Hey everyone! I'm on the search for some help with creating an audit script for Microsoft Secure Score. We currently use Defender, which highlights certain machines, but I want a script that can run through our RMM to identify which devices have failed the Secure Score checks we're implementing. This way, we can figure out if our Group Policy or Intune policies haven't applied correctly or if there's another underlying issue. I know there are a lot of discussions about the validity of Secure Score, but my management team is focused on improving that number, and I want to enhance it for our benefit. Thanks!
6 Answers
Just a heads up, if the policies are applied and working fine but Secure Score is still off, make sure to plan for that scenario. It’s going to happen more often than not!
You can actually script the auditing using the Microsoft Graph API to pull Secure Score data per device automatically.
Have you checked out CISA's SCuBA project? It might have some useful resources for what you’re trying to accomplish. https://www.cisa.gov/resources-tools/services/secure-cloud-business-applications-scuba-project
It's crucial to explain to your senior management that Secure Score isn’t a definitive measure. It's more like a posture gauge that fluctuates. You’ll likely never hit 100%, and honestly, the exposure score might give you more insight on device safety.
Consider using Intune compliance to create groups similar to how it works for conditional access. Instead of starting from scratch, leverage conditional access for compliant devices. Not sure if this is exclusive to M365 E5 though.
Honestly, while Secure Score is good as a baseline, the real audit should focus on actual configuration drift rather than just checking compliance boxes.
Exactly! If you're at 100%, there's a good chance your team isn’t really allowed to do anything, which isn’t sustainable.