Capturing ALL Microsoft Secure Score items

image

Ok, so you are telling me you have time on your hands and want to improve the security of your Microsoft 365 tenant? Ok, if you are only kind of serious, I’d tell you to go to:

https://security.microsoft.com/securescore

and select the Improvement actions as shown above.

image

That will show you a filtered view of items based on what hasn’t yet been completed in the tenant. In the case above, that equates to 67 items.

Oh, you want more to do you say?

image

Ok, if you remove that filter you’ll see the number in the list increase. In this case up from 67 to 84. That’s 36% increase in things you can address. Enough?

What? You want even more? Are you sure? Really sure?

image

Well, if you are, then the good news is that I have written a script for you that uses the Microsoft Graph to go in and grab all, and I mean ALL, of the secure score items. You’ll find the script in my Office 365 GitHub repo:

https://github.com/directorcia/Office365/blob/master/o365-ssdescpt-get.ps1

Now before you run this scripts, you’ll need to follow the instructions I have written about before:

Access the Microsoft Graph with a script

and set yourself up an OAuth token to access your tenant. You only need to do this once.

You’ll then need enter the values from this configuration into the script prior to running it:

image

You get these three items from the oAuth token set up I set out.

image

When run, the script will connect to the Microsoft Graph and start reading information from the Secure Score of YOUR tenant. It will also save the output to a text file in the parent directory. Why you ask?

SNAGHTML20f6be5

Well, as you can see from the output from my tenant above, there are now potentially 6,972 items that I can go look at and configure to make my tenant more secure. That’s a 8,200% increase in things to keep you busy.

Remember, you did ask for more after all.

Access the Microsoft Graph with a script

In a recent article I showed how to connect to the Microsoft Graph in a web browser:

Using the Microsoft Graph Explorer

I also showed how you could do the same:

Using Interactive PowerShell

This article is going to focus on how you can do the same thing but directly via a script that won’t prompt you for credentials.

Before running this script you’ll need to follow the Using Interactive PowerShell article and set up an app in your Azure AD.

image

image

During that process you’ll need to record three things that will be used here:

1. Application ID

2. Tenant ID

3. Client secret

I borrowed the connection piece of this script from:

https://www.lee-ford.co.uk/getting-started-with-microsoft-graph-with-powershell/

which I found really handy in helping me understand all this. You can download my script from my GitHub repository here:

https://github.com/directorcia/Office365/blob/master/graph-connect.ps1

You’ll need to enter your own Application ID, Tenant ID and Client secret in the variables section. After that, all you need to do is run the script. The results for the query of /security/alerts will end up in a variable called $query which you can view. The actual content of the alerts you’ll find in $query.content.

image

This Graph connection script should now allow you to connect to the Microsoft Graph for a tenant and start running queries and returning values for entries in there. At the moment it only queries security alerts, but you can modify it to query anything in the Graph for your tenant.