Microsoft 365 Business Premium Subscribers Get Easier Windows 10 Security Setup
Microsoft this week announced a more simplified way to add security baseline settings for Windows 10 PCs used by Microsoft 365 Business Premium subscribers.
The more simplified setup approach for those subscribers is also called "Microsoft 365 Business Premium." That name choice is a little confusing since the capability is about setting up Windows 10 device security policies. It's not about Microsoft 365 application settings.
Also, in case it was forgotten or missed, the Microsoft 365 Business Premium subscription was formerly known as "Microsoft 365 Business." Microsoft renamed it back in April. Microsoft 365 Business Premium is designed for small and medium-size companies with "under 300 users," according to this Microsoft product description.
The Microsoft 365 Business Premium device-setup approach gets activated by carrying out a series of configuration steps. Microsoft described the steps to take for domain-joined Windows 10 devices in this document.
When those steps are completed, the following Microsoft Intune device management technologies get turned on for Microsoft 365 Business Premium tenants:
- Windows Defender Antivirus
- Protections against malicious sites and downloads
- Protections against "dangerous domains that may host phishing scams, exploits, and other malicious content on the internet"
- BitLocker security protections for files and folders
- PC screen shutdown controls when users are idle
Microsoft chose those setup policies based on its information, plus customer feedback.
"They [the policies] were selected based on input from IT partners who serve small and medium sized businesses, telemetry on the most commonly applied Intune policies, and feedback from customers," the announcement explained.
Organizations wanting to use those policies apparently must also accept using specific Microsoft technologies. In particular, the use of Microsoft Intune for device management seems to be a requirement, although Microsoft Endpoint Manager can be used instead. For instance, Microsoft's announcement stated that "larger enterprises and advanced users can go to the Endpoint Manager admin center instead."
Also, it's necessary to use Azure Active Directory synchronization for at least some Windows 10 devices. In addition, the policy settings will only work when a tenant is using Windows Defender Antivirus. Lastly, PCs need to use "Windows 10 Pro, version 1703 or later."
The Microsoft 365 Business Premium device-management approach is just now starting to become available within the Microsoft 365 Admin Center portal. It'll reach all subscribers "within the next few months."
Kurt Mackie is senior news producer for 1105 Media's Converge360 group.