Securing Remote Work using Microsoft 365

Recently our community joined MessageOps for live webinars to discover the possibilities with securing remote workers in Microsoft 365. We demonstrated best practices to help safeguard your employees, data, and customer information with enterprise-grade security you can trust. Knowing how important your security is, MessageOps has provided the checklists and recordings below.

Remote Worker Security Checklist:

Here is the checklist for securing remote work using Microsoft 365. This is based on the recommendations by Microsoft 365 Engineers and Services teams. These recommendations are intended to provide a starting point for a serious discussion around the security and compliance options available, rather than prescriptive guidance. One of the first and most important things that IT leaders and business leaders can do is talk through the possibilities.

Setup Tenant:

Decide between hybrid & cloud-only identity

Azure AD Connect – sign-in method

Azure AD Connect – single sign-on

Azure AD Connect – On-premises attribute for Azure AD username

Azure AD Connect – Password writeback

Decide on email migration strategy

Configure DNS domains

Configure Identity Protection:

Plan for administrative access

Configure dedicated admin accounts

Multi-factor authentication (MFA) for admins

Multi-factor authentication (MFA) for users

Self-service password reset (SSPR)

Combined security information registration

Configure Email Protection:

Enable Common Attachment Types filter

Enable transport rule for attachments with Office macro extension

Enable transport rule to block auto-forwarded email

Enable Sender Policy Framework (SPF) to help prevent spoofing

Enable DomainKeys Identified Mail (DKIM) to help prevent spoofing

Enable DMARC policy to validate email

Enable Office 365 ATP Policies

Configure Information Governance:

Set up Data Loss Prevention (DLP)

Enable email encryption

Enable retention policies

Enable sensitivity labels

Configure Teams Security:

Teams governance (to allow users to create Teams on their own)

Guest access (to allow external users to fully participate in teams & channels)

External chat (to allow external users to initiate chat)

3rd party cloud storage

Meeting policy and settings

Messaging policy

OneDrive for Business sharing

Migrate files to Teams & OneDrive for Business (to enable recovery)

Manage Devices:

Onboard existing Active Directory joined PCs

Provision new/refreshed company PCs

Configure app protection policies for company owned PCs

Block/Allow access from employee owned mobile devices

Block/Allow access from employee owned PCs

Enable device configuration profiles

Enable device compliance policies

Secure Remote Access:

Access to on-premises data & apps (existing VPN)

Access to 3rd party cloud apps

Access to on-prem webapps

Access to desktop apps

Series #1 – Checklist for Securing Remote Workers: How to Enable Identity and Email Protection & Governance

Series #2 – Checklist for Securing Remote Workers: Teams, Device, & Remote Access Security

Our Services

MessageOps can deliver these services to assist you:

• Office 365 Security Assessment
• Setup/ configure Cloud Management Gateway and/or cloud distribution points
• Develop a plan to assist in managing devices that are off the company network
• Discuss Intune licensing is included within SCCM licensing
• Establish co-management with Intune
• Complete Desktop Analytics to demonstrate the advantages it provides in a Win 10 migration
• Create or enhance OSDs for Win 10 imaging or feature upgrades
• Create or enhance software updates, ADRs, peer caching or Windows updates for business
• Create or enhance Servicing Rings for Win 10 feature updates

Contact us today at 877-788-1617 or email [email protected] for more information.