Everyday work is carried out in a significantly changed environment, as we can now not only perform our duties from the office, and we often use our own devices in addition to or instead of the devices provided by the employer. However, the changed new work environment poses significant challenges for organizations—one of the biggest of which is protecting data and employee identities from external and internal threats, all in a transparent and affordable way. 

By following the Zero Trust principle, organizations can keep their data secure. The following main steps make work both safe and efficient:

1. Put Zero Trust into action.

2. Streamline the management of endpoints. 

3. Boost productivity and collaboration with apps that support it.

1. Zero Trust is the Foundation of Security

More than 1,287 password attacks occur every second, more than 111 million in a single day. And this number is constantly increasing as employees have access to data with their own devices in addition to company assets. Attacks and viruses usually occur on devices that are not managed by the company. Research shows that users are 71% more likely to become infected on an unmanaged device. Therefore, the protection of employee identities is crucial, but it is equally critical that employees have access only to the data that is essential for their work. This is particularly critical, as last year 7 out of 10 organizations were compromised by shadow IT. 

Zero Trust is built on three pillars:

1. Always authenticate: Build your system so that, in all cases, users can only access company data after authentication, only from secure devices and secure locations.

2. Ensure least-privilege access: Avoid having users with access to data that is not needed for their work by providing the least-privilege access that is absolutely necessary for performing their duties in their role.

3. Always assume breach: Build your IT system so that potential attacks can be identified immediately, and that the necessary steps can be taken to minimize any damage.

Microsoft Entra

The first step is to protect employee identities. The Conditional Access feature of Microsoft Entra (formerly Microsoft Azure Active Directory) takes signals from different sources in real time into account to determine system access for the user. These signals can be:

• User or group membership
• IP location information
• Devices
• Applications
• Real-time and calculated risk detection: Based on Conditional Access policies, the system can identify and remediate risky users and sign-in behavior.
• Microsoft Defender for Cloud Apps: Enables user application access and sessions to be monitored and controlled in real time. 

Based on the information obtained, the system decides whether to grant access to a specific application to the user. If the algorithm detects a threat during the assessment, 

• it blocks access, and
• requires additional authentication from the user, such as multi-factor authentication, fingerprint or face recognition or a password change. 

Conditional Access offers many options for different scenarios. You can even set detailed controls, so that certain employees can access certain applications only in given countries and from specified devices. In this case, Conditional Access will only grant access if all conditions are met. For more information on Conditional Access, please visit: https://learn.microsoft.com/en-us/entra/identity/conditional-access/overview

2. Maximum Safety for Endpoints

By using Microsoft Intune and Microsoft Web Content Filtering services, you can make sure that all assets are protected across the cloud, servers and endpoints. Microsoft Intune is a cloud-based endpoint management solution. It manages user access to organizational resources and simplifies app and device management across your many devices, including mobile devices, desktop computers, and virtual endpoints. With Microsoft Intune, you can easily protect access and data on both your organization-owned and users’ personal devices; and Microsoft Intune even has compliance and reporting features that support the Zero Trust security model. 

Within Microsoft Intune’s cloud-based device management, you can configure, among other things, to deploy the latest software and updates on all devices within the organization automatically. You can also easily manage users and devices, whether organization-owned or owned personally by the user, or create different policies about their access privileges. Read more details about the additional benefits of Microsoft Intune here: https://learn.microsoft.com/en-us/mem/intune/fundamentals/what-is-intune

Microsoft Web Content Filtering, available in Microsoft Defender for Endpoint, is used to ensure endpoint security, by enabling your organization to monitor and control access to websites based on their content categories. Read about Microsoft Web Content Filtering here: https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/web-content-filtering?view=o365-worldwide

3. Protecting Company Data

Microsoft Purview enables data to be classified and protected appropriately. We have covered protecting, classifying, encrypting, and securing company data in the event of unauthorized access in detail in our article about the hidden gems in Microsoft 365. 

Trusted Partner for Everyday Work

Microsoft 365 services provide companies with reliable protection during their daily operations. Your company can protect data and employee identities appropriately, as well as all the devices used by the employees. In addition to a cloud provider, however, you also need a trusted partner. With more than a decade’s track record and its global network, Noventiq offers security and expertise to your company and its employees.