Note: This would normally be a Premium post, but thanks to Microsoft, we are able to offer it to all readers without any roadblocks. –Paul
Six months ago this week, everything changed thanks to the rapid spread of COVID-19. At first, it seemed a bit like an unscheduled vacation, and we believed—foolishly, as we now know—that it was going to be a temporary, two-week setback. No such luck: Instead, we were eventually told that we’d be working and learning from home for weeks more, and then months, and then indefinitely. And that things would never go back to normal.
This sudden change was described by Microsoft CEO Satya Nadella as “two years’ worth of digital transformation in two months,” and it didn’t come without a lot of frenzied work. Companies struggled to transition their workforces for remote work. And individuals, unused to working from home for long durations, had to make transitions of their own by putting aside dedicated space in their home for work and, in many cases, buying computers, webcams, office furniture, and other items that they would need.
For those of us working in small companies, of course, things are even more difficult. We don’t have deep-pocketed corporate parents handing out ThinkPads, docking stations, and Herman Miller chairs to our employees. What we have instead are small teams of people, now working exclusively remotely, that still need to get work done, collaborate with others, and try to be as efficient as possible so that they’re not always working and making this pandemic even less bearable.
And in the frantic early days of undergoing that digital transformation that Mr. Nadella spoke of, we made mistakes. For example, we didn’t secure our infrastructure. And, yes, even the smallest businesses have an infrastructure of private company documents, emails, and other data, and a loosely managed if not completely loose collection of devices from which employees access that data. It’s time to set that right, time to shore up our defenses, and retroactively assume a more secure posture now that everyone has settled into the new normal.
And on that note, there are two key interfaces that anyone with Microsoft 365 admin privileges should examine.
The first is the Microsoft 365 Feature Explorer, which can be reached via the Setup link in the navigation pane in the Admin Center. In the topmost section, called Sign-in and security, you will find several security-related options, but the most crucial, perhaps, is the Security Defaults area. Here, you can enable security defaults from Azure Active Directory (Azure AD) for preconfigured security settings that help prevent identity-related attacks than occur during sign-in, including enforcing multi-factor authentication via the Microsoft Authenticator mobile app.
The second is a very useful tool called Secure Score by which Microsoft evaluates the security configuration of your organization and provides an overall score. Which, frankly, most will find lacking. But Secure Score also provides lists of prioritized configuration changes you can make to improve your score and, more important, improve your organization’s security.
Spend some time evaluating these interfaces and implementing Microsoft’s recommendations in both. And next week, I’ll be back with another tip that can help you retroactively improve your Microsoft 365 experience for the new normal of remote work.
You’re not yet using a commercial version of Microsoft 365? Then please try a free month of Microsoft 365 Business Standard, which includes access to the Microsoft 365 desktop, mobile, and web apps, and 1 TB of cloud storage, and can be accessed by up to 25 users. And I’ll be writing a lot more about Microsoft 365 this month to help you get started.