Peace of mind
How we implemented Microsoft Enterprise Mobility
+ Security to improve our own security
We are experts in software, cloud and technical services. With an established heritage of working closely with software developers, we provide objective advice, proactive support and best-in-class solutions. Our speciality is demystifying complex licensing scenarios and making recommendations from a network of over 400 vendors.
With a workforce that was becoming more mobile – customer deployments, on-site training, client visits or simply working from home – we needed enhanced mobile-focused security measures to better protect our corporate data and our users’ identities.
We set up a project to implement and deploy Microsoft Enterprise Mobility and Security, which added an extra layer of security to our existing deployment of Office 365 and its peripherals.
What did we implement?
• Multi-factor Authentication (MFA) for all users (Microsoft Intune)
• Conditional Access Policies (Microsoft Intune)
• Mobile Device Management (Microsoft Intune)
• Mobile Application Management (Microsoft Intune)
• Safe Attachment Policy (M365 Security + Compliance)
• Safe Links (M365 Security + Compliance)
• DomainKeys Identified Mail (DKIM)
• Data Loss Prevention (DLP) Policy
As Office 365 leverages Azure Active Directory (AAD) for user identity management, it was the obvious choice to pair it with Microsoft Intune. Together, they can restrict data privileges and monitor network access using conditional access policies, adding another layer of security for users signing into the Office 365 service. While also providing additional control for our IT admins.
With BYOD devices, the company portal app was installed to allow access to corporate apps and data.
All corporate apps now require MFA when logging in and users can’t take screenshots of corporate data on their phones. Likewise, they can’t copy and paste data from corporate apps to non-corporate apps. An additional layer of security is enabling IT admins to wipe all corporate data from users’ personal devices remotely.
M365 Security and Compliance has had a positive impact on the security of emails and preventing user error. Safe Attachment and Safe Links more rigorously scan emails for malicious links and attachments, identifying them before they reach the user. DKIM signatures have been added to our custom domains in Office 365 so recipients know our email messages actually came from legitimate users within our organisation.
Our services team made sure that all users were aware of the changes. They also supported those that wished to continue to access corporate data from their personal devices in getting set up.
We now have greater control over our users’ accounts which is of high importance due to the greater levels of mobility of our workforce – working from home and travelling to customers when able. There is also less risk associated with user error due to M365 Security and Compliance imposing background checks before data even reaches the user.
“Implementing the additional layer of security offered by Microsoft Enterprise Security + Mobility has really given us much greater peace of mind. Our teams are more confident when accessing corporate data remotely and feel safer in their email inboxes.”
Matthew Whitton, MD, Grey Matter