- The simple trick your business can use now for enabling stronger cyber-security in Windows 10
Table of Contents
All businesses struggle with cyber-security. As more small-to-midsized businesses (SMBs) choose cloud-based software solutions, new cyber-security problems are created. Hackers and other cybercriminals have no rules when it comes to stealing business information, yet a business must develop unified and consistent cyber-security strategies to protect their cloud-based data. Applying universal cyber-security policies to all employee devices connected with your business is a foundational security practice—and one that became even more important during the global pandemic that forced employees to work remotely rather than in the office. But unless SMBs have dedicated IT staff managing and monitoring every employee’s device for cyber-security threats, data breaches are not a matter of “if” but “when.”
While that may seem like a pessimistic worldview, there is a reason for SMBs to be optimistic when it comes to protecting employee devices with a strong baseline of cyber-security. For those SMBs with Microsoft 365, the “Business Premium” plans have recently been upgraded to enable a hassle-free way to ensure all employee devices running Windows 10 have consistent cyber-security settings applied on a global scale.
Why Microsoft 365 Business Premium makes all the difference
In early 2020, Microsoft renamed their cloud-powered business productivity suite, Office 365, to “Microsoft 365 for Business.” Renaming Office 365 to Microsoft 365 was a bit confusing because there was already a “Microsoft 365 Business” product that combined cloud-based Microsoft Office apps with the Microsoft Windows 10 Pro operating system and additional enterprise-grade cyber-security functionality into a single subscription plan. That’s why Microsoft now separates the Microsoft 365 for Business plans into three versions:
Microsoft 365 Business Basic – Formerly known as “Office 365 Business Essentials,” this plan includes all the Microsoft apps such as Microsoft Excel, Word, and PowerPoint that have been the gold standard for business productivity for almost thirty years and are delivered 100% from the cloud on PC and Mac (apps can be downloaded on Apple iOS and Google Android mobile devices for offline work). In addition, Microsoft 365 Business Basic includes Microsoft Outlook and cloud-based Exchange services for business-class email and calendaring along with the new Microsoft Teams online collaboration app. This plan was created to compete directly against the low-cost Google G Suite service that also is 100% cloud based.
Microsoft 365 Business Standard – Formerly known as “Office 365 Business Premium,” this plan includes all of the Business Basic features but adds desktop versions of Excel, Word, PowerPoint, Outlook, and Teams apps along with Microsoft Publisher and Microsoft Access exclusive to Windows PCs. These desktop apps allow users the ability to work offline from any device, not just the small screens of an iOS or Android mobile device. Both the Microsoft 365 Business Basic and Business Standard plans have some built-in cyber-security protections for documents and emails. For example, Microsoft 365 Business Basic/Standard users can securely share documents and send emails so only those with the right permissions can access the information, all emails are automatically checked in the cloud against known threats such as spam and malware using Microsoft Exchange Online Protection, and the Microsoft Cloud infrastructure is built to meet key international, regional, and industry-specific standards and terms, with more than 1,000 security and privacy controls.
Microsoft 365 Business Premium – This is the plan that includes all of the Business Standard features, but also provides free licenses to install the latest version of the Microsoft Windows 10 Pro operating system for up to 300 users along with advanced cyber-security and device management features. What makes this plan so valuable for SMBs is the fact that all these features can be accessed from a single unified administration panel called the Microsoft Admin Center. The simple and unified Microsoft 365 Admin Center in Microsoft 365 Business Premium acts as a force multiplier for SMBs that often do not have the budget to employ separate and dedicated IT staff for both cyber-security and desktop support.
What are the baseline cyber-security settings for Windows 10?
Microsoft spends over $1 billion every year on cyber-security. Part of that investment includes research on how hackers try to exploit weaknesses in cyber-security defenses. Using the proven successful policies developed by a group of IT partners that serve SMBs along with Big Data telemetry gathered directly from millions of devices running Microsoft software, the cyber-security professionals at Microsoft developed five recommended settings for all Windows 10 business PCs:
- Turn on the Windows Defender Antivirus service
- Enable protections against malicious sites and infected Office files (e.g. an Excel file attached to an Outlook email or Microsoft Teams chat that hides malware)
- Block hyperlinks to dangerous domains that may host phishing scams, exploits, and other malicious content on the internet
- Encrypt files and folders with business data using Microsoft BitLocker
- Turn off the PC screen whenever users are idle
How to enable a corporate cyber-security baseline in Microsoft 365 Business Premium
Anyone at an organization with administrator rights for the Microsoft 365 Business Premium plan can use the Microsoft 365 Admin Center to establish a security baseline for all Windows 10 Pro PCs in just a few clicks. Amaxra uses Microsoft 365 Business Premium for our consultants, who have in turn helped our clients to configure these settings for their employees.
If you are a Microsoft 365 Business Premium administrator that has enabled Azure Active Directory domain joining for users and have enrolled all Windows 10 Pro devices in Microsoft Intune, you start by first clicking the Setup option in the Microsoft 365 Admin Center then click the button under the Secure your Windows 10 computers option:
On the next page, click the Get Started button in the upper-left:
A pop-out menu will appear on the right showing the five recommended cyber-security policies for all Windows 10 computers with checkboxes next to each policy. While you could choose to remove the checkmarks from these policies, we recommend applying all five to achieve a better cyber-security baseline for all your Windows 10 devices. Click the blue Apply Now button and Microsoft Intune will automatically configure these cyber-security policies to every Windows 10 Pro PC enrolled in your AD. Best of all, this process applies to remote workers that are not at office locations.
Amaxra cyber-security experts are here to help
Keeping your employees’ devices and corporate data secure is a full-time job. The sudden shift to remote working during the 2020 pandemic accelerated criminal hacker activity and maintaining a cyber-security baseline requires vigilance. If your business has Microsoft 365 Business Standard or Basic but wants to learn more about the cyber-security advantages of a Business Premium plan, then contact us. As a Gold Partner with Microsoft, Amaxra leverages our years of expertise to deploy a Microsoft 365 Business solution that matches your budget and specific business needs.