Share via

Why Microsoft Defender for Cloud showing Zero Secure Score for security reader role?

Satheesh Kumar S 0 Reputation points
2025-11-12T06:32:06.43+00:00

I cannot see cloud secure score in defender for cloud dashboard overview or under security posture. However, security recommendations, regulatory compliance etc are visible. I have reader and security reader permissions assigned via RBAC at management group level. with security admin role, its working and score is visible but trying to get this with minimum required permission. security reader or reader role is not sufficient to get DFC secure score?

Microsoft Security | Microsoft Defender | Microsoft Defender for Cloud
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. SUNOJ KUMAR YELURU 16,776 Reputation points MVP Volunteer Moderator
    2025-11-12T09:34:38.8433333+00:00

    Hello @Satheesh Kumar S

    The Security Reader role is theoretically sufficient for viewing the Secure Score, but in your specific environment, it appears to be lacking a necessary underlying read permission. If assigning the Security Reader role at the Subscription level does not resolve the issue, the Security Administrator role may be required as a workaround. Verify the RBAC inheritance path to ensure correct propagation of permissions from the Management Group.

    If the Security Reader role assignment at the Management Group level is correctly inherited down to the subscriptions, it should work. If it is not working, the most common workarounds or next-step permissions involve assigning the Security Reader role directly at the Subscription level.

    If the Answer is helpful, please click Accept Answer and Up-Vote, so that it can help others in the community looking for help on similar topics.

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.