M365 Defender Secure Score Details via Graph API

By | November 8, 2022
0 Comment

Overview

This quick post is to link you my script that gets detailed secure score information from the Microsoft Security Graph API. While it is easy to get your tenants overall Secure Score, it was a bit more difficult to get detailed information and perform accurate calculations.

Pre-Requisites

Register an Application in Azure AD and generate a secret. The application should have admin consent to the “SecurityEvents.Read.All” Graph API permissions. You will need your App ID, App Secret, and Tenant ID.

If you Only Require the Overall Score

If you are looking just your latest secure score, check out the methods below:

Use the Microsoft.Graph.Security PowerShell module with the following cmdlet. The issue I had with this was building detailed scores. The max score was not included in the control profiles, so I was unable to generate an accurate percentage. 

Get-MgSecuritySecureScore -Top 1

Invoke a REST GET call directly to the API with the following URL. 

https://graph.microsoft.com/beta/security/secureScores?$top=1

If you Require more Details About Your Score

The script will output the following details about your secure score:

  • Overall secure score in points
  • Overall secure score in percentage
  • All tenant average in percentage
  • Similar licensed tenants average in percentage
  • Device, Identity, Data, and Apps secure score for your tenant, all tenants, and similar licensed tenants
  • A break-down of each control profile affecting your scores, with your score and the maximum score

Download the Script

https://github.com/decturau/MicrosoftSecurity/blob/main/m365_defender/powershell/Get-SecureScoreDetails.ps1

Run the Script

Option 1: Summary only

.\Get-SecureScoreDetails.ps1 -TenantId '' -AppId '' -AppSecret ''

Option 2: Full Details – Includes score per control profile

.\Get-SecureScoreDetails.ps1 -TenantId '' -AppId '' -AppSecret '' -showFullScoreDetails

Option 3: Verbose Mode – Monitor every step of the scirpt.

.\Get-SecureScoreDetails.ps1 -TenantId '' -AppId '' -AppSecret '' -verboseOuput

Script Output

  1. Standard Output – Your scores and comparison scores from other tenants
  2. Detailed Output – Output 1 with all the control profile scores of your tenant

References

Secure Score Overview

https://learn.microsoft.com/en-us/microsoft-365/security/defender/microsoft-secure-score

Secure Score via Graph API

https://learn.microsoft.com/en-us/graph/api/securescore-get

Graph Explorer

https://developer.microsoft.com/en-us/graph/graph-explorer

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *