Cyber security is an important part of business security. With cyber crime at an all-time high, how can you secure your business? How do you know if the security measures you currently have in place are enough?


Introducing the Microsoft Security Centre?

All Microsoft customers have access to the Microsoft Security Centre on a Global Administrator OR Security Administrator account here.

Inside the Microsoft Security Centre you will find:

Device security policies

Email security policies

Incidents and alerts

Threat analytics

Auditing & more

All’s well and good having access to these policies and reports, but what is important is what do they do and how you can use them to secure your tenant. 

Microsoft Secure Score

The primary purpose of Microsoft Security Score is to:

Help you understand your current security situation

Help you efficiently and effectively improve your security

The Secure Score displays your current security posture on your Microsoft 365 tenant against Microsoft’s security best practices. This score shows what you have implemented, recommendations and improvement actions and the history of security changes made around these actions. 

The recommendations and improvements section of the Secure Score gives you an easy understanding of each of the features, what they do, and why and how to enable it, 

Each improvement is worth up to 10 points. You’re given points for the following actions:

Configuring recommended security features

Doing security-related tasks

Addressing the improvement action with a third-party application or software, or an alternate mitigation

Keep in mind that security should be balanced with usability, and not every recommendation can work for your environment.

Multi-factor Authentication

Multi-factor authentication means you and your employees must provide more than one way to sign into Microsoft 365 and is one of the easiest ways to secure your business. Enabling MFA is worth a combined 19 points on your Microsoft tenant and is one of the best security features to enable for your environment. 

Forms of authentication include:

Something you know: a password or PIN

Something you have: a phone or authentication key

Something you are: Biometrics or Face ID

Multi-factor Authentication combines multiple of these authentication forms to secure your account from malicious actors.

MFA must be enabled on your tenant through one of 3 ways:

1. Per User MFA

Per User MFA is accessible for all Microsoft tenants regardless of licensing. This is the hardest method to manage as each users settings must be configured individually but has the least organisational impact as it can be toggled on for specific users that require it. 

2. Security Defaults

Security defaults is the easiest and quickest way to enable MFA. Enabling security defaults enforces ALL users to enroll in MFA as well as disabling legacy authentication for unauthorised applications. 


Security Defaults is available to all Microsoft tenants regardless of licensing and adds 26 points to your security score.

3. Conditional Access Policies

Conditional Access is Microsoft’s premium security service, available to customers that have Azure AD Premium 1 license or licenses that include this, such as Microsoft 365 Business Premium. 


Conditional Access is also the most flexible and customisable method of deploying MFA to your team. Creating policies can be done without experience by using templates or completely customised to fit your business as smoothly as possible. 

Want to find our more about your Security Score? Contact Myrtec | 02 9146 6330

Additional Resources