Overview
This quick post is to link you my script that gets detailed secure score information from the Microsoft Security Graph API. While it is easy to get your tenants overall Secure Score, it was a bit more difficult to get detailed information and perform accurate calculations.
Pre-Requisites
Register an Application in Azure AD and generate a secret. The application should have admin consent to the “SecurityEvents.Read.All” Graph API permissions. You will need your App ID, App Secret, and Tenant ID.
If you Only Require the Overall Score
If you are looking just your latest secure score, check out the methods below:
Use the Microsoft.Graph.Security PowerShell module with the following cmdlet. The issue I had with this was building detailed scores. The max score was not included in the control profiles, so I was unable to generate an accurate percentage.
Get-MgSecuritySecureScore -Top 1
Invoke a REST GET call directly to the API with the following URL.
https://graph.microsoft.com/beta/security/secureScores?$top=1
If you Require more Details About Your Score
The script will output the following details about your secure score:
- Overall secure score in points
- Overall secure score in percentage
- All tenant average in percentage
- Similar licensed tenants average in percentage
- Device, Identity, Data, and Apps secure score for your tenant, all tenants, and similar licensed tenants
- A break-down of each control profile affecting your scores, with your score and the maximum score
Download the Script
Run the Script
Option 1: Summary only
.\Get-SecureScoreDetails.ps1 -TenantId '' -AppId '' -AppSecret ''
Option 2: Full Details – Includes score per control profile
.\Get-SecureScoreDetails.ps1 -TenantId '' -AppId '' -AppSecret '' -showFullScoreDetails
Option 3: Verbose Mode – Monitor every step of the scirpt.
.\Get-SecureScoreDetails.ps1 -TenantId '' -AppId '' -AppSecret '' -verboseOuput
Script Output
- Standard Output – Your scores and comparison scores from other tenants
- Detailed Output – Output 1 with all the control profile scores of your tenant
References
Secure Score Overview
https://learn.microsoft.com/en-us/microsoft-365/security/defender/microsoft-secure-score
Secure Score via Graph API
https://learn.microsoft.com/en-us/graph/api/securescore-get
Graph Explorer