Cancer52 is a UK‑based alliance of charities representing people affected by rarer cancers. The organisation plays a vital role in advocacy, research support and awareness, working with partners across the healthcare and charity sectors. As a charity handling sensitive information and collaborating widely, Cancer52 relies heavily on Microsoft 365 to enable secure communication, document sharing and day‑to‑day operational efficiency for staff and stakeholders.
A review of Cancer52’s Microsoft 365 environment highlighted opportunities to improve its Microsoft Secure Score and overall security posture. While core services were in place, several security controls were either not fully configured or not aligned with Microsoft best practice. This created potential exposure to phishing attacks, malware threats, unauthorised access and accidental data sharing.
Given the sensitive nature of the organisation’s work and data, Cancer52 required a structured approach to strengthening identity security, email protection and information governance. The challenge was to enhance security without disrupting staff productivity, ensuring controls were applied consistently and in a way that supported the organisation’s operational needs and compliance responsibilities.
We delivered a targeted Secure Score improvement programme focused on high‑impact security controls within Microsoft 365. Conditional Access policies were configured and enforced to strengthen identity protection, ensuring access was appropriately restricted and secured using modern authentication controls.
Microsoft Defender standard security policies were enabled to establish a strong baseline for threat protection. We reviewed and updated Anti‑Phish, Anti‑Malware and Anti‑Spam policies to improve detection and response to email‑based threats, significantly reducing the risk of malicious content reaching end users.
A centralised Quarantine Policy was created, with global settings updated to ensure consistent handling of suspicious emails and files across the organisation. User consent settings were reviewed and tightened to limit the risk posed by third‑party applications. Sensitive data labels were introduced to improve information protection and raise user awareness when handling confidential data.
To further reduce risk and improve user trust, company branding was applied across Microsoft 365 security notifications. Additional controls were implemented by disabling user installation of Outlook add‑ins and preventing external calendar sharing, reducing the likelihood of data leakage.
Cancer52 has achieved a measurable improvement in its Microsoft Secure Score, reflecting a stronger and more resilient security configuration across Microsoft 365. Identity and access controls are now significantly enhanced, reducing the risk of unauthorised access and account compromise.
Email security has been strengthened through improved threat detection and quarantine management, helping protect users from phishing and malware attacks. The introduction of sensitive data labels and tighter consent controls has improved governance and reduced the likelihood of accidental data exposure.
Overall, the project has provided Cancer52 with greater confidence in its Microsoft 365 security posture, clearer visibility of risk, and a more secure foundation to support its important work.
- Improved Microsoft Secure Score
- Conditional Access configured and enforced
- Enhanced email protection with Defender policies
- Centralised quarantine management
- Sensitive data labelling implemented
- Reduced risk from add‑ins and external sharing
