Business for Nature is a global coalition of forward‑thinking businesses and partner organisations working to reverse nature loss and drive sustainable economic systems. Operating across multiple regions with a mobile workforce, the organisation relies heavily on Microsoft 365 to collaborate securely, share sensitive information and engage with stakeholders worldwide.
As Business for Nature continued to grow and collaborate internationally, it became increasingly important to strengthen its Microsoft 365 security posture. A review of Microsoft Secure Score highlighted opportunities to reduce risk, improve resilience against phishing and malware threats, and align security controls with best‑practice standards.
The organisation needed to balance robust security with user flexibility, particularly given that staff frequently travel and access services from varying locations and devices. The objective was to improve overall security without introducing unnecessary friction for end users or disrupting day‑to‑day operations. A structured, risk‑based approach was required to implement improvements while ensuring clarity around accepted risks and user impact.
We carried out a Secure Score Improvement programme focused on Conditional Access, Microsoft Defender policies and information protection controls. Our approach prioritised high‑impact security enhancements that could be implemented with minimal disruption.
Conditional Access policies were designed, configured and enforced to protect access to Microsoft 365 services, ensuring strong authentication and device controls where appropriate. Microsoft Defender Standard policies were enabled to provide consistent baseline protection across the environment.
We reviewed and updated Anti‑Phish, Anti‑Malware and Anti‑Spam policies to improve threat detection and reduce the risk of email‑based attacks. A new Quarantine Policy was implemented alongside updated global settings, giving administrators greater visibility and control while improving the end‑user experience.
Additional security enhancements included updating user consent settings, implementing sensitivity labels for data protection, and applying company branding to create a more trusted and professional sign‑in experience. To reduce risk from unmanaged integrations, we disabled user installation of Outlook add‑ins and external calendar sharing. BYOD app protection policies were also applied to safeguard organisational data on personal devices.
A geo‑location Conditional Access policy was deliberately excluded following discussion with the customer, who confirmed acceptance of the associated risk due to frequent international travel.
Business for Nature achieved a significant improvement in its Microsoft Secure Score and overall security posture. The organisation now benefits from stronger protection against phishing, malware and spam, alongside clearer controls over data access and sharing.
Users are better protected across both corporate and personal devices, while administrators have improved visibility and governance over security settings. Importantly, these improvements were delivered without compromising the flexibility required by a globally mobile workforce.
Clear handover documentation ensured internal teams were aware of potential user queries, particularly around Outlook add‑ins, enabling smooth ongoing support. The result is a more secure, resilient Microsoft 365 environment aligned to best practice and the organisation’s operational needs.
- Improved Microsoft Secure Score
- Conditional Access policies successfully enforced
- Enhanced email threat protection
- Secure BYOD access to organisational data
- Reduced risk from third‑party add‑ins and external sharing
- Clear acceptance and documentation of residual risk
