Security is a top concern for SMB customers. Instill customer confidence by providing the right ongoing security solutions
Three key value-add scenarios for scaling up a recurring revenue security offering with your customers
Assess & Configure
Establish a strong foundation of security and information governance across customers
Monitor & Review
Efficiently monitor and review security across tenants, critical settings, and key policies
Remediate & resolve
Quickly remediate security gaps or issues across tenants, settings, and policies
Use this Playbook to support the growing customer needs of a secure and flexible work environment
Here’s a sampling of actions you will find in the playbook
Action
Assess security settings across customers
Out-of-the-box assessments across 15 security factors to open doors with customers.
Quickly check and report on the following security details and settings that contribute to each customer’s Secure Score:
- Number of Global Admins
- MFA status for admin accounts and users
- Check that Basic Authentication is disabled
- Check that MFA is enabled
- Verify cloud user password is set to not expire
- Check self-service password reset is enabled
- Check status on Calendar Sharing
- Verify that calendar detail sharing outside the organization is disabled
- Verify setting for external user sharing
- Verify malware file filtering is enabled
- Check for the existence of notifications for sending of malware or spam from internal users
- Check that Audit Log Search is enabled
- Check that Mailbox Auditing is enabled
- Check that Mobile Device Compliance is enabled
- Check for enable shared link expiration and set to less than 60 days
Action
Single-click application of Data Loss Prevention (DLP)
Establish data retention and protection policies to reduce compliance risks.
Easily apply any of the following 20+ Microsoft DLP templates to meet specific customer compliance policies.
Australia Financial Data Protection
Australia Health Records Act (HRIP) protection
Australia Privacy Act protection
Canada Financial Data protection
Canada Health Information Act (HIA) protection
Canada Personally Identifiable Information Data protection
General Data Protection Regulation (GDPR) protection
Germany Financial Data protection
Germany Personally Identifiable Information (PII) Data protection
PCI Data Security Standard protection
UK Access to Medical Reports Act protection
UK Data Protection Act protection
UK Financial Data protection
UK Personally Identifiable Information (PII) Data protection
US Financial Data protection
US Gramm-Leach-Bliley Act protection
US Health Insurance Act protection
US Patriot Act protection
US Personally Identifiable Information (PII) Data protection
US State Breach Notification Laws protection
Action
Monitor to discover critical gaps like MFA exposure
Schedule set-and-forget security assessments at a regular cadence.
Over 80% of breaches from hacking involve brute force or use of lost or stolen credentials.
MFA is a simple but powerful feature that if enabled can combat most threats of unauthorized access to customer applications and data. Cloud Manager makes it easy to proactively identify any user with MFA disabled and also immediately remediate any discovered issues.
Action
Manage Anti Phish policies to reduce customer risk
Protect customers against phishing attacks – a leading cause of data breaches.
With the expansion of remote work, protecting customers against Phishing attacks has become increasingly critical. Employees may be bouncing between work and personal email and social sites, often on less secure networks.
Cloud Manager makes it easier to proactively standardize security settings for Microsoft 365, including Anti Phish policy settings. With a single command, you can quickly and accurately update Anti Phish policies across customers.