Policies Management in Microsoft 365

One of the great benefits of Microsoft 365 is the robust policy-setting capabilities within the platform. You can have the best security features, the most user-friendly Wi-Fi setup, and the most robust data loss prevention plan in place, but if your policy setting capabilities are not comprehensive and far-reaching, you will have difficulty keeping your operation secure and compliant. Let’s look at some of the different types of policies you might come across in Microsoft 365, as well as some best practices for setting them up and using them effectively.  

  1. Security & Compliance Policies

The Security & Compliance Center is the go-to place for all things security and compliance in Microsoft 365. From here, you can access various tools and resources to help you keep your environment secure, including the ability to create and manage policies.  

There are two types of policies that can be created in the Security & Compliance Center:  

  • Organization-wide policies: These are policies that apply to your entire organization and can be configured by anyone with the appropriate permissions.  
  • User-specific policies: These are policies that only apply to specific users or groups of users, and can be configured by anyone with the appropriate permissions. 

The settings for these policies are found under three major sections with the Security & Compliance Center: 

Microsoft Exchange Online Protection is a cloud-based security module that protects business email inboxes from spam and malware. With EO, security teams can set and enforce communication and messaging rules with ease. 

  • Threat protection policies 
  • Real-time reports 
  • Automated threat investigation and response 
  • Attack simulation features 

Office 365 Threat Intelligence uses data signals from a variety of intelligence sources such as global data centers, office clients, and compromises to give security teams the most recent information on threats to offices around the world. 

  • Threat explorer module 
  • Automated policy recommendations 
  • Threat feeds 
  • Rich analytics dashboard 

Microsoft’s Compliance Manager gives security teams the capability to assess compliance risks, as well as monitor and record compliance activity within Microsoft Cloud services, allowing them to ensure that all regulatory compliance standards are met. 

  • Audit and assessment reports 
  • Role-based access control 
  • Compliance scoring 
  • Secure evidence and activity repository 
  1. WiFi Policies 

If you’re using WiFi in your organization, then you’ll need to create a WiFi policy to make sure that only authorized users can access your network. WiFi policies can be created in the Microsoft 365 admin center, and they can be applied to entire organizations or specific users and groups.  

When creating a WiFi policy, you’ll need to specify the following:  

  • The name of the policy  
  • The description of the policy  
  • The WiFi SSID  
  • The WiFi password  
  • The type of encryption  
  • The type of authentication  
  • Whether or not users will be able to connect to the network automatically  

After you’ve created your WiFi policy, you can apply it to users and groups by going to the “Users and Groups” section in the Microsoft 365 admin center and selecting the appropriate users and groups from the list. Applying a WiFi policy to a user or group will give them the ability to connect to the network automatically, as well as manage their own connection settings.  

  1. Data Loss Prevention Policies

Organizations can use data loss prevention tools in the Office 365 Security & Compliance Center to detect, monitor, and secure highly sensitive data stored on Microsoft Office 365 services, including Exchange Online, SharePoint Online, OneDrive for Business, and Microsoft Teams.  

  • Automated rule enforcement 
  • Automatically block sensitive content 
  • Detailed incident reports 
  • Policy templates 
  1. Web Policies – Whitelists & Blacklists 

A website blacklist is a list of websites that are blocked from being accessed. A website whitelist is a list of websites that are allowed to be accessed. Both lists can be created in the Microsoft 365 admin center, and they can be applied to entire organizations or specific users and groups.  

When creating a blacklist or whitelist, you ‘ll need to specify the following:  

  • The name of the list  
  • The description of the list  
  • The URLs that you want to block or allow  

After you’ve created your blacklist or whitelist, you can apply it to users and groups by going to the “Users and Groups” section in the Microsoft 365 admin center and selecting the appropriate users and groups from the list. Applying a blacklist or whitelist to a user or group will give them the ability to access the websites on the list automatically, as well as manage their own website access settings.  

  1. Best Practices 

While it is beneficial to learn about various Microsoft 365 policies, it is equally important to learn how to practice them effectively. Some best practices for policy management in Microsoft 365 include:  

  • Assign a dedicated administrator to manage policies  
  • Use role-based access control to limit who can create and edit policies  
  • Create informative and descriptive names and descriptions for policies  
  • Test new policies before implementing them organization-wide  
  • Review existing policies on a regular basis  

Policies are an important part of Microsoft 365, and they can help you to keep your data safe and secure. By following the best practices listed above, you can ensure that your policies are effective and easy to manage. Thanks for reading!  

Do you have any questions about policy management in Microsoft 365? Email us at sales@montra.io  


3 Things an Employee Information Manager Needs 

Too many systems, too many self-service portals. How many times a month are you or your employees being asked to update information in one of your systems – addresses, phone numbers, personal emails, bank information, emergency contacts – who has time to update all the systems everywhere. 

Just think about it: 

  • Employees Move 
  • Employees Change Phone Numbers 
  • Employee Families Change 
  • Employees Learn New Skills 
  • Employees Get New Experience 
  • Employees Can Be Working from Anywhere 
  • Employees Work Flexible Hours 

So, every time an employee does work for a new customer, or moves, or changes job title, then they would need to update every system that tracks that. Most people don’t even know what systems hold their info, much less have the time to make changes. And with more dynamic information like where they are working for the day or are the currently online, keeping multiple systems up-to-date completely breaks down. 

Why do we have this problem? 

The problem is that there isn’t really a system of record for employee information in most companies. Instead, there are many systems of record. What most companies have today typically looks like the following: 

  • HRIS: maintains employee information for HR, benefits, pay, employee reviews, etc. For good reasons, it is usually a very limited access system. The employee address and/or bank info is always correct in the HRIS because people like to get paid. 
  • Email System: Email is so central to modern work-life, that the email provider tends to be the default system IT uses for employee information. The email is always correct here and that is usually about all. 
  • Employee Directory: Some companies will either license an inexpensive employee directory or have an internal person develop one. The information in them tends to get stale quickly, because it is yet another system to keep updated. 
  • LinkedIn: While not a system that companies need to license, almost every employee has a LinkedIn account. LinkedIn tends to be a reliable place for employee experience and skills and sometimes clubs, hobbies, and other interests. 
  • CRM Systems: Customer Relationship Management (CRM) systems like Salesforce are widely implemented and often used by any employee that touches the customer whether sales, marketing, support, etc. Because of this, the employee information inside the CRM has become a de facto system of record for contacting employees. Emails and phone numbers tend to stay accurate but other important info like job title, location, skills and experiences, tend to get stale fast. 
  • Slack: You may not think of this as an employee information system, but it does have information in it like “I’m logged in” and “I am actively working”. Slack and other services like Teams are also ways to contact an employee that are faster and easier than email. 
  • Other Functional Applications: Just about every department in a company has at least one system of record to assist them with all their work. Any user of these systems must have an account, and usually the developers of those systems have added deeper employee info that is either necessary or helpful for their application. The challenge is that these applications are often not broadly used and the employee information gets outdated and therefore the features in the app that rely on that information become less helpful. 

3 Functions an Employee Information Systems Provides 

What companies really need is a centralized repository of employee information with three primary functions: 

1. Employee Self-Service: Allow employees to update their own information easily and reliably 

2. Secure Employee Directory: A great benefit of having reliable employee information, is that the information can then be shared internally. That said, there is far more information in the HRIS than should be published for all employees. A good employee information manager needs to have privacy settings that allow the proper handling of employee data.  

3. APIs Everywhere: If the Employee Information System is going to stay valuable, it needs to have APIs to as many systems the affect employees as possible. This list can be long but should include the HRIS, Email, Slack/Teams, Phone Systems, Device Managers, Finance, CRM, and Employee Notification Systems. 

It cannot be understated how important having accurate employee information available to all people and systems within a company is – especially as we move into a continually hybrid working work. Great companies will stop treating employee knowledge as tribal information exchanged between employees close to one another and will instead treat employee info the way they treat customer info – as strategic corporate asset to be treated with care and importance it should have. 

Want to learn more about managing your employee information better? Contact us and we can tell you about the software and services Montra provides to get you on your own journey to great Employee Information Management. sales@montra.io 

Six Things to Look for in Modern Remote Management and Monitoring Tools

If you are a managed IT services provider or a company that gets services from one, you are likely very familiar with remote management and monitoring software. RMM has been a mainstay application used by managed IT services providers for years. It provides several important functions that enable the cost-effective and secure delivery of the end-device services by IT service providers. 

The past two years have rapidly changed the breadth and frequency of remote work. Whether this is a permanent change in work habits or not, the remote worker needs to be supported as a standard part of IT service delivery, not as an exception – what people call hybrid work now. 

For modern RMM software to keep up with the changing nature of work and the applications and systems being used, the following items need to be addressed: 

1. Remote Updating Needs Rock Solid Reliability 

All RMM clients have supported remote patching and other software updates for years. Not all of them have supported remote updates effectively. The challenge in this new hybrid work model is that a remote user whose device gets bricked by a poorly executed update is especially adversely affected. The RMM client also needs to not only give users the option when to update, but also needs to warn them if they should be doing an update because maybe they are not plugged in, are in a public hotspot, or are on an unreliable internet connection. This approach will help minimize the times a user goes down and IT needs to scramble to get them running (typically at a high cost!) 

2. Top Rate Remote Policy Enforcement 

Policy enforcement needs to be included in any modern RMM. This is needed for a variety of reasons including 1) compliance to frameworks like HIPAA or NIST CSF; 2) security from a user making poor decisions like plugging in an unknown USB drive, and 3) intellectual property loss from users copying files or deleting files. The policy management importantly needs to be integrated with a centralized policy management system, so the policies that are enforced by the RMM are always in lockstep with the latest corporate policies. 

3. Remote Revocation of Rights is Critical 

Since employees can be anywhere when they leave the company, the traditional process of “hand me your computer” doesn’t work. Typically, laptops are mailed back after an empty box is shipped to the employee, or the system is just kept by the exiting employee. In either case, the user’s rights to access data on the device need to be removed remotely and preferably the data wiped. Not all RMM software does this well or in coordination with other HR and IT offboarding processes. 

4. Remote Control Is No Longer Optional 

To solve some issues remotely, it is often easier for the support engineer to take over control of the user’s system. This has been an optional feature in a lot of RMMs, but modern RMMs need to support this feature and support it well. It needs to work through consumer-grade firewalls and in typical co-working spaces, airports, and coffee shops. 

5. Need to support Macs and PCs 

Mac devices have continued to make inroads in the corporate environment. The new M1 processor Macs have provided a new price-performance benefit that is noticeable to every user/ Additionally, with more employees working from home, there are more employees that are doing work on their personal Mac. To properly support these users, RMM software needs to either support Mac and Windows equally well or managed IT service providers need to use two RMMs – one for Mac and one for Windows.  

6. Location Information Needs to Be Accessible 

Location information is available on most modern laptops. It can be GPS-based or WiFi-based, but it should be made available to the RMM. This is a necessary feature in a hybrid working world for many reasons. Employers need to know where employees are in emergencies, info-security needs to know where the device is for login and data usage rights, and it is helpful when a device has been lost or stolen. Modern RMMs need to tap into that information so that managed IT service providers can use it to track assets, data, and people. 

Montra successfully manages thousands of remote devices across all the hybrid workplaces of our customers. If you would like to learn more about how we can keep your workforce productive and secure, please email us at sales@montra.io. 

Tips for Managing Your Sprawling IT Infrastructure in 2020

IT Sprawl is a phenomenon that has risen significantly in small and mid-market businesses over the past several years. This growth can largely be attributed to two factors: rapid cloud services adoption and digital transformation initiatives. Across every industry, cloud services have spread like wildfire due to their ability to increase agility and cost-efficiency. Meanwhile, digital transformation projects have put technology in the middle of almost every business function. These combined factors have led to companies having to deal with some level of the hybrid technical environment.

It is well known that hybrid environments are great for small, growing businesses. Their “best of both worlds” approach to technology adoption allows IT to leverage cloud-based applications while keeping sensitive information on-premises. However, hybrid environments do come with their challenges as well. Over time applications and workflows are added by individual users or departments. This lack of centralization leads to IT teams having a sprawled environment that is difficult (if not impossible) to manage.

Struggling to keep up with the sprawl of hybrid technical infrastructures is nothing new to technology professionals. While the concerns are not new, figuring out how to effectively deal with these challenges is still a top priority for IT teams. According to the 2019 Solarwinds IT Trends Report, 48% of IT professionals plan to prioritize skill development of Hybrid IT Deployment Monitoring and Management within the next 3 to 5 years.

As your organization heads towards the final planning phases for 2020, now is the perfect time to consider if a sprawling IT infrastructure is hindering your business or IT Department. So, what can be done to help you get control over the sprawling technical infrastructure within your organization? Here are our tips:

6 Tips for Managing your Sprawling IT Infrastructure in 2020

Audit Your Environment More Often

The first step to getting your IT environment under control is to conduct a full audit of your systems and applications. Knowing what all is in your environment is the only way to understand how different IT components affect larger business processes. After all, how can you possibly fix a problem if you do not know it exists? Your audit should catalog every cloud service you are using, every server or VM, every network component, and every device. This process should lead to the creation of an inventory of all the technology used in your business and specifically what each component is used for. From this process you should be able to begin to understand:

  • Which services and components are redundant?
  • Which are not aligned with your business and technology strategy?
  • Which are outdated or no longer supported?
  • Which are lightly if ever used?

Prioritize Network Visibility Across the Sprawl

Maintaining network control in a modern, spread-out environment is significantly more complicated than on a local area network. One of the best ways to maintain a level of control over IT Sprawl is to have visibility throughout your entire network. Full network visibility will enable you to know what devices are on your network and what applications are being installed. We recommend partnering with a company, like Montra, who can integrate your various management platforms into a single, comprehensive solution that provides you with end-to-end visibility from a single platform.

Standardization leads to Better Hybrid Management

An easy way of minimizing the burden of sprawling IT management is to standardize the components within your environment. Use as few server, computer, router, VM, etc. types as possible. Once these various types have been decided, consolidate your IT environment to eliminate as many of the others as possible. This will lead to decreased maintenance as IT has fewer components to manage. In the long run, IT employees will achieve additional efficiencies as they become specialists in keeping only a specific number of types of IT components running at their best.

Establish Policies for Deploying New Cloud Applications

It is unlikely an employee will stroll into work with their own server. However, the same cannot be said for cloud and other web-based applications. All too often a cloud-based application enters a company’s environment at the request of a single employee. These services undergo little-to-no vetting and are often duplicated or redundant to applications already in use. An easy way to combat this is to enforce authorization procedures for the selection and implementation of new technologies. These procedures should align to the company’s larger strategic goals and make sure applications fit the “bigger picture.” When properly enforced, these procedures should reduce new or duplicate applications from entering the environment.

Consider Full Lifecycle Cost of New Products

It’s common for businesses to find cheaper technical solutions more appealing than slightly more expensive, yet more efficient, counterparts. However, cheaper solutions can come at their own cost. Choosing cheaper equipment can affect maintenance, power efficiency, and management costs which are not considered in the initial investment. Maintaining these various inefficiencies only gets more complicated as infrastructure grows. When expanding IT components on your network make sure you consider the full lifecycle cost of each product and not just the upfront cost.

Be Cautious of “Jack of all Trades” Hiring

You probably have great experts on your team. However, experts in managing servers may not be able to provide the best insight consolidating your cloud. Modern hybrid business infrastructures are composed of a wide range of technologies and systems. This makes it very difficult to find a generalist that can properly support a mid-sized IT infrastructure. Often times the best result comes from bringing in an outside team of experts. These team members can often better serve as your internal IT team by providing deeper expertise in particular IT specialties. Bringing in additional resources increases the level of specialization of each component within your network. Additionally, an outside team provides you with an “outsiders perspective” that is often helpful in determining the actual validity of a specific service or component even if it is associated with a specific, high-maintenance user.

If you are interested in learning more about managing your sprawling IT infrastructure, contact our experts today.