This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(99.2, 73%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECJ%3C/text%3E%3C/svg%3E)
I review our Microsoft Defender Secure Score for each of 3 subscriptions weekly and noticed a huge reduction in one of them. The following are the recommendations for this subscription in particular:
"Disabled accounts with read and write permissions on Azure resources should be removed"
"Disabled accounts with owner permissions on Azure resources should be removed"
Between the two recommendations, there are 7 user accounts and ALL of them are active. I verified this in the Microsoft 365 admin center, going to users, and adding the "sign-in status" column which lists "Allowed" for all 7. All of these users have been active for months and we have not seen this recommendation before for any subscription. Only one of the 3 subscriptions is giving this as a recommendation and docking the Secure Score by a massive amount as a result, but all 7 of the users have roles assigned on the other 2 subscriptions as well.
This behavior is inconsistent between subscriptions and is incorrectly flagging inactive users. What would cause this false positive? Is there a way to resolve this without having to exempt this recommendation for the subscription?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(35.2, 30%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGP%3C/text%3E%3C/svg%3E)
Hello @Cusimano, Joey ,
Thank you for posting your query on Microsoft Q&A.
Based on your description, I see that Secure Score for certain recommendations have been regressed in your tenant. This issue occurred with many other customers since 11th November.
Affected recommendations with score regression is mentioned below:
The root cause has been identified and a hotfix is being rolled out. Correct data has been released. Please check and confirm me if you are able to see the correct data on your end within 24hours.
I hope this information is helpful. Please feel free to reach out if you have any further questions.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Regards,
Goutam Pratti.
Hi Cusimano, Joey,
Following up to see if the above answer was helpful. If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.