Technical Webinar: How to Maximize Your Microsoft Secure Score

Join us as we dive into Microsoft Secure Score and how it can help you strengthen your organization’s security posture.

We’ll cover how to easily track your score, implement simple yet impactful security improvements, and integrate Secure Score with powerful tools like Microsoft Defender, Compliance Center, and Azure AD to create a robust security framework.

Whether you’re looking to boost endpoint protection, enhance identity security, or ensure compliance, this session will give you practical insights and actionable steps to protect your organization.

Watched this webinar and still need some help or don’t want to do it yourself? We got you.

Is your Microsoft environment protected from Storm-2372

Are you protecting the core of your business operations from Storm-2372? In case you missed our last webinar, we’ve been helping our customers thrive by maximizing the security potential of their M365 environments. With M365 apps at the crux of communications, file storage/sharing, and authentication to inter-connected systems, one overlooked configuration setting could lead to a big ripple effect.

In the active Storm-2372 phishing campaign, a threat actor is targeting organizations within government, IT, defense, telecommunications, health, and energy/oil/gas sectors in Europe, North America, Africa, and the Middle East. Seemingly linked to Russian interests, the threat actor is exploiting input-constrained devices (think smart TVs and some Internet of Things “smart home” devices). 

So how does this work? The attacker starts a conversation with the target using messaging platforms like Microsoft Teams, WhatsApp, or Signal, posing as a prominent person and inviting the target to an online meeting such as an industry-relevant conference or interview. The fake Teams meeting invite includes a device code generated by the attacker to imitate the experience of the messaging service. This provides the attacker initial access to your account and enables Graph API data collection activities like email harvesting. With this done, the attacker no longer needs password for the victim’s M365 services (email, cloud storage) as long as the tokens remain valid, or as long as the attacker can use the specific client ID to generate new tokens.

What can you do about it?

  • Disable External Messaging: We see this often when we perform Microsoft 365 Assessments for our customers. It’s such an easy one to miss, but leaves a gaping hole in your security.
  • Restrict Device Code Authentication Flow: Block the device code flow wherever possible, as it’s primarily intended for devices lacking traditional input methods. Evaluate your organization’s need for this feature and disable it unless absolutely necessary.
  • Configure Conditional Access Policies: Utilize Microsoft Entra ID (formerly Azure Active Directory) to create Conditional Access policies that control device code authentication. This includes:
    • Blocking Device Code Flow: Set policies to prevent device code authentication for all users, with exceptions only for specific cases where it’s required.
    • Enforcing Multi-Factor Authentication (MFA): Require MFA for all sign-ins to add an extra layer of security.
    • Implementing Sign-in Risk Policies: Automatically respond to risky sign-ins by blocking access or requiring additional verification.
  • Educate Users on Phishing Techniques: Conduct regular training sessions to help users recognize and avoid phishing attempts, especially those involving device code authentication requests.
  • Monitor Sign-in Activity: Regularly review sign-in logs for unusual activities, such as unexpected device code authentications or sign-ins from unfamiliar locations.
  • Restrict Device Registrations: Limit permissions for device registrations to prevent unauthorized devices from accessing your environment. Regularly audit registered devices to ensure they are authorized.

 

If you’re unsure where to start, or want to confirm your Microsoft environment doesn’t have any gaps, don’t hesitate to reach out. We’ve helped many customers ensure their environments are safe and secure.

How to Help Prevent Vendor Fraud

It’s 2025, businesses are all online, their vendors are all online, and they are all connected. It makes working together much easier, which is great, but it also makes vendor fraud much easier.

In this type of scam, criminals impersonate trusted vendors or create fake ones to trick companies into making fraudulent payments. Whether through hijacked emails or fake invoices, this sophisticated fraud can cause severe financial damage if not detected early.

This blog explores what vendor impersonation fraud is, how to recognize it, and the steps you can take to protect your business from falling victim to this growing risk.

 

What is Vendor Impersonation Fraud?

 

Vendor impersonation fraud is a form of Business Email Compromise (BEC) fraud. This type of scam occurs when cybercriminals, or even disgruntled employees, trick an organization into making payments to fraudulent accounts. 

 

The fraudster may gain access to a trusted vendor’s email account, use fake documents to modify payment details or impersonate a legitimate vendor to initiate invoice scams or other fraudulent activities. 

Types of Vendor Impersonation Fraud:

Vendor impersonation fraud can take several forms, each with its unique method of operation. Below are the most common types:

  1. Ghost Vendor Fraud: Ghost vendors are fake vendors that are created in company records. Payments are made to these non-existent vendors, and the funds are typically siphoned off by an employee or an external fraudster. This type of fraud is particularly difficult to detect because the fraudulent vendor seems legitimate on paper.
  2. Check Manipulation: Fraudsters sometimes modify or forge a vendor’s check to redirect payments to their own personal bank account. This can happen when an employee or external fraudster gains access to vendor payment information and alters it before the funds are processed.
  3. Duplicate Payments: In this type of fraud, an employee uses a legitimate vendor’s account but manipulates the payment records to initiate multiple payments for a single invoice. The extra payment is then directed to the fraudster’s account. This type of fraud exploits weaknesses in accounts payable systems and is often discovered only after a significant amount of money has been transferred.

 

Who’s at Risk?

 

Vendor impersonation fraud can affect any business, but certain organizations and individuals are more vulnerable to these types of scams. Small businesses or organizations with limited resources and cybersecurity measures are often targeted due to their perceived vulnerability. Additionally, organizations that engage in frequent international transactions or have a high volume of vendor interactions are more exposed to fraud attempts.

Certain employees are also at higher risk of being targeted. According to studies, employees in accounting, operations, sales, customer service, and purchasing departments are most often involved in fraud incidents. These individuals often have the financial authority to approve payments and make vendor-related transactions, making them prime targets for fraudsters.

 

Red Flags to Watch Out For:

  1. Unusual Payment Requests: Be on the lookout for payment requests that deviate from normal procedures. These could include sudden changes in bank account details, requests for expedited payments, or payments to unfamiliar or unrelated third-party accounts. Fraudsters often pressure organizations to act quickly, hoping to bypass normal verification processes.
  2. Inconsistent Invoices or Documentation: Fake or altered invoices are a major indicator of vendor fraud. Look for inconsistencies such as misspelled vendor names, incorrect formatting, missing information, or discrepancies in the details on the invoice. Irregularities like these should raise red flags.
  3. Suspicious Communication Patterns: If a vendor suddenly uses a different email address, makes unusual phone calls, or requests to communicate outside of normal channels, it’s a potential sign of impersonation fraud. Fraudsters often attempt to manipulate communication to divert payments.
  4. Unexpected Price Increases: Fraudsters may attempt to overcharge for products or services, hoping that their request will slip through unnoticed. Watch out for vendors requesting sudden or unexplained price increases, especially when these increases deviate from normal contractual agreements.
  5. Poor Quality or Undelivered Goods/Services: A common warning sign of vendor fraud is the delivery of substandard goods or services. Fraudsters may intentionally send low-quality products, or the goods may go undelivered entirely. Always verify orders and deliveries to ensure they align with expectations.
  6. Unusual Vendor Behavior: Changes in a vendor’s behavior—such as evasiveness, unresponsiveness, or reluctance to provide documentation or clarification—should raise concerns. A sudden change in how a vendor operates is a common tactic used by fraudsters to avoid being caught.

How to Identify Vendor Impersonation Fraud

 

Here are some ways you can improve your ability to detect potential vendor fraud:

  1. Discrepancies in Vendor Information: Always review vendor details such as contact information, addresses, and tax identification numbers. If the information provided cannot be verified or seems inconsistent, it could be a sign of fraud.
  2. Inconsistencies in Payment Records: Scrutinize payment records for multiple payments to the same vendor invoice, irregular price hikes, or discrepancies in payment dates. Fraudulent payments may appear normal at first glance but will often have inconsistencies that can be caught with careful attention.
  3. Unusual Vendor Behavior: Pay attention to changes in the way your vendors communicate with you. Fraudsters often change their communication style, which may include using a new email address or requesting that you use a different communication channel. Always verify these changes before proceeding with any transactions.
  4. Unexpected Price Increases: Any unexpected price increases, especially when unsubstantiated, should be investigated. Fraudsters often exploit price changes to divert funds to their own accounts. Ensure that any price changes are legitimate and aligned with your contracts.
  5. Substandard or Undelivered Goods/Services: Poor-quality goods or services or orders that are consistently delayed or unfulfilled can indicate vendor fraud. Always verify orders and inspect deliveries to ensure the business is receiving what it paid for.

Measures to Detect and Prevent Vendor Impersonation Fraud

 

To help prevent fraud from occurring, here are several strategies to implement:

 

  1. Vendor Due Diligence: During the onboarding process, verify all vendor details, including their financial stability, reputation, and references. Always ensure that the information provided by vendors matches what is available through independent sources.
  2. Evaluate Internal Controls: Review the vendor’s internal controls and anti-fraud policies. Strong internal controls show that the vendor is committed to mitigating the risk of fraud, making them a more reliable partner.
  3. Run Thorough Background Checks: Conduct background checks on employees involved in vendor management and financial transactions. Ensure that their track record is trustworthy and that they have no history of misconduct.
  4. Split Responsibilities and Regular Rotation: To reduce the risk of employee fraud, split duties between multiple people. For example, the person responsible for inputting vendor information should not be the same person responsible for approving transactions. Regularly rotating responsibilities can further prevent fraud from being perpetrated over time.
  5. Employee Anti-Fraud Training: Providing comprehensive training to employees on fraud prevention is crucial. Make sure employees are aware of vendor impersonation fraud and know how to report suspicious activities. Encourage a culture of vigilance where employees feel comfortable raising concerns.
  6. Monitor and Audit Transactions: Regularly audit vendor-related transactions and monitor for any signs of suspicious activity. A well-maintained auditing process helps uncover any vulnerabilities that fraudsters might exploit.
  7. Invest in Vendor Management Software: Using centralized platforms to manage vendors and contracts can streamline the verification and management process. These tools often provide built-in fraud detection and tracking capabilities, making it easier to spot fraudulent activity.
  8. Educate Your Team: Educating your team about the risks and consequences of vendor impersonation fraud can enhance their vigilance. Conduct regular risk assessments and audits to identify vulnerabilities and close any gaps that fraudsters could exploit.

 

Responding to Vendor Fraud

 

If you suspect vendor impersonation fraud, swift action is crucial. Here’s what you should do:

 

  1. Document and Preserve Evidence:
    Gather and securely store all evidence related to the fraud, including emails, invoices, payment records, and communications with the fraudster. This is essential for investigations, insurance claims, and legal proceedings.

  2. Notify Authorities and Affected Parties:
    Report the fraud to local law enforcement and provide all relevant details and evidence. Notify any financial institutions and individuals directly affected by the fraud.

  3. Seek Legal and Professional Advice:
    Consult with legal advisors who specialize in fraud and cybersecurity matters. They can guide you through the legal implications and assist with recovery efforts.

 

Vendor impersonation fraud is a serious threat that can result in significant financial losses and long-term reputational damage. But with the right tools, strategies, and awareness, you can safeguard your business from falling victim to these scams. At edgefi, we specialize in helping businesses like yours implement robust cybersecurity measures, including proactive vendor fraud detection and prevention strategies.

Our team can work alongside you to strengthen your internal controls, educate your employees, and implement cutting-edge technology to protect against fraud.

Don’t wait for a fraud attempt to occur—take action now to protect your business.

Tutorial: SCuBA Your Microsoft 365

Introduction

Managing security and compliance in Microsoft 365 (O365) is crucial to protecting sensitive data and ensuring regulatory adherence. However, unused or misconfigured policies, permissions, and access controls can accumulate as your environment grows, creating security risks and inefficiencies.

SCuBA (Secure Cloud Business Applications) is a framework developed to enhance security and resilience in cloud environments, particularly for government and enterprise organizations. It provides standardized configurations, best practices, and automation tools to help organizations secure Microsoft 365 workloads while aligning with CISA (Cybersecurity and Infrastructure Security Agency) guidelines. By implementing SCuBA recommendations, organizations can improve visibility, enforce security baselines, and proactively mitigate cyber threats in their cloud environments.

Procedure

Getting Started

Before using SCuBA to assess and secure your Microsoft 365 environment, ensure that your tenant has the required licenses, that your system meets all software prerequisites, and that you have the necessary user and application permissions for a successful assessment.

License Requirements

SCuBA has been tested on Microsoft 365 tenants with E3/G3 and E5/G5 license bundles. While it may still function on tenants without these bundles, some security assessments and policy checks may be limited.

Certain baseline policy checks depend on specific Microsoft 365 security features, which are included by default in E5 and G5 plans. These features include:

Software Requirements

User Permissions

SCuBA queries various Microsoft 365 APIs to assess security configurations. To allow this, the user running SCuBA must have the minimum required roles for each Microsoft 365 product:

Application Permissions

SCuBA requires Microsoft Graph API access for Entra ID and SharePoint assessments. If permissions are not pre-configured, SCuBA will request them.

The following Microsoft Graph API permissions must be granted:

Installing SCuBA

Method 1: Installing SCuBA from PSGallery

  1. Open PowerShell as Administrator.

  2. Run the following command to install SCuBA:

  1. Verify the installation:

  1. Initialize SCuBA and its dependencies:

Method 2: Installing SCuBA from GitHub

  1. Open your web browser and go to the SCuBA Releases page.

  2. Locate the latest version of SCuBA.

  3. Under the Assets section, click the .zip file (e.g., ScubaGear-v1.5.0.zip) to download it.

  4. Once downloaded, extract the .zip file to a directory of your choice.

  5. Open PowerShell as Administrator.

  6. Navigate to the directory where you have SCuBA extracted to.

  7. Run the following command to import the SCuBA module:

8. Initialize SCuBA and its dependencies:

Using SCuBA

Once SCuBA is installed, you can use it to assess the security configurations of your Microsoft 365 environment. This portion of the guide will explain how to run SCuBA using both PowerShell Gallery (PSGallery) installations and GitHub installations.

If you installed SCuBA using PowerShell Gallery, you can run it directly.

  1. Open up PowerShell with administrator privileges.

  2. Run the following command to assess all supported Microsoft 365 products:

3. You will be prompted to sign in. Sign in with the appropriate credentials to run the report.

  1. After the report is run, use the following command to manually disconnect from your session to ensure that there are no lingering authenticated connections.

If you downloaded SCuBA manually from GitHub, you need to import the module before running it.

  1. Open up PowerShell with administrator privileges.

  2. Navigate to the directory where you have SCuBA saved.

  3. Run the following command to import the SCuBA module:

4. Afterward, run the following command to assess all supported Microsoft 365 products:

5. After the report is run, use the following command to manually disconnect from your session to ensure that there are no lingering authenticated connections.

Technical Webinar: SCuBA Your Microsoft 365

This webinar is all about SCuBA. A powerful security scanning and assessment solution that helps uncover misconfigurations and vulnerabilities across your Microsoft 365 tenant.

You’ll learn how to:

  • Get started with SCuBA
  • Run a simple yet revealing report
  • Interpret its findings in a way that aligns with your organization’s broader security goals
  • Create a strategic roadmap for improvement, complete with a sample template

By the end of this session, you will be equipped with actionable insights and practical steps to enhance your Microsoft 365 security posture confidently and efficiently.


Watched this webinar and still need some help or don’t want to do it yourself? We got you.

How to Use Microsoft Secure Score to Build a Long-Term Security Roadmap

You’ve raised your Microsoft Secure Score and aligned it with NIST CSF in our previous posts. But security is an ongoing journey. This post explains how to create a long-term roadmap that keeps your Microsoft 365 security posture evolving.  

1. Assess Your Current Secure Score

 
  • Establish a baseline to set realistic security goals.
  • Automated trend reports from edgefi show changes month-over-month, highlighting stagnation or improvement.
  • Pro Tip: Use the Microsoft 365 Defender Secure Score portal to gather data and note high-impact recommendations.
 

2. Prioritize Recommendations

 
  • Why It Matters: Some actions deliver bigger security boosts than others.
  • edgefi filters recommendations by potential risk reduction, ensuring you tackle the most critical items first.
  • Pro Tip: Focus on identity and access management first (MFA, Conditional Access).
 

3. Develop a Phased Implementation Plan

 
  • Why It Matters: Attempting every recommendation at once may overwhelm resources.
  • Create milestones within edgefi to track and receive reminders for each implementation phase.
  • Pro Tip: Break it down into short-term (1–3 months), medium-term (3–6 months), and long-term (6–12 months).
 

4. Monitor and Adjust Over Time

 
  • Why It Matters: Cyber threats evolve quickly. Your roadmap should, too.
  • Get AI-driven alerts on changes that may affect your score, ensuring you respond in real time.
  • Pro Tip: Regularly review Secure Score for new recommendations and re-check completed ones.
 

5. Communicate Progress to Stakeholders

 
  • Why It Matters: Executive buy-in ensures continued resource allocation.
  • edgefi generates executive-friendly reports, saving time on data collection and formatting.
  • Pro Tip: Present quarterly updates on Secure Score improvements tied to risk reductions and compliance achievements.
    A robust security roadmap requires both vision and the right tools. Let Microsoft Secure Score be your guiding metric, and edgefi your co-pilot for data-driven, ongoing security enhancements. Stay secure, stay vigilant—and watch your Secure Score soar!  

Aligning Microsoft Secure Score with Industry Standards: A Guide to NIST CSF

We showed you quick wins to boost Microsoft Secure Score in our previous post. But how do those actions fit into globally recognized frameworks like the NIST Cybersecurity Framework (NIST CSF)? This blog helps you map Secure Score improvements to NIST CSF for:  
  • Executive and auditor compliance
  • A holistic approach to risk management
  • Streamlined enhancements with edgefi
 

What is NIST CSF?

  The NIST Cybersecurity Framework consists of six core functions: Identify, Protect, Detect, Respond, Recover, and Govern. It’s widely used across industries to manage cybersecurity risk and demonstrate best practices.  

Mapping Microsoft Secure Score to NIST CSF

 

1. Identify

2. Protect

  • Enabling MFA, conditional access, and anti-phishing measures.
  • Identity Protection with Azure AD
  • edgefi provides a single pane of glass to track protective measures, reducing complexity.

3. Detect

4. Respond

  • Incident response workflows and automated remediation.
  • Microsoft 365 Incident Response
  • edgefi consolidates alerts into one dashboard, speeding up response times.

5. Recover

  • Backup plans and post-incident reviews.
  • Microsoft 365 Backup and Recovery
  • edgefi integrates backup/restore solutions and tracks recovery metrics for minimal downtime.

6. Govern

 

Benefits of Alignment

 
  • Compliance Readiness: Present a clear mapping from Secure Score actions to recognized controls.
  • Continuous Improvement: Raise your Secure Score by addressing each NIST CSF function.
  • Executive Buy-In: Frame your security progress in terms of an industry-standard framework.
 

Aligning Microsoft Secure Score with NIST CSF elevates your cybersecurity strategy. Next, learn how to make these improvements sustainable in our fourth blog post. Don’t want to do it all by yourself? Let edgefi help you in bridging Microsoft 365 security data with leading frameworks for hassle-free compliance.  

Top 5 Microsoft Secure Score Recommendations for Immediate Impact

We’ve covered what Microsoft Secure Score is and why it’s crucial. Now, let’s get hands-on with five high-impact recommendations that can quickly elevate your organization’s security posture and boost your Secure Score.

 

 

Recommendation 1: Enable Multi-Factor Authentication (MFA)

 

  • Why It Matters: Enabling MFA can block over 99.9% of compromised sign-in attempts, according to Microsoft.
  • How to Do It: See Enable Multi-Factor Authentication in Microsoft 365.
  • Boost with edgefi: We track MFA adoption rates and flags users who still lack MFA.

 

 

Recommendation 2: Set Up Anti-Phishing Policies

 

  • Why It Matters: Phishing remains a top attack vector.
  • How to Do It: Use Microsoft Defender for Office 365 anti-phishing policies to spot and block malicious emails.
  • Boost with edgefi: Real-time mail flow analytics in edgefi detect suspicious patterns faster than manual monitoring.

 

 

Recommendation 3: Restrict Administrative Privileges

 

  • Why It Matters: Over-privileged accounts pose significant risks if compromised.
  • How to Do It: Implement role-based access control (RBAC) in Azure AD.
  • Boost with edgefi: We highlight dormant or unnecessary privileges that can be safely removed.

 

 

Recommendation 4: Enable Logging and Alerts

 

  • Why It Matters: Real-time visibility is key to detecting threats early.
  • How to Do It: Configure Microsoft 365 auditing and alerts.
  • Boost with edgefi: AI-driven anomaly detection from edgefi helps you respond to incidents faster.

 

 

Recommendation 5: Review and Update Conditional Access Policies

 

  • Why It Matters: Conditional Access ensures users get “just-enough” access.
  • How to Do It: Learn more about Conditional Access in Azure AD.
  • Boost with edgefi: We test new policies to predict potential user impact before going live.

 

By implementing these five steps, you’ll see a quick lift in your Microsoft Secure Score. Don’t want to do it yourself? Don’t worry, we got you.

 

What Is Microsoft Secure Score and Why Should You Use It

If you’re looking for the key to enhancing your organization’s Microsoft 365 security posture, Microsoft Secure Score should be at the top of your list. This powerful dashboard not only provides an overview of your current security standing but also gives actionable recommendations to improve it. In this post, we’ll explore:

 

 

After finishing here, don’t miss our Top 5 Microsoft Secure Score Recommendations to implement easy, high-impact changes quickly.

 

What is the Microsoft Secure Score?

Microsoft Secure Score is an analytics tool that measures your organization’s security posture by evaluating how well you follow recommended security practices. It aggregates data from services like Microsoft Defender for Office 365, Microsoft Defender for Endpoint, and other Microsoft 365 products to assign you a numerical “score.” A higher score indicates closer alignment to Microsoft’s recommended best practices.

 

Key Benefits of the Microsoft Secure Score

  1. Centralized Visibility: Gain insight into your entire Microsoft 365 environment from a single, intuitive dashboard.
  2. Prioritized Recommendations: Access actionable steps sorted by potential impact on your security posture.
  3. Ongoing Monitoring: Continuously track improvements, as changes affect your overall security score in real time.
  4. Integration with Industry Frameworks: Align easily with standards like NIST CSF or CIS Controls—detailed in our third blog post on aligning Secure Score with industry standards.

 

Why You Need the Microsoft Secure Score

  • Holistic Protection: Secure Score covers everything from identity protection to device management, offering a comprehensive overview.
  • Action-Oriented: Removes guesswork with specific configuration adjustments.
  • Supports Zero Trust: Adopts a Zero Trust approach by focusing heavily on identity, access, and threat protection.

 

First Steps to Use the Microsoft Secure Score

  1. Access the Dashboard: Go to the Microsoft 365 Defender portal and select Secure Score from the left navigation.
  2. Review Recommendations: Understand which security controls are lacking, and prioritize them based on your organization’s risk tolerance.
  3. Plan Your Improvements: Create a phased plan—tackle “quick wins” first, then address more complex measures.
  4. Leverage edgefi: We can help automate and optimize recommendations for maximum security impact with minimal effort.

 

Microsoft Secure Score is a powerful ally in your security journey. Check out our other blogs for insights on supercharging your Secure Score strategy.

Strengthening Your Microsoft 365 Security: An Enterprise Guide for 2025

Did you make a New Year’s resolution this year? If so, you’re not alone. Lots of people use this time to set goals, focus on new growth opportunities, or reprioritize what matters most to them. We’re doing the same here at edgefi. In 2025, we’ll be exercising more, spending less time watching dating shows on Netflix, and finally start making progress on that stack of books on our nightstand. More importantly, we’ll also be reemphasizing the core expertise that first kickstarted our company’s growth journey: Microsoft 365 security for the enterprise.   Unlike other resolutions that will be abandoned before Spring, we’re doubling down on this initiative because Microsoft 365 security is a significant risk hiding in plain sight. This isn’t just another SaaS tool—it’s the digital backbone of modern enterprise. During a recent investor call, Microsoft revealed that over 70% of Fortune 500 companies now use Copilot AI. That’s in addition to the millions of workers who use Word, Excel, Teams, SharePoint, and other Microsoft tools to make critical business decisions, share sensitive information, and collaborate on key projects.   Microsoft 365 is so woven into our daily work routines that we hardly give it a second thought. But that’s where the real danger lies. Microsoft’s ubiquity makes these tools attractive targets for cybercriminals. And while most organizations understand the need to harden their systems against cyber threats, the everyday nature of Microsoft 365 can lead to dangerous blind spots in enterprise security.  

Why Microsoft 365 Security Demands Attention

  Microsoft tools weren’t always such a threat. Back in the old days (aka the 80s and 90s), the Office suite was a program you downloaded from a physical disc—compact or floppy. All you had to do to keep people out of your private files was to keep them away from your computer. The cloud revolution changed all that.   Today, companies upload their data onto someone else’s server (aka the cloud) and keep it offsite. It’s a lot like those pods moving companies will drop in your driveway, load it up with your stuff, and someone else will move it to the next location. Very convenient!    But that convenience comes at a serious cost. Not only is it much easier for criminals to access your data when it’s outside your physical control, but the security landscape has become much more complex. To make matters worse, many companies mistakenly believe their cloud service provider handles data storage and security. In reality, providers create detailed security responsibility matrices that place the bulk of those duties onto the customer. As a result, companies often don’t appreciate how vulnerable they actually are.

 

Big Threats Hiding in Plain Sight

  The inherent vulnerability of the cloud is compounded by the number of potential access points across the Microsoft 365 ecosystem and by how deeply ingrained they are in our everyday routines. Here are just a few examples:  
  • Exchange: Email is a massive vulnerability for most businesses. Imagine the sensitive information you’ve shared with colleagues and coworkers over email that you wouldn’t share with a stranger, let alone a criminal. Financial data, passwords, industry secrets, and more are all potentially up for grabs if the wrong person compromises your email system. 
  • Teams: Productivity applications like Teams are growing in popularity as an email replacement, making them an often under appreciated data exposure risk. Microsoft Teams conversations often contain sensitive internal discussions, confidential project details, and business-critical information. 
  • Sharepoint: Companies now rely on solutions like SharePoint for document storage and collaboration, but ensuring the correct people have access to the appropriate data is a huge undertaking. A simple mistake like sharing a folder instead of a single document can expose an entire repository of sensitive information. Managing access over time is even more challenging—when employees leave, contractors finish projects, or business relationships change, those SharePoint permissions also need to change.
  • Decentralized Usage: If managing cloud security wasn’t challenging enough, many employees access these applications on their mobile devices, making them a potential security blind spot.
  Internal IT teams are already stretched razor-thin. Organizations with over 1,000 employees use an average of 177 SaaS applications. It would be easy to overlook the security setting of a seemingly innocuous internal tool like Teams. The risk of a data breach is too large, however, and the complexity of the security landscape only continues to grow.

 

The State of Microsoft 365 Security

  Understanding your Microsoft 365 security posture doesn’t have to be a Sherlock Holmes-level mystery. Microsoft’s built-in Secure Score tool evaluates your environment across 1,000 checkpoints. It’s a lot like visiting a car dealership and receiving a printout of your vehicle’s health from bumper to bumper.    The Secure Score results are sobering. The average organization scores 45% on this assessment. Even best-in-class organizations typically only reach around 80%. The gap between current security levels and full protection paints a clear picture of the risk. But with most IT teams severely underutilizing these tools, there are also enormous opportunities for improvement.   Understanding your security gaps is just the first step. Organizations need a clear path forward and support from experts who can help them navigate it. That’s where edgefi’s approach makes a critical difference.

 

The edgefi Microsoft 365 Security Assessment

  Most companies already have access to powerful security tools through their Microsoft 365 license—they just need help maximizing these resources. That’s why we’ve developed a three-part approach that illuminates existing security vulnerabilities and provides a clear roadmap for creating a more secure Microsoft 365 environment.  
  1. Assessment: We begin by understanding your environment using tools you already have. We create a comprehensive view of your security landscape by combining insights from Microsoft SecureScore and Cybersecurity and Infrastructure Security Agency’s (CISA) SCuBA guidelines
  2. Roadmap: With that information in hand, we build a roadmap that prioritizes your most critical security needs with the goal of helping you achieve a 100% SecureScore rating. 
  3. Accountability: Of course, implementing a roadmap is its own challenge. Fortunately, edgefi will be there to provide quarterly updates and a refreshed roadmap on your journey to best-in-class cloud security.
  Our security assessment is free if you purchase your Microsoft License through edgefi. If you’ve purchased your license somewhere else, you can move it to edgefi and receive this valuable security add-on, or we can perform a security assessment for a fee. However you choose to engage, our goal is to give you a clear understanding of your Microsoft 365 security posture and provide actionable recommendations for making improvements.

 

Ready to Take Control of Your Microsoft 365 Security?

  In 2025, we resolve to be hyper-focused on helping IT teams make Microsoft 365 environments more secure. If you’re ready to take control of your Microsoft security, we hope you’ll join us on this journey. We’ll host monthly webinars throughout the year covering common Microsoft security issues. Join our mailing list so you don’t miss any of these valuable sessions.    If you’d like more information on transferring your Microsoft 365 license to edgefi or are interested in a standalone security assessment, we’re here to help. Contact us today and take the first step towards best-in-class Microsoft 365 security.