by Paul Smitherman
Microsoft’s flagship product Office 365 Enterprise E5 provides an extra layer of sophistication – in richness, flexibility, and holistically speaking. The benefits to clients are many and have been well publicised. However, there are a number of features and benefits that are less well known, which are highly relevant to financial services organisations of all sizes, particularly around creating efficiencies and reducing information security risk.
Many of these benefits revolve around entitlements and licensing use rights, providing access to eligible products using licencing mobility. This means you can use the functionality on environments such as virtual desktops without the need to pay for additional licencing.
In our work with existing Lanware clients, we’ve experienced a number of stand-out features that will save your business time and ensure your organisation is equipped to handle information security risk more efficiently and effectively. Here are our top five:
1. The System Center Configuration Manager (SCCM)
Microsoft SCCM is designed to manage infrastructure for building servers, workstations and desktops using a standardised build process that is managed centrally. It is an entitlement provided within the ‘Enterprise Mobility + Security’ suite, as part of your Microsoft 365 subscription. Once systems have been built, they can further be managed as far as system inventory, application deployment, windows updates and even enforce various compliance policies.
Taking the example of one of our clients: their employees had regular challenges around PC disk space. Using the SCCM tool, we were able to both monitor the situation on all the endpoints by running reports and performing a logic check on certain folders to identify potential temporary data. We would then set up actions to be triggered when a disk space warning was flagged so that temporary folders could be automatically purged and alleviate the issue. The benefit to leveraging this type of technology is that we can push a generic policy out to all workstations as it is centrally managed.
Put simply, SCCM removes the need to perform manual maintenance tasks and having an IT engineer go around performing housekeeping on PCs or laptops. It’s great for lifecycle management, preventative maintenance and centralised administration.
We can also use the tool for accessing highly visual reports. These can consist of installed applications report, licensing compliance and anything within the entire lifecycle of the infrastructure and performing remote control functionality – all in one central place.
2. Deploy Windows 10 & Office 365 Pro Plus on up to 5 PCs or Mac devices
In today’s work environment it’s common to have multiple devices in different locations and need to access your software on all of them. Microsoft used to offer employees a low-cost Microsoft office licence that they could use at home or on other devices. With today’s subscription-based licencing model, employees are automatically entitled to extend their software access to multiple handsets, tablets or mobile devices.
Now when a CEO travels to visit his team in global locations he can pack just his tablet and leave his laptop at home. He knows that whether he is in London, Singapore or Sydney that there’s a laptop configured for him. From an efficiency perspective, that translates as four less licences for the operating system and the Office 365 suite. He can also access his desktop in the cloud with a level entitlement that doesn’t require additional licencing. That not only makes it efficient but provides a more convenient customer experience.
3. Forget renewing your 3rd party Anti-malware subscription
Typically, an enterprise anti-malware security solution costs £200-350 a year per endpoint. For a medium- sized firm of 100 employees that can add up to an eye watering amount considering it’s just one small component of the entire software library that you would usually find in a business. A small component - but by no means insignificant - when it comes to reducing risk to the organisation.
With a Microsoft 365 E5 subscription, Microsoft Defender ATP is included with Windows 10 E5. In principle, it is the same Windows Defender we are all familiar with on Windows 10, however, it’s the ATP that provides the management and intelligence behind it. When a device is enrolled into the Microsoft Defender ATP service, it is able to obtain anti-malware or anti-virus definitions directly from the cloud rather than a definition file. This doesn’t happen as a daily file download. Rather the anti-virus is pushed to the end point as soon as any new threats are detected on the landscape.
This is thanks to Microsoft’s Global Threat Intelligence Network, it looks at every end point using this solution and detects and collects new samples or threats. It then analyses them and identifies how the risk can be contained and how any damage caused can be reversed. That information is simulated across all subscribers, essentially forming a hive network and performing submission applications in the cloud.
This provides organisations with almost real-time threat detection. You always have the latest protection and can contain threats, so these don’t progress to becoming Ransomware, for example. As an integrated part of the Microsoft 365 E5 subscription entitlement, this not only saves the cost of third-party anti-malware solutions but offers a superior and intelligent level of protection that is hard to beat: a double benefit.
4. Gartner-leading CASB tool Microsoft Cloud Application Security for centralised cloud monitoring
CASB is a Cloud Access Security Broker - a software service provided as a result of the advent of the public cloud. Together they form an infrastructure-as-a-service offering, all the way into software-as-a-service and operating with all the ecosystem that surrounds that: online storage, repositories, chat features, or telephony services included.
It is a mechanism that hooks into all these applications and requests all of their logging information, transfering it to the CASB platform for data analysis and reporting purposes. For example, Dropbox natively integrates into our CASB service. Any time a user in your environment attempts to access Dropbox and log in with their credentials and link to Office Microsoft 365 to transfer data out, CASB automatically registers it. This gives us the option to either set up a mandatory ‘deny’ block, preventing the data from being moved, or we can allow the user to transfer data but just logged, so that we can track what data is being moved either in or out. That way if a very large file is suddenly moved out of Office 365 into Dropbox this will be flagged up and can be investigated.
This process allows businesses to know if data is being leaked out of the organisation or if someone has unintentionally compromised an account and is pulling data out. Essentially, it is an intelligent audit service which you can help you report further on so you can take follow up action such as enforcing security controls, refining policy or carrying out investigations on potential data loss. It provides a holistic approach, not only for Office 365 but for all of the affiliated services and apps that integrate into Office 365. This makes the impossible task of policing such a large ecosystem a whole lot easier.
5. Enjoy a multi-client Windows 10 virtual desktop
Microsoft have invested heavily in this service over the last couple of years and optimised it through their acquisition of FX Logic. Originally known as RDMI, or Remote Desktop Modern Infrastructure, it was designed for the modern workplace methodology that Microsoft and other big players are now actively supporting.
Essentially, it is an extension of a laptop in that it allows employees to work remotely whilst maintaining a consistent virtual desktop, providing an always-available cloud service hosted within Microsoft Azure or another cloud platform like AWS (hosting costs may apply). Using Windows 10 in the guise of single-user or a multi-user version, it incorporates all the features of Windows Server Remote Desktop Services, while allowing multiple users to log in at the same time. Now introduced into Windows 10, the virtual desktop creates a consistent desktop experience.
Potentially you also only need one or two desktops to host all of your users. In a single-user version you have one user per desktop and when hosted on the public cloud you incur a cost for keeping that machinery on. You’ll be charged per minute at a unit level meaning you are likely to be haemorrhaging cash. It’s a great technology for the modern workplace and organisations where employees are out and about and need freedom to access all their applications and files where ever they are. It also works well for locations that have poor connectivity or high latency.
There is no doubt that Microsoft 365 E5 is a feature-rich and sophisticated software. However, it is only when you get under the hood and start use it that you see the huge benefits it represents for organisations that are sensitive about their information security and who want to work more efficiently and effectively.
To find out more about how Lanware leverages these benefits for their financial services clients with their Finance Forward 365 solution, contact us.