Forum Discussion
Solved
Secure Score not Scoring....
Hi there,
I've been using Secure Score for a few months now to test the security baseline and see how customers can get the most out of it. However every Tuesday I do the weekly reports which ...
- PM Sent...
I am having the same issues, MS security scorecard not updating after 72 hours. Please can you help.
Anthony Smith (A.J.)
Microsoft
MicrosoftHi James and Juan,
I have alerted the development team that the score has not updated recently. For the reports issue please make sure that you are accessing the report from Secure Score by pressing the "review" button. If you are not using the Secure Score user interface and going directly to the report, no points will be provided as the underlying report does not have any telemetry on if you viewed it.
If you are using the review button, please use the feedback link in the bottom right of any Secure Score page to tell us. This way we can get your tenant information which helps us in our investigation.
Hi Anthony,
it has been a long time now since this threat started. I have seen changes happening where a score was given and then suddenly weeks/months later it was removed, without changes, no real hint on what caused the loss of the score.
In one of my tenants I see for example "Turn on audit data recording [Not Scored]" with 15/15 points, but some other items with [Not Scored], that were completed, are really not scored, getting 0 points. This is confusing.
I am responsible for multiple Office 365 tenants (over 30) and I can see changes and differences from one to the other with respect to Secure Score.
Will this Secure Score system be "fixed" in the near future? I would really like to be able to rely on the score. And, if changes are applied by Microsoft that break a previously good working security configuration, then it would be very helpful to receive/see details about it, so that it can be put back in place quickly. It would be very helpful to be able to apply a security configuration, really get the score and then be able to rely on it.
Chris HallumHi geekworld, recently there was at least one improvement action where the data we needed for scoring was no longer going to be accessible and thus we were forced to switch the item to Not Scored. The story behind this is long and complex but we hope to bring it back to a "Scored" state in the future. We apologize for the inconvenience and will work to try an ensure this type of issue doesn't reoccur in the future.
Regarding the the following comment I want to make sure I'm interpreting it correctly and not making any incorrect assumptions:
"In one of my tenants I see for example "Turn on audit data recording [Not Scored]" with 15/15 points, but some other items with [Not Scored], that were completed, are really not scored, getting 0 points."
For "Turn on audit data recording [Not Scored]" with 15/15 point" it sound like you're saying the item is now automatically getting scoring data and that we need to remove the "[Not Scored]" text from the title. Correct?
For "some other items with [Not Scored], that were completed, are really not scored, getting 0 points." it sounds like you are saying you used the Resolved through third-party" option and you didn't get the points added to your score. Correct?
Thanks,
Chris Hallum
Hi Chris Hallum ,
thank you for your response.
I confirmed with 4 different tenants that "Turn on audit data recording" is scored with 15/15. So, it seems that you can remove the [Not Scored] notation.
Overall, it seems that more than one improvement action was demoted to [Not Scored] from being scored before.
There is a cool feature, when I click on a completed secure score item that is a "Review" task, it tells me "Action completed by name on date". This is very helpful with "Review" Improvement Actions, like "Review mailbox access by non-owners bi-weekly", etc. But, it seems to have accuracy issues. In one tenant I noticed that "Review malware detections report weekly" was completed on Jun 1, 2019, which is 9 days ago, yet the scoring system gives a 5/5 score for this, which should have been put to 0/5 at least 2 days ago. With other tenants this appears to work fine and the score goes down to 0/5 after the required review period, but apparently not with all of them.
Additionally, getting a completed date for every other completed and scored improvement action would be very helpful.
Such "Review" items have a Review button, but instead of always going to the final destination of the review item, they may launch into a dashboard, from where one has to figure out where to go for the actual review. Linking the Review button to the final review destination would be very helpful.
I never use the "Resolved through third party" or "Ignore" for any of the tenants I manage.
Also, I want to mention that in at least one tenant, for a limited time several months ago, there were buttons to actually apply/implement certain improvement actions automatically. Unfortunately, this great feature was quietly removed at some point in time. I would love to get this back.
Thanks,
Ralph
- Having the same issue, have also hit the review button. Using a GA account to perform all tasks but does nothing for the score.
Same here. Same as all the rest. Score doesn't seem to change after doing as suggested.
I am a little confused about the "Enforce MFA for All Users" option. I had assumed that if each user opted to set up MFA on their own, this would show as enabled? It didn't.
I think it is the way I read the word "enforced". I was afraid that some people might not understand the necessity for it. I opted to tell them all to use the link provided. If everyone is now using MFA then it shouldn't be a problem for me to "Enforce" their use?
I don't want to surprise everyone with a "new request" for input of additional phone numbers.I can't comment on the reporting, since I haven't really looked. But you are correct that the issue with MFA in your environment is brought about by the word "Enforce". Secure Score doesn't check every user in the environment to see that they are using MFA. In a lot of environments that would require looking at thousands or tens of thousands of users. That would be a huge performance drain. All it checks is whether you have turned on the setting that requires all users to use MFA. So even if all the users are using MFA, but you aren't requiring them to do it in settings then MFA isn't Enforced.
