Microsoft Secure Score
63 TopicsSecure Score - Enable conditional access policies to block legacy authentication.
Hi all, it reports me to block legacy authentications for all users, however I have already done so by configuring conditional access; does anyone else have the same report despite the fact that we have already implemented blocking?Secure Score Dropped including the last 6 months
I have registered a customer Secure Score for at least 6 months. Suddenly the score dropped from about 92% to 84% and checking the history looks like we never met the score above 90% but we have evidence of it including weekly meetings registering the score with a close follow up. I need that Microsoft explain how the score has dropped if we don't have regressed points, and don't matter if regressed since the history has been changed for the past months and we can't recover more than 6 months. I understand that daily we have new Items allocated to secure score, but how is that possible that it changes without history register? I need this explanation since I can't see any possible reason instead Microsoft Bug at Secure Score tool.1.9KViews0likes6CommentsHow much time does it takes to update secure score on Defender portal?
Hi Folks, I have marked some of the recommended actions on secure score as "third party" or "alternate mitigation". Even after 10 hours I can see action is still marked as "to be addressed". How much time does it take for changes to show up there? And also, how much time will it take to get this add up to my cumulative secure score?Outgoing mail is considered spam
Hi, I have a user in our tenant who sends emails to multiple people at one time. The maximum number is 200 recipients at a time per day. This concerns 1 email with, for example, 200 recipients. Now, after the email has been sent, this user is marked as Spam and the account is blocked. When I then look at the reason, it says Domain reputation. The user also remains within Microsoft's sent limits. How can I find out or where can I within O365 what the exact reason is why this user is blocked and the email is considered spam. There are several users who do this and do not receive any notifications. Can someone help me with this? Kind regards, JacobSecure Score - Secure Home Folders in macOS
I've performed the recommended manual remediation action (sudo chmod -R og-rw /Users/) on my Macs but Secure Score doesn't recognize it. I have noticed this occurringfor a few item. We have also remediated some things through InTune but still seem to have no movement on the SecureScore. Is this a glitch within or am I missing something altogether. ThanksSettings Catalog Policies that are set as Blocked are being detected as Audited
Hello, Our Settings Catalog ASR policies that are set as Blocked are being detected as Audited within Secure Score. It seems to have started on 11/13. The rules that have been impacted: Block untrusted and unsigned processes that run from USB Block Adobe Reader from creating child processes Block JavaScript or VBScript from launching downloaded executable content Block persistence through WMI event subscription Block executable files from running unless they meet a prevalence, age, or trusted list criterion Block Office communication application from creating child processes Block Office applications from creating executable content Block Office applications from injecting code into other processes Block execution of potentially obfuscated scripts I have updated my policy in the hopes that it redetects everything is set to blocked, will update this post if it works. *Update* It sadly does not. Thank you very much,Conditional Access Policy - Sign-in Frequency enabled.
On the Security Score dashboard, I have a recommendation: Ensure Sign-in frequency is enabled and browser sessions are not persistent for Administrative users Description Forcing a time out for MFA will help ensure that sessions are not kept alive for an indefinite period of time, ensuring that browser sessions are not persistent will help in prevention of drive-by attacks in web browsers, this also prevents creation and saving of session cookies leaving nothing for an attacker to take. The implementation indicates to create a new CA policy; it provides the settings; and provides the minimumnumber of roles to apply it to. I have created the CA weeks ago and the points were never applied. This still shows as a recommendation. The implementation status says this: Setting is: sign in frequency is not yet enabledin the following accounts: "BLOCK - CA003: Block legacy authentication", "BLOCK - Risky Countries and Attackers", "ALL - CA004: Require MFA for all users" and 18 Additional accounts. Please go to "Implementation" tab to view the required steps to enable the setting. #1 -- these are not ACCOUNTS it is listing they are CA policies. #2 - implementation steps indicate to create a NEW CA policy, not edit every existing CA policy. I am wondering if anyone has been able to get this a CA policy to work (apply the points and remove the recommendation)?SolvedSecure Score: Mailbox Auditing is Enabled for all users, but score doesn't update
Hi, I have ensured mailbox auditing is enabled for all users, and I have ensured all mailboxes have the default set of audit options. Searching audit logs didn't work until I toggled auditing on individual mailboxes off and then back on again, as suggested in the documentation. I can now search the mailbox audit logs and everything is working fine. Secure Score isn't updating though. Ideas?2.1KViews1like3Comments