Secure Score for O365 Tenant
Getting the secure score for a tenant is a bit more complicated than getting the last logon time of a user.
You only need to call the following endpoint: https://graph.microsoft.com/beta/security/secureScores and divide the result by 100 to get the percentage.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
# Needs permission SecurityEvents.Read.All
$ClientID = ''
$ClientSecret = ''
$tenant_Id = ''
# Connect to Graph #
$Body = @{
Grant_Type = "client_credentials"
resource = "https://graph.microsoft.com"
client_id = $clientId
client_secret = $clientSecret
}
$ConnectGraph = Invoke-RestMethod -Uri "https://login.microsoft.com/$tenant_Id/oauth2/token?api-version=1.0" -Method POST -Body $Body
# Variable Collections #
$path = "C:\temp\"
$Headers = @{
'Content-Type' = "application/json"
'Authorization' = "Bearer $($ConnectGraph.access_token)"
}
$token = $ConnectGraph.access_token
# Force TLS 1.2.
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
function Get-GraphData {
param (
[parameter(Mandatory)]
[string]$AccessToken,
[parameter(Mandatory)]
[string]$Uri
)
$Headers = @{
'Authorization' = "Bearer $AccessToken"
}
do {
$Results = Invoke-RestMethod -Uri $Uri -Headers $Headers -ErrorAction Stop
$QueryResults += $Results.value
$Uri = $Results.'@odata.nextLink'
} while ($Uri)
return $QueryResults
}
#This request get SecureScore
$uri = "https://graph.microsoft.com/beta/security/secureScores"
$Result = @()
[array]$Response = Get-GraphData -AccessToken $Token -Uri $uri
if ($Response) {
ForEach ($Respons in $Response) {
$SecureScore = $Respons.currentScore / $Respons.maxScore * 100
$Result += New-Object PSObject -property $([ordered]@{
CreatedDateTime = $Respons.createdDateTime
CurrentScore = $Respons.currentScore
MaxScore = $Respons.maxScore
LicensedUserCount = $Respons.licensedUserCount
ActiveUserCount = $Respons.activeUserCount
SecureScore = [math]::Round($SecureScore, 2)
})
}
}
else {
Write-Host "No SecureScore data found"
}
# export to csv
$Result | export-csv -path "$path\SecureScore.csv" -NoTypeInformation
| CreatedDateTime | CurrentScore | MaxScore | LicensedUserCount | ActiveUserCount | SecureScore |
|---|---|---|---|---|---|
| 7.4.2023 00:00:00 | 82,86 | 239 | 25 | 21 | 34,67 |
| 6.4.2023 00:00:00 | 82,86 | 239 | 25 | 21 | 34,67 |
| 5.4.2023 00:00:00 | 82,86 | 239 | 25 | 21 | 34,67 |
| 4.4.2023 00:00:00 | 82,86 | 239 | 25 | 21 | 34,67 |
| 3.4.2023 00:00:00 | 82,86 | 239 | 25 | 21 | 34,67 |
| 2.4.2023 00:00:00 | 82,86 | 239 | 25 | 21 | 34,67 |
| 1.4.2023 00:00:00 | 82,86 | 239 | 25 | 21 | 34,67 |
| 31.3.2023 00:00:00 | 81,86 | 239 | 25 | 21 | 34,25 |
| 30.3.2023 00:00:00 | 81,86 | 239 | 25 | 21 | 34,25 |
| 29.3.2023 00:00:00 | 81,86 | 239 | 25 | 21 | 34,25 |
| 28.3.2023 00:00:00 | 81,86 | 239 | 25 | 21 | 34,25 |
| 27.3.2023 00:00:00 | 81,86 | 239 | 25 | 21 | 34,25 |
| 26.3.2023 00:00:00 | 81,86 | 239 | 25 | 21 | 34,25 |
| 25.3.2023 00:00:00 | 81,86 | 239 | 25 | 21 | 34,25 |
| 24.3.2023 00:00:00 | 81,86 | 239 | 25 | 21 | 34,25 |
| 23.3.2023 00:00:00 | 81,86 | 239 | 25 | 21 | 34,25 |
| 22.3.2023 00:00:00 | 81,86 | 239 | 25 | 21 | 34,25 |
| 21.3.2023 00:00:00 | 81,86 | 239 | 25 | 21 | 34,25 |
| 20.3.2023 00:00:00 | 81,86 | 239 | 25 | 21 | 34,25 |