When a company begins the process of migrating their data to Microsoft Office 365 or Azure, their first thoughts revolve around planning, designing and 
implementing the migration. Once the migration is complete, companies are left with many different types of devices, both personal and corporate, which can access services from virtually anywhere.
Questions To Ask Before Rolling Out Office 365
At this point, more often than not, companies forget to ask themselves some critical questions, such as “What types of devices should be allowed to access Office 365?”, “What industry regulations should apply to our data in Office 365?”, “What policies should be deployed onto end user devices?”, or “Should there be any restrictions from accessing content on and off VPN?”, etc. These are questions that should be asked during the initial phase of the Office 365 rollout, not after the project has gone live.
Because these questions are often an afterthought, it puts organizations at risk for potential data leakage which compromises their sensitive and confidential information. Due to the diversity of devices that are being used by a global workforce to access Office 365, in addition to the cyber threats that are on the rise, it is critical for companies to incorporate a management and security suite such as Microsoft Enterprise Mobility + Security (EMS) proactively as part of their Office 365 project.
To ensure a successful and secure Office 365 deployment to one’s organization, EMS should be piloted along with its data/content migration. A company’s legal and security teams should also be involved in the very early stages of the project in order to gather requirements around the data.
It is also worth noting that EMS suite includes five different products which are the following:
- Azure Active Directory Premium P1 or P2
- Provides Conditional Access to your environment, Multi-Factor Authentication capabilities, advanced risk monitoring to your environment
- Intune
- Lets you enroll corporate and/or personal device sand deploy policies to your end user devices
- Azure Information Protection P1 or P2
- Helps classify your data with labels that are used for automatically protecting it no matter who is accessing it and where it is being accessed from
- Advanced Threat Analytics (ATA)
- Increases security and suspicious behavior happening in your on-premises environment
- Cloud App Security
- Gives you visibility and control with what apps are being deployed and accessed in your corporate cloud environment(s).
While your requirements will be specific to your business and your EMS implementation may leverage one or multiple of its products, we first recommend deploying the Intune product. Intune gives you a single pane of glass where you can see which users and which devices are accessing your Office 365 services and allows you to configure specific policies to meet your security needs.
Migrating – Securely From the Start
To help you get started with your EMS planning, here is an example of a plan that you can go through concurrently with your data and content migration project:
Phase 1: Roll out Intune with a 3-step approach
- Allow and Control access to corporate data from corporate and personal devices
- Mobile Device Management (MDM): Apply policies to end user devices (device encryption for example).
- Mobile Application Management (MAM): Lastly, use Intune to deploy apps to your devices and set application policies – For example, require a PIN for using an app.
Phase 2: Roll out ATA and Cloud App Security
- In most cases, you still have an on-premises infrastructure footprint with Active Directory (AD) that is used along Azure AD Connect (or a third-party solution) to synchronize identities to the cloud.
- In addition to giving you tools to secure your cloud environment, EMS offers on-premises solutions to further secure your on-premises network using Microsoft Advanced Threat Analytics. This platform sits on your network to detect suspicious activities (anomalous logins, etc.) as well as known attacks such as “Pass the Hash” or “Pass the Ticket.” As businesses may not have efficient ways to currently monitor these, ATA can be part of your investment towards preventing cyberattacks in your organization.
- Also, Cloud App Security will ensure you finally have visibility into “Shadow IT”. By uploading your firewall logs to this product, Cloud App Security will be able to parse and analyze what Apps are deployed to cloud environment(s) and rank your non-approved deployed apps by risk factors. It is worth noting that in addition to getting increased visibility and reporting to your Office 365 environment, Cloud App Security is also able to scan your Box, G-Suite, AWS, Dropbox, Okta, ServiceNow and Salesforce environments.
Interested in incorporating these security solutions in your organization? Contact us online to schedule a meeting or call us at 240.406.9960.
