M365 security & compliance packs.
Microsoft 365 brings together Office 365, Windows 10, and Enterprise Mobility + Security (EMS) so empowers everyone to be creative and work together, securely.
Once you have the licence in place though the security and compliance functionality in EMS needs enabling.
At Bam Boom Cloud we don’t believe in complicating things with bespoke scoping exercises and drawn out implementation, that’s why we’ve created our one-off, fixed price, fixed-scope M365 Security & Compliance Packs which unlock the functionality needed to help protect your business.
M365 pack 1
Our identity Management Pack makes managing passwords easy and ensures that everyone has a secure identity for Microsoft 365.
We enable Multi-Factor Authentication for roles with access to sensitive data. Reduce the burden of password management on the IT Team with self-service password reset.
- Enable Synchronized Identities with On-Premise AD
- Configure Secure Password Policies
- Enable Self-Service Password Reset
- Enable Conditional access MFA with Safe Zones
- Enable Conditional access MFA for Guest Accounts
- Enable Corporate branding
- Enable Windows Hello policies*
*Requires device enrolment, see additional packs.
Advanced threat protection
M365 pack 2
Our Advanced Threat Protection Pack enables seamless security features which protect end-users from accidentally sharing data or from being targeted by a phishing attack.
- Configure Safe Attachments
- Configure Safe Links
- Enable Personal User Quarantine portal
- Identify and Block Malicious files in SharePoint, OneDrive and Teams
- Anti-Phishing Protection, SPF protection
- Enable Online Exchange Archiving
- DKIM and DMARC in Quarantine mode
- Prevent Forwarding to External domains
- Restrict use of 3rd party storage within OWA
Data loss prevention
M365 pack 3
Our Data Loss Prevention Pack can help you identify Personally Identifiable Information (PII) as well as sensitive business data. Once identified you can track where and how this data can be stored and transmitted.
Office 365 data loss prevention
- Define sensitive data policies across Email, SharePoint and OneDrive
- Prevent PII data from being sent outside of the organization
- Streamline GDPR Compliance
- Configure DLP reports and alerting
Azure information protection
- Configure default data labels to categorise data sensitivity
- Configure default data policies to determine how sensitive data is handled
- Prevent sensitive data from being sent outside of the organisation
- Provide deployment support for AIP Client rollout*
- Configure reports and alerting
*Client software needs to be at a MS supported level
M365 pack 4
Employees are bringing their own devices and accessing corporate data on them. Our Device Security Pack helps secure your business information from threats and leaks. Apply data policies on corporate and Employee devices alike to safeguard your business data.
Microsoft Endpoint App Security Pack*
- Restrict Copy/Paste to personal apps
- Block saving of Corp data to device
- Block Screen Capture
- Encrypt Org data
- Enforce MFA for Outlook App
- Only Official Office Apps can connect to 365
- Enable Remote Wipe of Business Data on mobile device
Microsoft Endpoint Manager Device Pack**
- Configure iPhone and Android for Enterprise settings
- Configure Windows Enrollment / Hybrid AD Join devices for targeted deployment
- Centralized Patch Management
- Configuration of Windows Defender*
- Enforce Bit locker Encryption**
- Controlled Folder Access and Attack surface reduction
- Enable Remote Device Wipe
- Configure Windows 10 Security Baselines***
- Configure MS Business Store
* Not included in Pack 4 is device enrolment. Device enrolment is user based and user deployable. Additional support with enrolment can be added as an addition.
** Requires TPM and W10.
*** based on Microsoft recommendation, requires scope of work for custom policies.
**** for full monitoring and advanced AV we would recommend Microsoft Defender for Endpoint @ £3.90 pupm
Defender for Endpoint
M365 pack 5
Microsoft Defender for Endpoint uses next-generation protection to catch all emerging threats.
Based on Microsoft Business 365 licensing, Microsoft 365 Defender, and Defender for Endpoint, form a unified pre- and post-breach enterprise defence suite that natively integrates across endpoint, email, and applications to detect, prevent, investigate, and automatically respond to sophisticated attacks.
- Configure Microsoft Defender for Endpoint Portal
- Removal of old Antivirus*
- Onboard Workstations into Microsoft Defender for Endpoint
- Onboard Servers into Microsoft Defender for Endpoint****
- Configure new devices to automatically onboard to Microsoft Defender Endpoint
- Configure device profiles through Intune/Group Policy following NIST Security Guidelines
- Configure Microsoft defender for Endpoint Policies for Android / iOS
- Configure Enforcement scopes**
- Enforce Standard Protection Attack Surface Rules***
Pack 5.1 Defender Security and Remediation, ( As above with monthly commitment)
- As above…..
- Enforce Enhanced Attack Surface Rules in Audit mode / Enabled in phased approach***
- Monthly access to an engineer to consolidate information from the portal and make fixes/suggestions to improve the secure score.
*Subject to the management of current AV and removal methods
** Requires devices to be in Azure AD Hybrid Joined
*** Enforcement based on the Line of business applications’ supportability
**** Based on 5 Servers in hours reboots (7am-7PM)
Want to learn about the different prices and options available?
Fill in your details and a member of the team will be in touch.