if you have the name of any technical person you talked to at Microsoft about your ticket and I will look into it.