Secure Score Controls - List
Get all security controls within a scope
GET https://management.azure.com/subscriptions/{subscriptionId}/providers/Microsoft.Security/secureScoreControls?api-version=2020-01-01
GET https://management.azure.com/subscriptions/{subscriptionId}/providers/Microsoft.Security/secureScoreControls?api-version=2020-01-01&$expand=definition
URI Parameters
Name | In | Required | Type | Description |
---|---|---|---|---|
subscription
|
path | True |
string |
Azure subscription ID Regex pattern: |
api-version
|
query | True |
string |
API version for the operation |
$expand
|
query |
OData expand. Optional. |
Responses
Name | Type | Description |
---|---|---|
200 OK |
OK |
|
Other Status Codes |
Error response describing why the operation failed. |
Security
azure_auth
Azure Active Directory OAuth2 Flow
Type:
oauth2
Flow:
implicit
Authorization URL:
https://login.microsoftonline.com/common/oauth2/authorize
Scopes
Name | Description |
---|---|
user_impersonation | impersonate your user account |
Examples
List all secure scores controls
Sample Request
GET https://management.azure.com/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/secureScoreControls?api-version=2020-01-01&$expand=definition
Sample Response
{
"value": [
{
"id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/secureScores/ascScore/secureScoreControls/a9909064-42b4-4d34-8143-275477afe18b",
"name": "a9909064-42b4-4d34-8143-275477afe18b",
"type": "Microsoft.Security/secureScores/secureScoreControls",
"properties": {
"displayName": "Protect applications against DDoS attacks",
"healthyResourceCount": 0,
"unhealthyResourceCount": 0,
"notApplicableResourceCount": 1,
"score": {
"max": 0,
"current": 0,
"percentage": 0
},
"weight": 0
}
},
{
"id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/secureScores/ascScore/secureScoreControls/34a42fb3-e6db-409c-b56b-7b1db6b8aee0",
"name": "34a42fb3-e6db-409c-b56b-7b1db6b8aee0",
"type": "Microsoft.Security/secureScores/secureScoreControls",
"properties": {
"displayName": "Enable MFA",
"healthyResourceCount": 1,
"unhealthyResourceCount": 0,
"notApplicableResourceCount": 0,
"score": {
"max": 10,
"current": 10,
"percentage": 1
},
"weight": 1
}
},
{
"id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/secureScores/ascScore/secureScoreControls/76763537-9feb-42d3-b4f4-78c01117be80",
"name": "76763537-9feb-42d3-b4f4-78c01117be80",
"type": "Microsoft.Security/secureScores/secureScoreControls",
"properties": {
"displayName": "Implement security best practices",
"healthyResourceCount": 7,
"unhealthyResourceCount": 0,
"notApplicableResourceCount": 1,
"score": {
"max": 0,
"current": 0,
"percentage": 0
},
"weight": 7
}
},
{
"id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/secureScores/ascScore/secureScoreControls/4db8d6cf-075b-4149-a813-da09ca2ae120",
"name": "4db8d6cf-075b-4149-a813-da09ca2ae120",
"type": "Microsoft.Security/secureScores/secureScoreControls",
"properties": {
"displayName": "Enable Advanced Threat Protection",
"healthyResourceCount": 0,
"unhealthyResourceCount": 1,
"notApplicableResourceCount": 0,
"score": {
"max": 0,
"current": 0,
"percentage": 0
},
"weight": 1
}
},
{
"id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/secureScores/ascScore/secureScoreControls/27b24961-75ba-4fe4-8909-97286d5dd5ee",
"name": "27b24961-75ba-4fe4-8909-97286d5dd5ee",
"type": "Microsoft.Security/secureScores/secureScoreControls",
"properties": {
"displayName": "Enable auditing and logging",
"healthyResourceCount": 1,
"unhealthyResourceCount": 4,
"notApplicableResourceCount": 0,
"score": {
"max": 1,
"current": 0.2,
"percentage": 0.2
},
"weight": 5
}
},
{
"id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/secureScores/ascScore/secureScoreControls/2d85f639-0bea-4a4a-b6c6-608952a1414a",
"name": "2d85f639-0bea-4a4a-b6c6-608952a1414a",
"type": "Microsoft.Security/secureScores/secureScoreControls",
"properties": {
"displayName": "Manage access and permissions",
"healthyResourceCount": 1,
"unhealthyResourceCount": 1,
"notApplicableResourceCount": 0,
"score": {
"max": 4,
"current": 2,
"percentage": 0.5
},
"weight": 2
}
},
{
"id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/secureScores/ascScore/secureScoreControls/99fc8df2-e0f5-40f8-9415-a7f7ca948b5a",
"name": "99fc8df2-e0f5-40f8-9415-a7f7ca948b5a",
"type": "Microsoft.Security/secureScores/secureScoreControls",
"properties": {
"displayName": "Remediate security configurations",
"healthyResourceCount": 0,
"unhealthyResourceCount": 1,
"notApplicableResourceCount": 0,
"score": {
"max": 4,
"current": 0,
"percentage": 0
},
"weight": 1
}
},
{
"id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/secureScores/ascScore/secureScoreControls/12136bd9-dc24-44f2-9587-7be3af6aac14",
"name": "12136bd9-dc24-44f2-9587-7be3af6aac14",
"type": "Microsoft.Security/secureScores/secureScoreControls",
"properties": {
"displayName": "Enable endpoint protection",
"healthyResourceCount": 0,
"unhealthyResourceCount": 1,
"notApplicableResourceCount": 0,
"score": {
"max": 2,
"current": 0,
"percentage": 0
},
"weight": 1
}
},
{
"id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/secureScores/ascScore/secureScoreControls/61702b76-1fab-41f2-bcbc-50b7870dcf38",
"name": "61702b76-1fab-41f2-bcbc-50b7870dcf38",
"type": "Microsoft.Security/secureScores/secureScoreControls",
"properties": {
"displayName": "Apply system updates",
"healthyResourceCount": 0,
"unhealthyResourceCount": 1,
"notApplicableResourceCount": 0,
"score": {
"max": 6,
"current": 0,
"percentage": 0
},
"weight": 1
}
},
{
"id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/secureScores/ascScore/secureScoreControls/0e55495e-034f-4abc-8293-767229250176",
"name": "0e55495e-034f-4abc-8293-767229250176",
"type": "Microsoft.Security/secureScores/secureScoreControls",
"properties": {
"displayName": "Encrypt data in transit",
"healthyResourceCount": 5,
"unhealthyResourceCount": 1,
"notApplicableResourceCount": 0,
"score": {
"max": 4,
"current": 3.33,
"percentage": 0.8325
},
"weight": 6
}
},
{
"id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/secureScores/ascScore/secureScoreControls/f9d5432b-8f7b-45e9-b90c-e214a30f6a02",
"name": "f9d5432b-8f7b-45e9-b90c-e214a30f6a02",
"type": "Microsoft.Security/secureScores/secureScoreControls",
"properties": {
"displayName": "Restrict unauthorized network access",
"healthyResourceCount": 1,
"unhealthyResourceCount": 0,
"notApplicableResourceCount": 0,
"score": {
"max": 4,
"current": 4,
"percentage": 1
},
"weight": 1
}
},
{
"id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/secureScores/ascScore/secureScoreControls/8fd574ec-43cf-426e-a439-a67cbaf2d564",
"name": "8fd574ec-43cf-426e-a439-a67cbaf2d564",
"type": "Microsoft.Security/secureScores/secureScoreControls",
"properties": {
"displayName": "Enable encryption at rest",
"healthyResourceCount": 1,
"unhealthyResourceCount": 0,
"notApplicableResourceCount": 0,
"score": {
"max": 4,
"current": 4,
"percentage": 1
},
"weight": 1
}
}
]
}
Definitions
Name | Description |
---|---|
Azure |
Describes an Azure resource with kind |
Cloud |
Common error response for all Azure Resource Manager APIs to return error details for failed operations. (This also follows the OData error response format.). |
Cloud |
The error detail. |
control |
The type of security control (for example, BuiltIn) |
Error |
The resource management error additional info. |
Expand |
OData expand. Optional. |
Secure |
Information about the security control. |
Secure |
The type of the security control (For example, BuiltIn) |
Secure |
Details of the security control, its score, and the health status of the relevant resources. |
Secure |
List of security controls |
AzureResourceLink
Describes an Azure resource with kind
Name | Type | Description |
---|---|---|
id |
string |
Azure resource Id |
CloudError
Common error response for all Azure Resource Manager APIs to return error details for failed operations. (This also follows the OData error response format.).
Name | Type | Description |
---|---|---|
error.additionalInfo |
The error additional info. |
|
error.code |
string |
The error code. |
error.details |
The error details. |
|
error.message |
string |
The error message. |
error.target |
string |
The error target. |
CloudErrorBody
The error detail.
Name | Type | Description |
---|---|---|
additionalInfo |
The error additional info. |
|
code |
string |
The error code. |
details |
The error details. |
|
message |
string |
The error message. |
target |
string |
The error target. |
controlType
The type of security control (for example, BuiltIn)
Name | Type | Description |
---|---|---|
BuiltIn |
string |
Microsoft Defender for Cloud managed assessments |
Custom |
string |
Non Microsoft Defender for Cloud managed assessments |
ErrorAdditionalInfo
The resource management error additional info.
Name | Type | Description |
---|---|---|
info |
object |
The additional info. |
type |
string |
The additional info type. |
ExpandControlsEnum
OData expand. Optional.
Name | Type | Description |
---|---|---|
definition |
string |
Add definition object for each control |
SecureScoreControlDefinitionItem
Information about the security control.
Name | Type | Description |
---|---|---|
id |
string |
Resource Id |
name |
string |
Resource name |
properties.assessmentDefinitions |
Array of assessments metadata IDs that are included in this security control |
|
properties.description |
string |
User friendly description of the control |
properties.displayName |
string |
User friendly display name of the control |
properties.maxScore |
integer |
Maximum control score (0..10) |
properties.source |
Source object from which the control was created |
|
type |
string |
Resource type |
SecureScoreControlDefinitionSource
The type of the security control (For example, BuiltIn)
Name | Type | Description |
---|---|---|
sourceType |
The type of security control (for example, BuiltIn) |
SecureScoreControlDetails
Details of the security control, its score, and the health status of the relevant resources.
Name | Type | Description |
---|---|---|
id |
string |
Resource Id |
name |
string |
Resource name |
properties.definition |
Information about the security control. |
|
properties.displayName |
string |
User friendly display name of the control |
properties.healthyResourceCount |
integer |
Number of healthy resources in the control |
properties.notApplicableResourceCount |
integer |
Number of not applicable resources in the control |
properties.score.current |
number |
Current score |
properties.score.max |
integer |
Maximum score available |
properties.score.percentage |
number |
Ratio of the current score divided by the maximum. Rounded to 4 digits after the decimal point |
properties.unhealthyResourceCount |
integer |
Number of unhealthy resources in the control |
properties.weight |
integer |
The relative weight for this specific control in each of your subscriptions. Used when calculating an aggregated score for this control across all of your subscriptions. |
type |
string |
Resource type |
SecureScoreControlList
List of security controls
Name | Type | Description |
---|---|---|
nextLink |
string |
The URI to fetch the next page. |
value |
Collection of security controls in this page |