Share via

MS365 Secure Score Intune

ad951668 1 Reputation point
2021-02-25T16:21:58.937+00:00

Hi,

We are looking to use the Graph API to get security information about the tenants we manage. So we use the Secure Scores : /beta/security/secureScores.

There is one thing i can't figure out with the Secure scores is the fact that when using the MS Graph Explorer (https://developer.microsoft.com/en-us/graph/graph-explorer) without log in, i can see controls with name starting with MDM*. I think this is related to fact that in the list of enabledServices, there is : "HasInTune".

But if I try to get the same controls while connected to my tenant, i don't get the "HasInTune" and the related controls. This tenant is using Small Business Basic with Enterprise Mobility + Security E3 licenses. Just to be sure, I started demo tenants with E5 license and perhaps i didn't wait long enough but the Secure score is not listing the "HasInTune" either. Is the default tenant in Graph Explorer has unavailable settings or there is a switch that i didn't activate?
(When logged in, I Use a Global Admin account with the SecurityEvents.Read.All permission. For the E5 demo tenant I even tried to give every possible permissions to Graph Explorer).

Thanks

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
10,920 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,939 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. VipulSparsh-MSFT 16,246 Reputation points Microsoft Employee
    2021-03-02T08:09:41.623+00:00

    @ad951668 Thanks for reaching out.

    When you do not sign into the graph explorer, the result that you see is the demo implementation of the API (/beta) for secure score in our case to fetch the details. I can also see in the demo query without login :

    73344-image.png

    So if you login, you would see this no more has Intune but other services which computes to above security provider, here is a screenshot from my tenant which covers following enabled services Unless you enable the Secure connector
    73345-image.png

    Here is how you can turn on the Microsoft Secure Score connector : https://learn.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/tvm-microsoft-secure-score-devices#turn-on-the-microsoft-secure-score-connector

    Changes might take up to a few hours to reflect in the dashboard.

    1)In the navigation pane, go to Settings > Advanced features

    2)Scroll down to Microsoft Secure Score and toggle the setting to On.

    3)Select Save preferences.

    73372-image.png

    -----------------------------------------------------------------------------------------------------------------

    If the suggested response helped you resolve your issue, please do not forget to accept the response as Answer and "Up-Vote" for the answer that helped you for benefit of the community.