Must have security features included in Microsoft 365 Business Premium plan

Why choose/upgrade to Microsoft 365 Business Premium plan

Blog by Lee Newsome, Senior Architect at Galtec

Lee is an experienced infrastructure architect, with over 25 years of IT industry experience. His in-depth technical and strategic experience makes him a valued asset to any Galtec customer looking to make changes to their infrastructure. His career has developed from the management of Windows 95 workstations on a token ring network, to highly available and scalable virtual environments and more recently spanning multi continent O365 migrations. As part of his role here at Galtec, Lee specialises in designing hybrid and cloud solutions for our customers.

Ensuring your data is protected from malicious 3rd parties’ access

Today’s approach to companies’ security operations must adapt to the new workplace reality. As new ransomware threats emerge and employees more often transition to a work-from-home environment, businesses are constantly looking for ways to build their cybersecurity safeguarding and data protection resilience. More and more organisations seek a security solution that can keep employees connected and productive regardless of their physical location, while simultaneously protecting their data and environment against cyber threats.

An effective, integrated security solution may seem unreachable for businesses with limited budget, but SMBs can now take advantage of the features included in Microsoft 365 Business Premium plan.

The Microsoft 365 Business range has multiple subscription levels, with Business Premium providing enterprise features for an accessible pricing band, allowing businesses to grow and scale at their convenience and within their budget.

A breakdown of Microsoft 365 Business Premium’s security features

Microsoft 365 Business Premium’s built-in security is structured around 3 different areas: threat protection, data protection, and device management. These core areas come together to form a cohesive and comprehensive cyber threat fortification that improves overall security posture and keeps sensitive data secure from online threats and malicious 3rd parties’ access. Here are some key elements of security tools available within Microsoft 365 Business Premium plan:

1. Make Access Conditional

67% of malicious attacks (Microsoft’s documentation) are generated from Legacy Authentication protocols. By blocking Legacy Authentication, you can completely remove the attack surface to protect your environment from malicious threats.

1. Roll out and configure MFA policies and creating branded user guides

2. Implement  granular Conditional Access policies and create user guides for office-based and remote workers

Office-based users can bypass MFA requirement, however users connecting externally require MFA.

3. Deploy dedicated Microsoft 365 administrator accounts and create Conditional Access policy to enforce MFA access at all times.

Estimated deployment time: 1 day

2. Email and file security breach prevention

Implement Microsoft 365 Defender for the below:

1. Exchange Online spam filter protection to root out spam, phishing, malware and spoofed email before it can impact your users and network

2. Defender for Office 365 Plan 1 which provides:

1. Safe attachments where Microsoft open suspicious files within a quarantined environment away from your network and blocks the email if a threat is detected

2. Web link re-write which scans all URLs and blocks your users from accessing known malicious websites

3. User impersonation protection, ensuring that no one apart from the nominated user can send email from their identity

To optimise costs regarding expensive 3rd party AV products, deploy Microsoft Defender for Endpoint. To protect devices against malicious threats, manage it via O365 Intune.

Estimated deployment time: 1 day for configuration and pilot. Days subject to scoping for AV rollout

3. Retention Policy Management

For most organisations, the volume and complexity of their data is increasing daily—email, documents, instant messages, and more. Effectively managing or governing this information is important because you need to:

· Comply proactively with industry regulations and internal policies that require you to retain content for a minimum period of time—for example, finance regulations demand content is preserved for seven years.

· Reduce your risk in the event of litigation or a security breach by permanently deleting old content that you're no longer required to keep.

· Help your organization to share knowledge effectively and be more agile by ensuring that your users work only with content that's current and relevant to them.

Implement retention policies for your organisation’s data to protect against malicious deletion activities and retain the critical legal data for the compliance timelines relevant to your business.

1. Preservation hold can be implemented to capture any data that is deleted from the tenant for the specified retain policy

2. Data can be automatically purged from the tenant when the retention policy expires

3. Administrators can recover any retained data in the event it is required

Estimated deployment time: 0.5 Days – 2 Days

4. Centrally manage company devices through policy

Microsoft Intune is a cloud-based service that focuses on mobile device management (MDM) and mobile application management (MAM). You can control how your organisation’s devices are used -  including mobile phones, tablets, and laptops.

1. Mobile Device Management

1. Standardise your device deployments to guarantee every device is secured with the same level of protection across the business for Windows, iOS and Android devices

2. Create policies that help keep your business data safe on corporate and personal devices

3. Use one single pane of glass to manage your device and app compliance

Estimated deployment time: 3-6 days for device pilot (variation depends on the breadth of policy required)

2. Mobile Application Management

1. Build out policies for containerised application areas on your user’s personal devices, allowing them to access company applications and data, but preventing contamination of personal and company data

2. Have full control over what devices can and cannot access company data, and trigger a wipe from the cloud for leavers to ensure company data is purged in the event they leave the business

3. Implement policies to prevent data being copied or screenshots being taken of company data and saved in the user’s personal area

4. Reduce the requirement to have to buy corporate mobile devices by building out a secure, user-friendly BYOD policy

5. Bring onboard applications outside of the Office 365 suite to deploy. Do you use a 3rd party cloud-based expenses application? No problem – add this in as an approved application and automatically push out to the user’s device

Estimated deployment time: 1 day for Android and 1 day for IOS devices

All of the above products and features are available within Microsoft 365 Business Premium plan. Please contact one of our experts to learn how you can protect your organisation from malicious attacks and to ensure your Microsoft 365 Business plan is professionally implemented, managed, and customised to meet all your organisation’s unique needs.