SMB Tip: Secure Your Remote Workforce with Microsoft 365

Paul Thurrott
Sep 08, 2020
6

Note: This would normally be a Premium post, but thanks to Microsoft, we are able to offer it to all readers without any roadblocks. –Paul

Six months ago this week, everything changed thanks to the rapid spread of COVID-19. At first, it seemed a bit like an unscheduled vacation, and we believed—foolishly, as we now know—that it was going to be a temporary, two-week setback. No such luck: Instead, we were eventually told that we’d be working and learning from home for weeks more, and then months, and then indefinitely. And that things would never go back to normal.

This sudden change was described by Microsoft CEO Satya Nadella as “two years’ worth of digital transformation in two months,” and it didn’t come without a lot of frenzied work. Companies struggled to transition their workforces for remote work. And individuals, unused to working from home for long durations, had to make transitions of their own by putting aside dedicated space in their home for work and, in many cases, buying computers, webcams, office furniture, and other items that they would need.

Windows Intelligence In Your Inbox

Sign up for our new free newsletter to get three time-saving tips each Friday — and get free copies of Paul Thurrott's Windows 11 and Windows 10 Field Guides (normally $9.99) as a special welcome gift!

"*" indicates required fields

For those of us working in small companies, of course, things are even more difficult. We don’t have deep-pocketed corporate parents handing out ThinkPads, docking stations, and Herman Miller chairs to our employees. What we have instead are small teams of people, now working exclusively remotely, that still need to get work done, collaborate with others, and try to be as efficient as possible so that they’re not always working and making this pandemic even less bearable.

And in the frantic early days of undergoing that digital transformation that Mr. Nadella spoke of, we made mistakes. For example, we didn’t secure our infrastructure. And, yes, even the smallest businesses have an infrastructure of private company documents, emails, and other data, and a loosely managed if not completely loose collection of devices from which employees access that data. It’s time to set that right, time to shore up our defenses, and retroactively assume a more secure posture now that everyone has settled into the new normal.

And on that note, there are two key interfaces that anyone with Microsoft 365 admin privileges should examine.

The first is the Microsoft 365 Feature Explorer, which can be reached via the Setup link in the navigation pane in the Admin Center. In the topmost section, called Sign-in and security, you will find several security-related options, but the most crucial, perhaps, is the Security Defaults area. Here, you can enable security defaults from ‎Azure Active Directory‎ (‎Azure AD‎) for preconfigured security settings that help prevent identity-related attacks than occur during sign-in, including enforcing multi-factor authentication via the Microsoft Authenticator mobile app.

The second is a very useful tool called Secure Score by which Microsoft evaluates the security configuration of your organization and provides an overall score. Which, frankly, most will find lacking. But Secure Score also provides lists of prioritized configuration changes you can make to improve your score and, more important, improve your organization’s security.

Spend some time evaluating these interfaces and implementing Microsoft’s recommendations in both. And next week, I’ll be back with another tip that can help you retroactively improve your Microsoft 365 experience for the new normal of remote work.

You’re not yet using a commercial version of Microsoft 365? Then please try a free month of Microsoft 365 Business Standard, which includes access to the Microsoft 365 desktop, mobile, and web apps, and 1 TB of cloud storage, and can be accessed by up to 25 users. And I’ll be writing a lot more about Microsoft 365 this month to help you get started.

Please check our Community Guidelines before commenting

Conversation 6 comments

Chrisconnolly
Premium Member
08 September, 2020 - 9:21 pm

One of the added benefits is the tie to Azure. With M365 you get an Azure P1 license. Most O365 folks never look at the Azure portal but it now more and more the place to go. Go check the sign in activity for your users. The amount of brute force attempts that you can see on their accounts from all over the world would make anyone want to improve their secure score. MS lays out all the basics, and not so basics so that any Admin would be silly not to start by just following their path to a more secure environment (the score helps). Once you start the path it will lead you to other well documented security practices like adding Azure password protection to local AD. Setup MFA and you notice all sorts of other conditional access policies you can, and should setup based on how your company works. Changing password policies to "never expire"…which was thought of as insane just a few years ago even. MS is definitely doing a lot to help companies protect their data as they move it to the cloud. You're buy a lot more than just email/onedrive storage.

Log in to Reply
wright_is
Premium Member
09 September, 2020 - 3:41 am

At first, it seemed a bit like an unscheduled vacation, and we believed—foolishly, as we now know—that it was going to be a temporary, two-week setback.This, I never understood. I am not an immunologist, but it was obvious from the get-go, based on the national news (Germany), that the problem was going to be there until at least mid-summer, when not for at least 18 months. At the beginning of March, it was certainly clear that the initial lock-down would be with us until at least June and a "real solution" was over a year away.I was always amazed at how the US and UK government and press were giving information contradictory to nearly every other country and ignoring the WHO advice…We quickly discovered that getting laptops was a non-starter. We managed to get 4 Dell Vostros with a 3 week delivery, everything else was 8 to 16 weeks. We reacted quickly and we managed to refurbish some old laptops that were waiting for disposal (good enough for VPN and RDP) and some people took their desktop PCs and monitors home with them.But we are also a chemical company, so a majority of workers had to stay on-site to work, so strict hygiene rules were quickly implemented. One advantage was, that we could divert part of our production to produce disinfectants.Luckily, we already had strict policies in place – VPN only for users with company laptops (relaxed to cover those that took company PCs home) and no storing of company data on private equipment and no private data on company equipment.

Log in to Reply

Paul Thurrott
Premium Member
09 September, 2020 - 8:27 am

Yeah, but you live in a responsible country. We were told two weeks. Not being a complete sheep, I was thinking we’d be over this by the end of May. Not even close.

Log in to Reply

ronh
Premium Member
11 September, 2020 - 10:33 am

Hey Paul.."Note: This would normally be a Premium post, but thanks to Microsoft, we are able to offer it to all readers without any roadblocks. –Paul" Can you expand on this?

Log in to Reply

evox81
Premium Member
11 September, 2020 - 11:32 am

<blockquote><a href="#572929">In reply to RonH:</a></blockquote>Sponsored post, I imagine.

Log in to Reply
Paul Thurrott
Premium Member
12 September, 2020 - 12:03 pm

Yeah what do you want to know?

Log in to Reply

About author

Paul Thurrott

Paul Thurrott is an award-winning technology journalist and blogger with over 25 years of industry experience and the author of 30 books. He is the owner of Thurrott.com and the host of three tech podcasts: Windows Weekly with Leo Laporte and Richard Campbell, Hands-On Windows, and First Ring Daily with Brad Sams. He was formerly the senior technology analyst at Windows IT Pro and the creator of the SuperSite for Windows from 1999 to 2014 and the Major Domo of Thurrott.com while at BWW Media Group from 2015 to 2023. You can reach Paul via email, Twitter or Mastodon.

View Articles

Currently on Forums
Visit the forums
- Ask Paul for this Friday, April 19
  Posted by Paul Thurrott
  
  8
  comments
- Questions for 4 / 19?
  Posted by Brad Sams
  
  3
  comments
- What does Microsoft know that we don’t?
  Posted by Sarah Duguay
  
  3
  comments
- OneDrive decided to break itself
  Posted by jimchamplin
  
  8
  comments
Podcasts
Podcast Hub
- First Ring Daily 1585: Extensioned
  
  Aired on April 18, 2024 by Brad Sams with 0 Comments
- Windows Weekly 877: The Tiger in the Grass
  
  Aired on April 18, 2024 by Paul Thurrott with 1 Comment
- First Ring Daily 1584: Did Copilot Do That?
  
  Aired on April 17, 2024 by Brad Sams with 1 Comment
- First Ring Daily 1583: The Plumbing
  
  Aired on April 16, 2024 by Brad Sams with 1 Comment
Join the crowd where the love of tech is real - become a Thurrott Premium Member today!

Explore Premium Benefits

SMB Tip: Secure Your Remote Workforce with Microsoft 365

Windows Intelligence In Your Inbox

Share post

Conversation 6 comments

Ask Paul for this Friday, April 19

Questions for 4 / 19?

What does Microsoft know that we don’t?

OneDrive decided to break itself

First Ring Daily 1585: Extensioned

Windows Weekly 877: The Tiger in the Grass

First Ring Daily 1584: Did Copilot Do That?

First Ring Daily 1583: The Plumbing

Windows Intelligence In Your Inbox

Sections

About Thurrott

Contact

Our Other Sites

Subscribe