A structured Microsoft 365 Secure Score uplift across device, identity and data controls for an Aboriginal Community Controlled Health Organisation handling sensitive community health information.
Yadu Health Aboriginal Corporation holds sensitive health data for a remote community. Their Microsoft 365 environment had grown organically over the years, and with it, a backlog of unaddressed security gaps. Their Secure Score sat well below the recommended threshold, leaving identity, device, and data controls either partially configured or missing entirely.
With cyber insurance providers increasingly asking for Secure Score data as part of premium assessments, and with the sensitivity of the information Yadu Health handles, the status quo wasn't an option.
InterIntra conducted a full Secure Score review across Yadu Health's Microsoft 365 tenant, then worked through a structured uplift program targeting three domains.
On the device side, we built and deployed Intune policy sets aligned to ACSC Windows Hardening Guidelines, including Attack Surface Reduction rules and hardening baselines for Windows 10/11, Microsoft 365, and Office. Policies were trialled on a small group of devices before staged production rollout, with issues resolved before full deployment.
For identity, we configured self-service password reset for all users, enabled Conditional Access policies to block legacy authentication, and updated the password expiration policy in line with current Microsoft recommendations.
On the data side, we ran an Information Protection planning session with Yadu Health staff, then created and published sensitivity labels across five tiers (Public through to Restricted) using NIST-aligned classifications. Data Loss Prevention policies were deployed to prevent inappropriate sharing of sensitive information across Microsoft 365 apps and email. Staff received hands-on training before handover.
Yadu Health's Microsoft 365 Secure Score moved from below the average band into the recommended range, providing meaningful, measurable improvement to their security posture across all three domains. They now have documented device policies, governed identity controls, and a live data classification framework. Their IT environment better reflects the responsibility they carry for community health information, and they have documented evidence to support future cyber insurance assessments.
Whether you're looking for ongoing IT support, a strategic technology partner, or expert help navigating security and compliance. Let's have a real conversation. No jargon, no pressure.