Top Tips for Keeping Your Organization Safe in the Cloud


Security and data protection is a priority at any organization, as a lack of proper security can have disastrous consequences for business operations. To help you with your security efforts, Microsoft offers a suite of products designed to help detect and investigate threats early, so you can avoid putting out fires after the fact. In addition to the Microsoft 365 Defender family, Microsoft provides a Secure Score so you can see how your organization fares and where improvements to security need to be made.

What is Microsoft Defender?

The Microsoft Defender suite of products provides integrated security solutions that offer comprehensive threat prevention, detection, and response capabilities to simplify security. Depending on your security needs, Microsoft has a few different options for security, which include:

  • Microsoft Defender for Endpoint
    Enterprise networks can prevent, detect, investigate, and respond to advanced threats with this enterprise endpoint security platform.
  • Microsoft Defender Vulnerability Management
    Discover and remediate vulnerabilities and misconfigurations in one place via intelligent assessments, risk-based prioritization, built-in mitigation, and remediation tools.
  • Microsoft Defender for Office 365
    Safeguard your organization against malicious threats posed by emails, links, and collaboration tools.
  • Microsoft Defender for Identity
    This is a cloud-based security solution that leverages your on-premises Active Directory signals to identify and investigate advanced threats and malicious actions.
  • Microsoft Defender for Cloud Apps
    A Cloud Access Security Broker Solution (CASB), Defender for Cloud Apps sits between users and applications, monitoring all activity and enforcing security practices.

What is Microsoft Secure Score?

The Microsoft Secure Score measures an organizations’ security posture as a percentage, with a higher secure score meaning more security improvement actions have been taken. It allows organizations to report on the current state of their security posture, improve their security posture through guidance, and compare themselves with organizations of similar sizes to establish key performance indicators.

Microsoft Secure Score gives organizations points for:

  • Configuring security features that are recommended
  • Performing security-related tasks
  • Addressing improvement actions with third-party apps or software

10 Ways to Improve Your Microsoft Secure Score

Some improvement actions give points only when fully completed, while others give partial points if they’ve been completed for some devices or users. Here we’ll provide 10 tips on how to improve your Microsoft Secure Score, along with the impact to your score should you complete them.

Multifactor Authentication (MFA)

Score impact = +3.9% | Achievable points = 9

Multifactor authentication adds an additional layer of security to protect devices and data accessible to users. If one factor, such as a password, gets compromised, the Microsoft authenticator app provides another layer of protection to prevent unauthorized access. While mobile numbers can also be used for MFA, authenticator apps are more secure, as phone numbers can be spoofed.

Disable Legacy Authentication

Score impact = +3.46% | Achievable points = 8

Most compromising security attempts today come from legacy authentication, as older clients do not support modern authentication and use legacy protocols like IMAP or POP3. Legacy authentication does not support multifactor authentication, and as such, should be disabled.

Avoid Expiring Passwords

Score impact = +3.46% | Achievable points = 8

Research shows that when periodic password resets are enforced, users tend to choose weaker passwords, meaning that passwords become weaker as a result. Microsoft’s official security position is that passwords will not expire periodically without a specific reason.

Enable Self-Service Password Reset

Score impact = +0.43% | Achievable points = 1

If self-service password reset is enabled in Azure Active Directory, users don’t need to engage help desks to reset their passwords. This helps the IT team lower their ticket volume and focus on other security measures, while supporting user productivity.

Use Least Privilege Model

Score impact = +0.43% | Achievable points = 1

Assign users the least amount of privilege required to complete their work, so that if their account does get breached, there is a lower likelihood of a global administrative privileged account being affected. With privileged identity management, users can activate needed roles temporarily but then reset back to their normal level of privilege.

Create Safe Links Policies

Score impact = +3.9% | Achievable points = 9

Turning on a safe links policy uses data from Microsoft Defender to determine whether an email link is safe or malicious. Certain URLs can also be blocked in advance.

Turn on Safe Attachments

Score impact = +3.46% | Achievable points = 8

Safe Attachments prevents messages with detected malware attachments from being delivered. These messages get quarantined and only admins are able to review, release, or delete them. Suspicious attachment types can be specified, and messages can be set up for dynamic delivery, so the body of the email is delivered while the attachment gets scanned.

Enable Impersonated User Protection

Score impact = +3.46% | Achievable points = 8

You can prevent specified internal or external email addresses from being impersonated in phishing attempts. It is highly recommended to add for key roles, such as members of the C-suite or board of directors.

Enable Impersonated Domain Protection

Score impact = +3.46% | Achievable points = 8

You can prevent specified domains from being impersonated by the message sender’s domain. When a domain is added to the ‘Enable Domains to Protect’ list, messages that come from those domains are subject to impersonation protection checks.

Protect Users with Sign-In Risk Policy

Score impact = +3.03% | Achievable points = 7

Turning on the sign-in risk policy for all users ensures that all suspicious sign-ins, such as major change in location, are challenged for multifactor authentication (MFA) to decrease the likelihood of unauthorized access.

Let the Experts at Klarinet Solutions Help You Maintain a Secure Digital Workplace

In the modern work environment, it is more important than ever to invest in security and data protection. However, we realize that keeping up with it may get overwhelming as you have a myriad of other responsibilities to manage. That’s why Klarinet Solutions is happy to address any questions you have about security in your workplace. Reach out to the experts in digital workplace solutions today to see how we can help.

checking microsoft secure score

Daniel Amaro
Co-Founder and President, Klarinet Solutions

Dan Amaro is Klarinet Solutions' Co-Founder, President, and Lead Architect. With over a decade of expertise in effective automation and intranet solutions, he knows all things tech. He firmly believes that the right digital workplace technology streamlines communication and collaboration to allow teams to have better work-life balance. As lead architect, he works to optimize business processes, integrate moving parts, and deliver a system that runs efficiently and seamlessly within organizations.