Secure Third-party Applications with Microsoft Secure Score Recommendations

On Day 11 of Cybersecurity awareness month, learn to implement and secure your third-party applications with the Microsoft secure score recommendations. Stay tuned for more blogs in our M365 Cybersecurity blog series.

Most of the Microsoft 365 organizations use certain third-party applications for various purposes like authentication, online collaboration, sharing, etc. Admins need to follow certain security measures and create required policies to secure these third-party apps as well as the overall M365 environment. Thus, Microsoft provides various secure score recommendations for certain third-party apps to prevent data breaches. Organizations that use those apps can fulfill the given recommendations to improve overall security.

Let’s explore the list of supported third-party apps and their secure score recommendations in detail.

Below is the list of third-party applications supported by the Microsoft secure score.

• Atlassian
• Citrix ShareFile
• DocuSign
• Dropbox
• GitHub
• NetDocuments (preview)
• Okta
• Salesforce
• ServiceNow
• Workplace (preview)
• Zendesk
• Zoom

From the above list of supported third-party applications, we will explore a few apps for which the recommendations were updated by Microsoft in December 2023. To access these secure score recommendations, navigate to

Microsoft Defender –> Exposure management –> Secure score –> Recommended actions

The following list are the third-party apps we will dive into detail.

• Atlassian
• Dropbox
• Meta Workplace
• NetDocuments
• Zendesk

Atlassian Guard Standard (formerly known as Atlassian Access) provides capabilities such as single sign-on, user provisioning, user API token management, data security controls, and more. Thus, admins might use this application to have centralized control and improve security.

The secure score recommendations for this application are:

Enable multi-factor authentication (MFA) – Enforcing multi-factor authentication is a necessary step to prevent data breaches, account compromises, insider threats, and more.

Enable single sign-on (SSO) – Single sign-on enables users to login to multiple applications and websites with a single set of credentials, streamlining the user’s authentication process.

Enable strong password policies – Weak passwords can be easily guessable by attackers to hack the user account. So, enabling strong password policies is essential to improve security. You can also configure a custom banned password list to strengthen password protection.

Enable session timeout for web users – Enabling session timeout for web users helps to logout user’s web sessions after a certain period, ensuring that it is not accessed by unauthorized users and protecting data.

Enable password expiration policies – Periodic password expiration prevents the usage of same password for the longer period and protects the account. Enabling password expiration policy helps to improve account security.

Additional recommendations related to Atlassian mobile app security are:

• Atlassian mobile app security – Users that are affected by policies
• Atlassian mobile app security – App data protection
• Atlassian mobile app security – App access requirement

Dropbox is a cloud storage solution that helps to share, edit, and collaborate on Office files online. Organizations use this app to save time, improve productivity, and collaborate with others.

The secure score recommendation for Dropbox is:

Enable web session timeout for web users – The web session timeout for Dropbox web users automatically signs out the sessions after a certain period to prevent unauthorized access.

Workplace from Meta is a business communication and collaboration tool that offers instant messaging, group chats, conferencing, live video broadcasting, and more. To improve employee experience and collaboration, organizations might use this application.

The secure score recommendation for Meta Workplace is:

Adopt single sign-on in workplace by meta – Implementing single sign-on helps to have single set of credentials to login once and access services without authentication to improve security and streamlines the process.

NetDocuments is a cloud-based content management platform for legal professionals to manage documents, emails, and optical character recognition (OCR) solutions.

The secure score recommendation for this application is:

Adopt single sign-on (SSO) in NetDocuments – As already stated, enabling single sign-on streamlines the authentication process by having single credentials thereby improving user experience.

Zendesk is an AI-powered solution that helps businesses deliver exceptional customer experiences, provide top-tier employee service and HR support, and optimize support operations with workforce engagement management (WEM) tools.

The secure score recommendations for Zendesk are:

Enable and adopt two-factor authentication (2FA) – Enabling two-factor authentication adds a second factor of authentication beyond a password to prevent unauthorized access for Zendesk users and improves overall security.

Send a notification on password change for admins, agents, and end users – Whenever an account’s password gets changed, it’s essential to identify whether it is changed by authorized or unauthorized users. To achieve this, sending a notification for admins, end users, and agents is essential.

Enable IP restrictions – Allowing only required IP range to login or access the app helps to prevent unauthorized access beyond those ranges. Thus, enabling IP restrictions is required to enhance security.

Block customers to bypass IP restrictions – Blocking customers from bypassing IP restrictions helps to ensure that only users from authorized IP ranges have access.

Enable session timeout for users – As previously said, session timeout signs out the ideal session to prevent data breaches or unauthorized access.

Block admins to set passwords – Blocking admins from setting account passwords helps to prevent unwanted password resets even if the admin account has been hacked. Also, admins can consider enabling the self-service password reset in Microsoft 365.

Additionally, MS recommends these below for Zendesk apps to improve secure score.

• Admins and agents can use the Zendesk support mobile app
• Enable Zendesk authentication
• Automatic redaction

I hope this blog helps identify the Microsoft secure score recommendations for the supported third-party applications. Organizations can implement the required recommendations to improve their secure score as well as overall security. Happy securing!