The Microsoft product stack is one of the most commonly used software sets across the world and it has cemented its place in the market as on the of best collaboration and productivity tools available. In 2021, Microsoft pledged to invest a further 20 Billion over the next five years into Cyber Security and have been named leaders in several of Gartner’s Magic Quadrants for their offerings.
Dependent on your current license, there are several ‘out of the box’ features available which will help enable you too: prevent data leakage, unauthorised access, protect and secure your data, as well as streamline your configurations, and life cycle management.
Azure Multi-Factor Authentication (MFA) is highly recommended from a security posture. This will significantly reduce the success of Account based attacks. Microsoft report this can block over 99.9% of account-based attacks.
What is MFA?
Multifactor authentication (MFA) adds a layer of protection to the sign-in process. When accessing accounts or apps, users provide additional identity verification, such as scanning a fingerprint or entering a code received by phone.
MFA is available on all M365 plans.
By configuring Conditional Access policies, your organisation can maintain control over how and where company data is accessed, making the business more secure.
Ridgewall can work with your organisation to define exact criteria for who can gain access and block those who don't meet the criteria. This can be based on factors like the type of device, application accessing the data and location.
Conditional Access enables Zero Trust security, helping provide this access while maintaining control over “where, when and who” is connecting to the Office 365 environment; it protects company assets while also enabling employees to be productive from anywhere securely.
Conditional Access is available on several plans including Microsoft 365 Business Premium (M365 BP), if else it gained through an add-on license such as Azure P1 or P2.
Microsoft Defender for Endpoint is an enterprise endpoint security platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats.
Microsoft 365 Defender, Defender for Endpoint, and various Microsoft security solutions, form a unified pre- and post-breach enterprise defence suite that natively integrates across endpoint, identity, email, and applications to detect, prevent, investigate, and automatically respond to sophisticated attacks.
Defender is included in Microsoft 365 BP, E5 and available as a standalone license.
Microsoft Intune & Autopilot
Microsoft Intune is a cloud-based management solution for devices, mobiles and server infrastructure. It aims to provide unified endpoint management of both corporately owned devices (COD), and BYOD (bring your own devices).
Intune integrates with Azure Active Directory (Azure AD) to control who has access, and what they can access. Intune is designed to integrate with the Microsoft 365 suite of products. For example, you can deploy Microsoft Teams, OneNote, and other Microsoft 365 applications to devices through Intune.
This feature enables staff across the organization to be productive on all their devices, while keeping the organization’s information protected with policies you define. Furthermore, you can manage and schedule your on-going patching and updates from the Intune management pane.
The Autopilot feature will allow your organisation to ‘pre-configure’ devices by preparing them for production, ensure your base ‘secure’ templates are deployed without the legacy methods of working involving a time-consuming, manual processes - which is typically paid for.
With Autopilot you will procure a laptop, set up the relevant account, and send the device direct to the proposed employee with zero touch deployment from IT. Autopilot simplifies and streamlines the Device and windows lifecycle from the initial procurement and deployment to the recycling of equipment.
Intune and Autopilot are available in M365 BP and E3 + Plans. Alternatively EMS bundles.
Azure Information Protection
Azure Information Protection (AIP) is designed to allow users to control and help secure email, documents and sensitive data that you share outside your organisation. From easy classification to embedded labels and permissions.
Azure Information Protection is available within Microsoft 365 Business Premium and available within individual license add-ons such as P1.
Classify data based on sensitivity. Configure policies to classify, label and protect data based on its sensitivity. Such as restricted, internal, client confidential and public.
Protect your data at all times. Add classification and protection information for persistent protection that follows your data – regardless of where it’s stored or who it’s shared with.
Add visibility and control. Track activities on shared data and revoke access if necessary. can be used as a powerful logging and reporting tool to monitor and analyse data
Collaborate more securely with others. Share data safely with colleagues as well as your customers and partners. Define who can access the data and what they can do with it – such as allowing certain users to view and edit but not print or forward.
BitLocker Drive Encryption is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned computers.
Enabling BitLocker adds another layer of security for your organisations devices.
BitLocker is available on Windows Pro, Enterprise and Education devices.