SMB Tip: Secure Your Remote Workforce with Microsoft 365

Posted on September 8, 2020 by Paul Thurrott in Microsoft 365 with 4 Comments

Note: This would normally be a Premium post, but thanks to Microsoft, we are able to offer it to all readers without any roadblocks. –Paul

Six months ago this week, everything changed thanks to the rapid spread of COVID-19. At first, it seemed a bit like an unscheduled vacation, and we believed—foolishly, as we now know—that it was going to be a temporary, two-week setback. No such luck: Instead, we were eventually told that we’d be working and learning from home for weeks more, and then months, and then indefinitely. And that things would never go back to normal.

This sudden change was described by Microsoft CEO Satya Nadella as “two years’ worth of digital transformation in two months,” and it didn’t come without a lot of frenzied work. Companies struggled to transition their workforces for remote work. And individuals, unused to working from home for long durations, had to make transitions of their own by putting aside dedicated space in their home for work and, in many cases, buying computers, webcams, office furniture, and other items that they would need.

For those of us working in small companies, of course, things are even more difficult. We don’t have deep-pocketed corporate parents handing out ThinkPads, docking stations, and Herman Miller chairs to our employees. What we have instead are small teams of people, now working exclusively remotely, that still need to get work done, collaborate with others, and try to be as efficient as possible so that they’re not always working and making this pandemic even less bearable.

And in the frantic early days of undergoing that digital transformation that Mr. Nadella spoke of, we made mistakes. For example, we didn’t secure our infrastructure. And, yes, even the smallest businesses have an infrastructure of private company documents, emails, and other data, and a loosely managed if not completely loose collection of devices from which employees access that data. It’s time to set that right, time to shore up our defenses, and retroactively assume a more secure posture now that everyone has settled into the new normal.

And on that note, there are two key interfaces that anyone with Microsoft 365 admin privileges should examine.

The first is the Microsoft 365 Feature Explorer, which can be reached via the Setup link in the navigation pane in the Admin Center. In the topmost section, called Sign-in and security, you will find several security-related options, but the most crucial, perhaps, is the Security Defaults area. Here, you can enable security defaults from ‎Azure Active Directory‎ (‎Azure AD‎) for preconfigured security settings that help prevent identity-related attacks than occur during sign-in, including enforcing multi-factor authentication via the Microsoft Authenticator mobile app.

The second is a very useful tool called Secure Score by which Microsoft evaluates the security configuration of your organization and provides an overall score. Which, frankly, most will find lacking. But Secure Score also provides lists of prioritized configuration changes you can make to improve your score and, more important, improve your organization’s security.

Spend some time evaluating these interfaces and implementing Microsoft’s recommendations in both. And next week, I’ll be back with another tip that can help you retroactively improve your Microsoft 365 experience for the new normal of remote work.

You’re not yet using a commercial version of Microsoft 365? Then please try a free month of Microsoft 365 Business Standard, which includes access to the Microsoft 365 desktop, mobile, and web apps, and 1 TB of cloud storage, and can be accessed by up to 25 users. And I’ll be writing a lot more about Microsoft 365 this month to help you get started.

Join the discussion!


Don't have a login but want to join the conversation? Become a Thurrott Premium or Basic User to participate

Comments (4)

4 responses to “SMB Tip: Secure Your Remote Workforce with Microsoft 365”

  1. Chrisconnolly

    One of the added benefits is the tie to Azure. With M365 you get an Azure P1 license. Most O365 folks never look at the Azure portal but it now more and more the place to go. Go check the sign in activity for your users. The amount of brute force attempts that you can see on their accounts from all over the world would make anyone want to improve their secure score. MS lays out all the basics, and not so basics so that any Admin would be silly not to start by just following their path to a more secure environment (the score helps). Once you start the path it will lead you to other well documented security practices like adding Azure password protection to local AD. Setup MFA and you notice all sorts of other conditional access policies you can, and should setup based on how your company works. Changing password policies to "never expire"...which was thought of as insane just a few years ago even. MS is definitely doing a lot to help companies protect their data as they move it to the cloud. You're buy a lot more than just email/onedrive storage.

  2. wright_is

    At first, it seemed a bit like an unscheduled vacation, and we believed—foolishly, as we now know—that it was going to be a temporary, two-week setback.

    This, I never understood. I am not an immunologist, but it was obvious from the get-go, based on the national news (Germany), that the problem was going to be there until at least mid-summer, when not for at least 18 months. At the beginning of March, it was certainly clear that the initial lock-down would be with us until at least June and a "real solution" was over a year away.

    I was always amazed at how the US and UK government and press were giving information contradictory to nearly every other country and ignoring the WHO advice...

    We quickly discovered that getting laptops was a non-starter. We managed to get 4 Dell Vostros with a 3 week delivery, everything else was 8 to 16 weeks. We reacted quickly and we managed to refurbish some old laptops that were waiting for disposal (good enough for VPN and RDP) and some people took their desktop PCs and monitors home with them.

    But we are also a chemical company, so a majority of workers had to stay on-site to work, so strict hygiene rules were quickly implemented. One advantage was, that we could divert part of our production to produce disinfectants.

    Luckily, we already had strict policies in place - VPN only for users with company laptops (relaxed to cover those that took company PCs home) and no storing of company data on private equipment and no private data on company equipment.

    • Paul Thurrott

      Yeah, but you live in a responsible country. We were told two weeks. Not being a complete sheep, I was thinking we'd be over this by the end of May. Not even close.
  3. ronh

    Hey Paul..

    "Note: This would normally be a Premium post, but thanks to Microsoft, we are able to offer it to all readers without any roadblocks. –Paul"

    Can you expand on this?