Some improvement actions give points only when fully completed, while others give partial points if they\u2019ve been completed for some devices or users. Here we\u2019ll provide 10 tips on how to improve your Microsoft Secure Score, along with the impact to your score should you complete them.<\/p>\n\n\n\n
Score impact = +3.9% <\/em>| Achievable points = 9<\/em><\/p>\n\n\n\n Multifactor authentication adds an additional layer of security<\/a> to protect devices and data accessible to users. If one factor, such as a password, gets compromised, the Microsoft authenticator app provides another layer of protection to prevent unauthorized access. While mobile numbers can also be used for MFA, authenticator apps are more secure, as phone numbers can be spoofed.<\/p>\n\n\n\n Score impact = +3.46% <\/em>| Achievable points = 8<\/em><\/p>\n\n\n\n Most compromising security attempts today come from legacy authentication, as older clients do not support modern authentication and use legacy protocols like IMAP or POP3. Legacy authentication does not support multifactor authentication, and as such, should be disabled.<\/p>\n\n\n\n Score impact = +3.46% <\/em>| Achievable points = 8<\/em><\/p>\n\n\n\n Research shows that when periodic password resets are enforced, users tend to choose weaker passwords, meaning that passwords become weaker as a result. Microsoft\u2019s official security position<\/a> is that passwords will not expire periodically without a specific reason.<\/p>\n\n\n\n Score impact = +0.43% <\/em>| Achievable points = 1<\/em><\/p>\n\n\n\n If self-service password reset is enabled in Azure<\/a> Active Directory, users don\u2019t need to engage help desks to reset their passwords. This helps the IT team lower their ticket volume and focus on other security measures, while supporting user productivity.<\/p>\n\n\n\n Score impact = +0.43% <\/em>| Achievable points = 1<\/em><\/p>\n\n\n\n Assign users the least amount of privilege required to complete their work, so that if their account does get breached, there is a lower likelihood of a global administrative privileged account being affected. With privileged identity management, users can activate needed roles temporarily but then reset back to their normal level of privilege.<\/p>\n\n\n\n Score impact = +3.9% <\/em>| Achievable points = 9<\/em><\/p>\n\n\n\n Turning on a safe links policy uses data from Microsoft Defender to determine whether an email link is safe or malicious. Certain URLs can also be blocked in advance.<\/p>\n\n\n\n Score impact = +3.46% <\/em>| Achievable points = 8<\/em><\/p>\n\n\n\n Safe Attachments prevents messages with detected malware attachments from being delivered. These messages get quarantined and only admins are able to review, release, or delete them. Suspicious attachment types can be specified, and messages can be set up for dynamic delivery, so the body of the email is delivered while the attachment gets scanned.<\/p>\n\n\n\n Score impact = +3.46% <\/em>| Achievable points = 8<\/em><\/p>\n\n\n\n You can prevent specified internal or external email addresses from being impersonated in phishing attempts. It is highly recommended to add for key roles, such as members of the C-suite or board of directors.<\/p>\n\n\n\n Score impact = +3.46% <\/em>| Achievable points = 8<\/em><\/p>\n\n\n\n You can prevent specified domains from being impersonated by the message sender\u2019s domain. When a domain is added to the \u2018Enable Domains to Protect\u2019 list, messages that come from those domains are subject to impersonation protection checks.<\/p>\n\n\n\n Score impact = +3.03% <\/em>| Achievable points = 7<\/em><\/p>\n\n\n\n Turning on the sign-in risk policy for all users ensures that all suspicious sign-ins, such as major change in location, are challenged for multifactor authentication (MFA) to\u00a0decrease the likelihood of unauthorized access.<\/a><\/p>\n\n\n\n Ref: How to Improve Your Microsoft Secure Score for Better Cloud Security – Klarinet Solutions\u00ae, LLC<\/a><\/p>\n","protected":false},"excerpt":{"rendered":" Some improvement actions give points only when fully completed, while others give partial points if they\u2019ve been completed for some devices or users. Here we\u2019ll provide 10 tips on how to improve your Microsoft Secure Score, along with the impact to your score should you complete them. Multifactor Authentication (MFA) Score impact = +3.9% | Achievable points Read More<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_bbp_topic_count":0,"_bbp_reply_count":0,"_bbp_total_topic_count":0,"_bbp_total_reply_count":0,"_bbp_voice_count":0,"_bbp_anonymous_reply_count":0,"_bbp_topic_count_hidden":0,"_bbp_reply_count_hidden":0,"_bbp_forum_subforum_count":0,"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[1249,1526,10],"tags":[1587],"class_list":["post-4747","post","type-post","status-publish","format-standard","hentry","category-azure-microsoft","category-microsoft-defender","category-microsoft","tag-improve-microsoft-secure-score"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=\/wp\/v2\/posts\/4747","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=4747"}],"version-history":[{"count":1,"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=\/wp\/v2\/posts\/4747\/revisions"}],"predecessor-version":[{"id":4748,"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=\/wp\/v2\/posts\/4747\/revisions\/4748"}],"wp:attachment":[{"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=4747"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=4747"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=4747"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}Disable Legacy Authentication<\/h3>\n\n\n\n
Avoid Expiring Passwords<\/h3>\n\n\n\n
Enable Self-Service Password Reset<\/h3>\n\n\n\n
Use Least Privilege Model<\/h3>\n\n\n\n
Create Safe Links Policies<\/h3>\n\n\n\n
Turn on Safe Attachments<\/h3>\n\n\n\n
Enable Impersonated User Protection<\/h3>\n\n\n\n
Enable Impersonated Domain Protection<\/h3>\n\n\n\n
Protect Users with Sign-In Risk Policy<\/h3>\n\n\n\n