Although widespread remote working was originally intended as a temporary solution amid the ongoing pandemic and Government restrictions, a lot of businesses have now warmed to the idea as a serious long-term option, encouraged by improved productivity levels and reduced overheads.

According to an Enterprise Technology Research global survey, this trend of working from home looks set to continue throughout 2021, with double the number of office workers expected to change their working environment this year.

To facilitate widespread remote working, organisations have implemented cloud productivity solutions, like Microsoft Teams, so that employees can communicate and collaborate, despite being in different locations. Microsoft recently reported an astonishing 115 million daily active Teams users, which demonstrates a dramatic shift in attitudes towards home working.

In the first part of our blog series, we discussed the importance of Microsoft’s Power Platform in evolving existing business processes, so they can be more effective in the current climate. In this instalment, we are looking at the popularity of these cloud productivity tools, and how businesses can ensure the security and compliance of their users, data and devices.

  1. Process evolution throughout automation using the Power Platform
  2. Securing cloud identities and devices
  3. Data security with sensitivity labels and compliance
  4. Document and forms processing with Project Cortex

Multi-factor authentication

In a world where data protection and cyber security is paramount, organisations must do all they can to ensure remote workers have the necessary protection, so they can operate securely at home, without the risk of a serious breach occurring.

Multi-factor authentication (MFA) is one security option worth exploring, combining what you know with what you have, to offer better protection than a simple username and password. Although users can be notified via phone call or text, the Microsoft Authenticator app is the best and most secure option.

With hacking methods becoming more advanced over the years, it is now possible for would-be criminals to crack complex passwords within hours. Sophisticated computers are now capable of testing thousands of combinations and spotting patterns in passwords over time, which makes the ‘old school’ username/password protection somewhat outdated.

To combat this, businesses should try password-less access for Office 365 by using their smart phone to match a number on screen, before authenticating with a fingerprint. For more information on password-less protection, read our article and find out how to access it for your business.

Conditional access

Although MFA is highly recommended as an effective way to protect users and devices, it may not always be necessary in certain situations. An alternative, and potentially more suitable solution, would be to introduce a Conditional Access policy via Azure Active Directory.

At their simplest, these policies are essentially if-then statements. For example, if a payroll manager wants to access the payroll application then they are required to enter multi-factor authentication gain access. Primarily used to improve user productivity and protect the organisation’s assets, Conditional Access policies keep businesses secure, whilst staying out the way when not needed.

There are two key elements to these policies; assignments and access controls. An assignment can include users, groups, applications or user actions that you want to target with your Conditional Access policy. Other conditions, like device, platform, location, client apps and device state can also be added to the assignment criteria.

Meanwhile, the access control element of the policy allows organisations to block or grant access to the select assignment, providing they meet the conditions. For example, as seen in the image, access will only be given if the user signs in to an approved client application with multi-factor authentication.

These policies are not only designed to protect internal users, but they can also be used to protect external workers where you do not have any control over their password complexity. In these scenarios, MFA can be used to ensure all guest users are connected securely.

Remember, it’s always best practice to test your policies before enforcing them, as this will ensure users are not accidentally locked out of their account. Businesses should also create a second ‘break glass’ account that can be used to resolve any potential issues that arise.

Securing applications

Another highly recommended security feature for businesses to consider is Microsoft Endpoint Manager, which helps keep your data secure within the modern workplace. It includes services and tools that are regularly used to manage and monitor mobile devices, desktop computers and virtual machines.

Combining popular services like Microsoft Intune, Configuration Manager, Desktop Analytics and Windows Autopilot, the Endpoint Manager solution allows businesses to secure access, protect data and respond/manage risk.

Intune is an entirely cloud-based mobile device management (MDM) and mobile application management (MAM) provider for your apps and devices that allows you to control features and settings on Android, iOS and Windows 10.

Meanwhile, Configuration Manager is an on-premises management solution used to manage desktops, servers and laptops that are on your network or internet-based. This service can be used to deploy apps, software updates and operating systems, whilst monitoring compliance in real-time.

There is also an option for businesses to apply app protection policies to apps running on devices that may or may not be managed by Intune. These policies can be tailored to meet the specific needs of the business, ensuring some apps are password or pin protected or data leakage prevention is implemented to keep info secure.

These protection policies can be created via the Intune portal, by selecting apps then app protection policies. From here, you can create and edit policies, adding the necessary requirements before clicking launch.

Are you operating securely?

With entire workforces expected to work remotely for the foreseeable future, it’s now up to businesses to ensure operations continue as normal, with minimal risk to users, devices and sensitive data.

Of course, it may be more challenging to ensure compliance with employees in different locations, however, with the tools and services outlined in this blog, businesses can implement the necessary security measures to keep operations running smoothly.

If your business hasn’t yet explored any of the solutions covered, then it’s important to contact an experienced team of technical specialists so you can begin securing devices and information during a period of remote working.

In our next blog instalment, we will once again look at data security, but from the perspective of sensitivity labels and how using these can ensure compliance for businesses.