I've really been working hard over the last six months to follow recommendations from Defender for Cloud to boost our secure score and improve security overall. We migrated a lot of our workloads to new resources, and I've seen the score gradually increase week by week, dropping from 30 critical issues to under 10. However, a few weeks ago, my secure score took a nosedive from around 72% to just 50%. Part of this was due to old repositories in our container registries that I had neglected to delete, but that's done now. Even after making other improvements, the score hasn't changed. To top it off, I saw the critical recommendations drop to 4 yesterday, which was a surprise, but today it's back to 9 while the score remains the same. Is anyone else experiencing similar issues?
4 Answers
I’ve noticed those weird score swings too. The Defender score doesn’t seem to update in real-time; it feels like it recalculates on its own timeline instead of reflecting adjustments when we make them. We once had recommendations cleared, but the secure score didn’t change for almost a week before it suddenly jumped up! Sometimes resources might still linger in soft delete or have hidden dependencies. I wouldn’t be surprised if that score drop was more of a sync issue than a sign of actual security problems, which is super frustrating when you’re trying hard to improve things!
I struggled to figure out what was changing daily with the alerts. So, I started building a tool to help track not just for Defender but the entire Azure environment, including resources and recommendations. It has features like access optimization and cost details. If you want to give it a go, I’m currently beta testing it and can share a few videos about it!
We recently switched to Sophos MDR and set Defender's AV to passive, which has caused a score drop. It’s a bit hard to explain that to management, though.
Yeah, Microsoft periodically updates how they calculate the secure score, so drops do happen. We keep track of our score monthly, and they've mentioned potential changes coming up, so I always keep that in mind. It’s a bit of a moving target, but I think focusing on real security improvements is more important than chasing after a perfect score that doesn’t really guarantee security anyway.
That’s so relatable! We set a target of 80% for some reason, and it's definitely been challenging.
Absolutely! We aren't just focused on the percentage; our priority is to create a secure environment too. But it seems like our stakeholders and CFO care mainly about that score.