As a cybersecurity architect, you are tasked with evaluating the security posture of a company's Microsoft 365 environment. The company has recently experienced a significant increase in phishing attacks targeting their email system. Using Microsoft Secure Score, what metrics would you focus on to improve the security posture of their productivity and collaboration workloads, and how would you implement changes to mitigate these threats?