Using Microsoft 365 security features, small businesses can consistently enforce and manage the security policies of all Windows 10 computers from one location.
In a world where all of your business can be shut down and your data held for ransom without a single click of a malicious link in an email, the security of every personal computer in your organization is extremely important. Large organizations can employ an army of managers and engineers to secure their networks and computers, but small businesses often have to protect themselves.
SEE: Checklist: Securing Windows 10 systems (TechRepublic Premium)
To make life easier and more secure for small businesses using Microsoft 365, this productivity suite has several security features built into the management apps. Unfortunately, many small businesses don’t take advantage of these security tools properly because they either don’t know they exist or they don’t understand how they work.
This how-to tutorial shows you how to enable Microsoft 365’s built-in security features and apply them to all Windows 10 computers in your organization.
SEE: Microsoft Surface Go 2: Cheat sheet (free PDF) (TechRepublic)
Securing Windows 10 computers with Microsoft 365
The first step in securing Windows 10 computers in your small business organization with Microsoft 365 is to log into the admin portal with the appropriate credentials. We’ll assume you’ve set up your domain and set up your email server.
In the left navigation bar, select Setup and scroll down the list in the right side window pane until you find the Device section, as shown below. Figure A.
Click the “Secure your Windows 10 computers” link to access the configuration screen shown. Figure B. As you can see, completing this configuration will be able to enroll all Windows 10 PCs into Microsoft Intune, the company’s unified management tool for businesses using Microsoft 365 or Azure.
We will create a basic security policy for all Windows 10 computers running in our organization. Just like a large organization, small businesses can apply these policies consistently across all Windows 10 devices, saving the time needed to configure each computer individually.
It is important to scroll down the page and pay attention to how the policy will be implemented.
Policies only apply when the following is true:
- Set Users can add devices to Azure AD as All or Some in Azure Active Directory
- Set MDM user scope to All or Some in Azure Active Directory
- Computers are running Windows 10 Pro, version 1703 or higher
- Computers do not run any other virus protection or device management programs
- Computers are enrolled in Microsoft Intune (see User impact)
Assuming we’ll meet all these requirements, click the Get Started button to start the process.
The system will take a few seconds to establish the basic principle and then it will ask you to click the Apply Settings button to confirm as shown below. Figure C. The default to turn off the standby screen is too low for my tastes, but I left everything else at their default values.
Once your selections are complete, click Apply Settings. You should receive a message that basic policies are being implemented. Click the X to close the window.
To register a Windows 10 computer currently in use in your organization, open Settings on that computer and go to the Accounts section. Click “Access Work or School” in the left navigation bar to add the device as shown below. Figure D.