ii am using microsoft business basic 365 for my company 10 users now i want some feature on my laptops for work from home mobile device management 1. bitlocker active in laptop 2. windows firewall defender to be on. 3 usb block on device 4. enduer should not be able to insiall or uninstall application. 5. installation should happen only using global administrator 6. password laps policy 7. password expire after 30 days 8. rdp disable.
Current Plan and Upgrade Suggestion
Since you are currently using Microsoft 365 Business Basic, you'll need to upgrade to Microsoft 365 Business Premium. This plan includes Microsoft Intune, which provides the necessary device management and security capabilities.
Features and Configuration with Microsoft Intune
BitLocker Activation on Laptops
- Configuration: Use Intune to deploy a BitLocker policy to your Windows 10/11 devices to ensure that encryption is enabled.
Windows Defender Firewall Enabled
- Configuration: Configure a device compliance policy in Intune to ensure that Windows Defender Firewall is enabled on all managed devices.
USB Block on Device
- Configuration: Create a device configuration profile in Intune to disable USB ports, ensuring that external storage devices cannot be used.
Restricting Software Installation and Uninstallation
- Configuration: Use Intune to configure Endpoint Protection settings that restrict users from installing or uninstalling applications. Configure Windows 10 security baseline profiles to enforce these settings.
- Local Administrator Rights: Remove local admin rights from end users through a device configuration profile.
Installation by Global Administrator Only
- Configuration: Ensure that only global administrators or designated IT personnel have admin rights, which can be enforced through Intune by limiting local admin permissions.
Password Laps Policy
- Configuration: Use Intune to configure device compliance policies that enforce specific password requirements, including complexity and length.
Password Expiry After 30 Days
- Configuration: Set password expiration policies through Intune to ensure that passwords are changed every 30 days. This can be done via a device compliance policy or through Azure AD password policies.
RDP Disable
- Configuration: Create a device configuration profile in Intune to disable Remote Desktop Protocol (RDP) on all managed devices. This can be enforced through group policy settings deployed via Intune.
Steps to Upgrade and Configure
Upgrade to Microsoft 365 Business Premium
- Upgrade your current plan to Business Premium to gain access to Microsoft Intune and additional security features.
Set Up Microsoft Intune
- Enroll Devices: Enroll your company’s devices in Intune to start managing them.
- Configure Policies: Create and assign policies in Intune to enforce BitLocker, Windows Defender Firewall, USB restrictions, software installation restrictions, password policies, and RDP settings.
Policy Deployment
- Use the Intune admin center to deploy the required configuration profiles and compliance policies to your devices.
Additional Resources
- Microsoft Documentation: Refer to the Microsoft Intune documentation for detailed steps on setting up and configuring each policy.
- Support: Consider working with a Microsoft partner or using Microsoft support if you need assistance with configuration and deployment.
Conclusion
Upgrading to Microsoft 365 Business Premium will provide you with the tools necessary to manage and secure your devices as per your requirements. Microsoft Intune, included in this plan, allows you to enforce security policies, manage device configurations, and ensure compliance across your remote workforce.
No comments:
Post a Comment
thanks