[Guest Blog] Helping SMBs securely work from home with Microsoft 365 Business Premium

Published May 22 2020 03:33 PM 2,090 Views
Senior Member

This guest post is written by Nathan Taylor, Director of Technical services at machineLOGIC. Nathan is a Microsoft 365 Certified Security Administrator Associate and Microsoft Certified Azure Solution Architect Expert. He has been working in SMB IT for over 15 years. Learn more about machineLOGIC and his work at www.machinelogic.com


Helping our small and medium business customers work remotely and securely is a challenge that many MSPs are wrestling with. Microsoft 365 Business Premium is one of the most useful and cost-effective solutions we have to help our customers with these scenarios. Here are a few ways we have leveraged this product.


Microsoft Teams has been the single most valuable solution to our team and our customers during this transition. Internally, Teams has been invaluable for connecting team members and collaborating on solutions. We have departmental meetings every week to discuss scheduling and resources and most managers have weekly one-to-one video meetings with their employees. We have even used it for after-hours social events such as game nights using online quiz games.

In response to COVID, our customers adopted Teams at an incredible pace. Once we get one department of a company to embrace Teams, adoption happens organically and rapidly. Many of our customers are also adopting the audio conferencing licenses to help save money on third party conferencing solutions and give them a consolidated collaboration platform.

One of our Denver based customers, LifeHealth LLC is a professional services company with around 200 employees that specializes in clinical staffing, wellness services, and healthcare readiness. LifeHealth has decided that they will not be fully transitioning back to their traditional office environment as Teams has allowed them to be incredibly productive from remote locations. Video meetings allow for team members to communicate and connect in a way that a conference call does not.

One of the big selling points for Teams when combined with Microsoft 365 Business Premium is the level of security it brings to collaboration. Between Data Loss Prevention, Intune App Protection Policies, Conditional Access, and ATP Safe Links and Safe Attachments within Teams our customers are confident in their ability to collaborate remotely in a secure manner without the worry of data loss.

As part of this transition to work from home, the volume and intensity of cyber-attacks has risen. Microsoft 365 Business Premium includes Office 365 Advanced Threat Protection which is a key tool for protecting our customers. Many of the attacks are coming via email in the form of phishing attacks and malicious attachments or links. We have deployed these solutions for our customers and found it does an incredible job detecting and preventing attacks.

Multi-factor Authentication(MFA) is another key solution in keeping our customers secure. MFA provides the peace of mind that we are not relying on a simple password to protect company data. Customers are seeing a rise in attacks due to WFH scenarios caused by COVID. Getting customers to use MFA is easier than it used to be as customers are using consumer sites including social media and banks that are requiring MFA. Most customers find the Microsoft Authenticator App to be an intuitive way to apply MFA to their 365 accounts. Conditional access then allows us to enforce MFA authentication and device verification. We can also implement policies that block insecure legacy auth, enforce MDM and MAM, and block logins from unsupported platforms. As an MSP we are all to familiar with the fact that phishing is one of the biggest threats our customers face. The combination of MFA and conditional access polices is an important step in preventing phishing.

With the recent addition of Azure AD Premium P1 to the Microsoft 365 Business Premium we now have access to additional solutions for the work from home paradigm. With this license, our customers can now access Cloud App Security Discovery which is incredible tool for understanding their security posture around authentication. We used Azure AD Application Proxy to help one of our Denver based oil and gas customers provide secure MFA protected remote access for over 100 employees to an internal web app. Azure AD App Proxy is a great solution for web apps that contain sensitive data, or are not ready to be exposed outside the corporate network.

Though most of our clients are working from home, many still need access to a line of business app that is not cloud ready. This includes accounting, manufacturing and construction apps, or other apps that require a local executable and access to files shares. For those scenarios, we leverage Windows Virtual Desktop (WVD). WVD allows us to deploy an RDS solution to Azure running on Windows 10 multi-session, without the cost of server licensing and RDS CALs, and with no open ports. When paired with MFA, it is the most secure, scalable, and cost-effective solution for remote access and work home scenarios. With WVD clients available for iOS, Android, MAC, and PC, our user can securely access their LOB apps from any device, anywhere.

Finally, we are using Windows Autopilot to allow us to ship new hardware directly to users. This makes procuring and configuring new hardware much quicker and more cost effective. This solution transforms how we configure and refresh PCs for our clients and they see it as a strong value add. With COVID disrupting shipping and receiving, Autopilot has been especially helpful. We have been able to work with manufacturers and distributors to implement Autopilot remotely via the Azure AD and Intune portals. No onsite or physical interaction with the hardware required.

Microsoft 365 Business Premium has allowed machineLOGIC to respond to a rapidly changing landscape and keep our customers secure.




Version history
Last update:
‎Jun 23 2020 12:27 PM
Updated by: