Microsoft 365 Business Premium Subscribers Get Easier Windows 10 Security Setup -- Redmondmag.com

Microsoft 365 Business Premium Subscribers Get Easier Windows 10 Security Setup

By Kurt Mackie
08/28/2020

Microsoft this week announced a more simplified way to add security baseline settings for Windows 10 PCs used by Microsoft 365 Business Premium subscribers.

The more simplified setup approach for those subscribers is also called "Microsoft 365 Business Premium." That name choice is a little confusing since the capability is about setting up Windows 10 device security policies. It's not about Microsoft 365 application settings.

Also, in case it was forgotten or missed, the Microsoft 365 Business Premium subscription was formerly known as "Microsoft 365 Business." Microsoft renamed it back in April. Microsoft 365 Business Premium is designed for small and medium-size companies with "under 300 users," according to this Microsoft product description.

The Microsoft 365 Business Premium device-setup approach gets activated by carrying out a series of configuration steps. Microsoft described the steps to take for domain-joined Windows 10 devices in this document.

When those steps are completed, the following Microsoft Intune device management technologies get turned on for Microsoft 365 Business Premium tenants:

Windows Defender Antivirus
Protections against malicious sites and downloads
Protections against "dangerous domains that may host phishing scams, exploits, and other malicious content on the internet"
BitLocker security protections for files and folders
PC screen shutdown controls when users are idle

Microsoft chose those setup policies based on its information, plus customer feedback.

"They [the policies] were selected based on input from IT partners who serve small and medium sized businesses, telemetry on the most commonly applied Intune policies, and feedback from customers," the announcement explained.

Organizations wanting to use those policies apparently must also accept using specific Microsoft technologies. In particular, the use of Microsoft Intune for device management seems to be a requirement, although Microsoft Endpoint Manager can be used instead. For instance, Microsoft's announcement stated that "larger enterprises and advanced users can go to the Endpoint Manager admin center instead."

Also, it's necessary to use Azure Active Directory synchronization for at least some Windows 10 devices. In addition, the policy settings will only work when a tenant is using Windows Defender Antivirus. Lastly, PCs need to use "Windows 10 Pro, version 1703 or later."

The Microsoft 365 Business Premium device-management approach is just now starting to become available within the Microsoft 365 Admin Center portal. It'll reach all subscribers "within the next few months."

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.

Featured

Cisco Warns of Brute Force Attacks Targeting VPNs and Firewalls

Cisco has revealed that a global increase in brute force attacks targeting Virtual Private Networks (VPNs) and other devices is currently taking place.
What's Inside Microsoft 365's Security Toolbox?

Microsoft provides plenty of native tools to secure Microsoft 365. IT pros just have to know where to look.
Microsoft Kills 30-Day Data Retention Policy for Copilot in Fabric

Microsoft this week announced several usability improvements coming to Copilot in Fabric in preparation of its general availability release later this year.
Using Microsoft Office to Build a Network Diagram 2

Now that we've set up our process, let's dig in with the actual execution.
Microsoft Graph 'Activity Logs' Feature Goes Live

Microsoft announced the general availability of the "activity logs" capability in Microsoft Graph, giving administrators more options to track user activity and identify patterns of potential misuse.