I've been closely following the recommendations from Defender for Cloud for over six months, aiming to boost our secure score and enhance security overall. We've migrated many workloads to new resources, and while our score improved week by week and we've reduced critical issues from 30 to under 10, something strange happened recently. About 2-3 weeks ago, our secure score plummeted from around 72% to 50%. Some of that drop was due to old repository issues in container registries that we finally deleted about a week ago, but despite that and other improvements we've made, the score hasn't changed. To add to the confusion, the critical recommendations has fluctuated significantly—from 4 to 9 and back again. Has anyone else run into similar issues with their Defender secure score?
4 Answers
We recently switched to using Sophos MDR, which caused our Defender secure score to drop. Explaining the reason behind it to higher-ups is tough sometimes, but it’s all about improving security in the long run, right?
Yeah, we’ve noticed some similar score fluctuations. Microsoft updates their secure score metrics regularly based on new concerns, meaning drops can happen even when you're making improvements. It's kind of frustrating since this should reflect your security posture, but it feels like a moving target rather than a set goal. So, just keep focusing on making your environment secure rather than chasing an arbitrary score.
Agreed! We're stuck at aiming for 80%, and just hitting that number feels daunting sometimes!
I’ve experienced these strange shifts too. It seems like the secure score recalculates on its own schedule instead of in real-time. We once had recommendations cleared out, but the score didn’t change for nearly a week—it was really frustrating. It might be worth double-checking if there are any lingering resources or dependencies that could be affecting your score. The sudden changes in critical recommendations like you mentioned could just be a syncing issue.
I know how challenging it can be to track changes in the scores. I've been working on a tool that analyzes not just Defender for Cloud findings, but also your entire Azure environment and resource advisor. It could help you see what’s changing day-to-day and improve visibility. Let me know if you’re interested—I’m currently beta testing and have some demo videos available.
Totally agree! We don't focus on the score either; it's just tough since stakeholders seem to fixate on those numbers.