Beginning in April, the Microsoft 365 Business license now includes Azure AD Premium 1. This normally is a $6 per user cost but it is being rolled into your plan at no additional charge. This is great news. Here at Harbor our close relationship with Microsoft let us “see” where they were making investments and choose the right plan for our clients. If you been with us for a long time, then you know that we bet on Small Business Server and it was a great choice saving our clients thousands of dollars each year over 15 years. We’re convinced that the Microsoft 365 Business plan will continue to do the same.
I know that this is all going to be very geeky but let’s take a look at these new features and I’ll point out a couple that we were using now, because of the management licenses we apply to your account and those that I think many of our clients will be interested. A lot of this is security related. As small and medium business (SMB) are the #1 target for the bad guys, even though they don’t make the news, these features are important.
I’ve put my comments in italics in the table below. These are general statements but I hope understandable. Short – Short. We’ve got some great new tools to work with!
| Single Sign-On. This allows other applications you own to logon using your 365 credentials so that once you login in once you aren’t promoted to login again. |
| Password Protection (custom banned password) Microsoft keeps a list of passwords that are available for sale on the dark web. We can use that list to prevent you from becoming a victim by dictionary attack |
| Password Protection for Windows Server Active Directory (global & custom banned password) Same as above for your local server logon. |
| Self-service password reset/change/unlock with on-premises write-back. Using now but this add the ability to write your 365 password back to your local server and using one password for both. |
| Group access management |
| Microsoft Cloud App Discovery. This allows the discovery of cloud applications on the local computers. They are often ones that you don’t realize your staff is using. Now you’ll know and we can mange them as you’d like. |
| Azure AD Join: MDM auto enrollment & local admin policy customization. Using now. This enables management of mobile and windows devices and the pushing of policies onto them. |
| Azure AD Join: self-service bitlocker recovery, enterprise state roaming. When a hard drive is encrypted the key recovery process can be automated using this feature. In additional profiles can be saved and follow you as you move from device to device. |
| Advanced security and usage reports. Using some now |
| Hybrid Identities |
| Application Proxy |
| Microsoft Identity Manager user CAL. An over simplification but this adds features to allow active directory to manage users and permission for other applications |
| Connect Health Allows us to monitor the connection between your local server and the cloud. |
| Advanced Group Access Management |
| Dynamic groups. This is a new way of managing the membership of groups. Once fully setup the people are added or removed based on parameters not the manual addition. |
| Group creation policy |
| Group naming policy |
| Group expiration Groups can be temporary and expire after a set time period |
| Usage guidelines |
| Default classification allows for the classification of documents via labels that then set permissions upon them automatically regardless of where they go to. |
| Conditional Access |
| Conditional Access based on group, location, and device status Using now |
| Azure Information Protection integration |
| SharePoint limited access Say an intern is working, we can now grant them access to specific sites and not all of them. This means that some sharepoint content can be marked private for departments with sensitive data. |
| Terms of Use (set up terms of use for specific access) |
| Multi-Factor Authentication with Conditional Access Using now |
| Microsoft Cloud App Security integration Using now |
| 3rd party MFA partner integrationPreview |
| 3rd party identity governance partners integration |
About Harbor Computer Services
Harbor Computer Services is an IT firm servicing Southeastern Michigan. We work exclusively under contract with our clients to provide technology direction and either become the IT department or provide assistance to the internal IT they already have. We have won many awards for our work over the years, including the worldwide Microsoft Partner of the Year in 2010. We’re the smallest firm to have ever won this most prestigious award. Most recently we were recognized as one of the top 20 visionaries in small business IT by ChannelPro Magazine. And as the top Michigan IT firm for Manufacturing. There are a few simple things that make Harbor Computer Services the best choice for your business. •We are Professionals •We are Responsible •We are Concerned About The Success of Your Business
