How to Calculate Identity SecureScore via Graph API?

Bader, Andreas 20 Reputation points
2025-01-09T11:49:21.9+00:00

Hello

i try to get the SecureScore values via Graph API.

I can request the main Score value.

But i have problems to calculate the Scores for Identity/Data/Device and Apps.

i know that i have to calculate the Current points for each type.

That's works for me.

Than i have to calculate the MaxPoints for each type to calculate the Percent Value.

That's did not work for me.

My results for the Max Values are always higher than the MaxValues in the Dashboard.

Only the Value for Max Point for Data is correct because of less controls.

which Values for which control should i exclude in the calculation?

this are my my API request to calculate the Max Values:

DATA:

"inputs": { "uri": "https://graph.microsoft.com/beta/security/secureScoreControlProfiles?$top=1",

"queries": { "$filter": "controlCategory eq 'Data'"

APPS:

inputs": { "uri": "https://graph.microsoft.com/beta/security/secureScoreControlProfiles?$top=1", "queries": { "$filter": "controlCategory eq 'Apps'" }

IDENTITY:

"inputs": { "uri": "https://graph.microsoft.com/beta/security/secureScoreControlProfiles?$top=1", "method": "GET", "queries": { "$filter": "controlCategory eq 'Identity'"

DEVICE: "inputs": { "uri": "https://graph.microsoft.com/beta/security/secureScoreControlProfiles?$top=1", "queries": { "$filter": "controlCategory eq 'Device'" }

Kind regards

Andreas

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
12,860 questions
Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,474 questions
0 comments No comments
{count} votes

Accepted answer
  1. Sakshi Devkante 400 Reputation points Microsoft Vendor
    2025-01-21T18:37:23.56+00:00

    Hello @Bader, Andreas

    Thank you for posting your query on Microsoft Q&A.

    Using Logic Apps and the Microsoft Graph API, we will be able to calculate security scores for various categories like Apps and Identity. Here's a concise explanation of the process:

    1. API Used: https://graph.microsoft.com/v1.0/security/secureScores to get all controls, their scores, and scores in percentage.
    2. Process: Use a "For Each" loop to iterate through each category. Inside the loop, filter the array to process each category individually (e.g., Apps, Identity, etc.). Initialize MaxScore and Score variables to 0.
      1. Score Calculation:
      Add another loop inside the category loop to iterate through all controls for that category.
      Use a compose action with the following equation to calculate MaxScore:
      if(
           equals(mul(float(items('For_each_6')?['scoreInPercentage']), 0.01), 0),
      
           1,
      
           div(
      
               items('For_each_6')?['score'],
      
               mul(float(items('For_each_6')?['scoreInPercentage']), 0.01)
      
           )
      
       )  
      
      This expression checks if scoreInPercentage is 0 to avoid division by zero. If it is, it sets MaxScore to 1. Otherwise, it calculates MaxScore by dividing Score by the percentage converted to a decimal.
    3. Handling Zero Scores: Sometimes Score and scoreInPercentage are 0 even if there is a MaxScore. To handle this, use an HTTP request before the second loop with this API: [Microsoft Graph API for Control Profiles] to retrieve MaxScore. Create a condition: if Score is 0, retrieve MaxScore using the API; otherwise, use the calculated value.
    4. Summing Scores: Sum all Score values and MaxScore values for each control in the category. Divide the total Score by the total MaxScore to get the percentage for that control category.

    Refer to below documents:
    List Secure Scores: https://learn.microsoft.com/en-us/graph/api/security-list-securescores?view=graph-rest-1.0&tabs=http

    https://learn.microsoft.com/en-us/graph/api/resources/security-api-overview?view=graph-rest-1.0#secure-score

    https://learn.microsoft.com/en-us/graph/api/resources/securescore?view=graph-rest-1.0

    https://learn.microsoft.com/en-us/graph/api/resources/securescorecontrolprofile?view=graph-rest-1.0
    162831-microsot-graph-security-api.jpg

    Refer similar threads: https://learn.microsoft.com/en-us/answers/questions/494552/graph-microsoft-securescore-data-what-values-are-a

    https://learn.microsoft.com/en-us/answers/questions/684893/graph-api-to-retrieve-secure-score-for-m365

    I hope this clarifies things. Please contact us if you have any additional questions.

    If this answers your query, do click Accept Answer and Yes for "Was this answer helpful". And, if you have any further query do let us know.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    Best regards,

    Sakshi Devkante


0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.