Microsoft 365 Archives | Page 2 of 4

You’ve likely heard buzzwords like “cloud services” and “mobile device management” floating around, and perhaps “Microsoft Intune” has come up in conversations with your IT provider or tech-savvy colleagues. But what exactly is Intune, and why should you care about it? Let’s break it down in plain English, so you can understand how this tool might benefit your business – without needing a degree in computer science.

The Basics: What is Microsoft Intune?

Microsoft Intune is a cloud-based service that helps businesses manage their devices and applications. Think of it as a central control panel for all the phones, tablets, and computers your team uses for work. It’s part of Microsoft’s broader suite of business tools, integrating seamlessly with other Microsoft 365 products, and is rapidly becoming a core part of how many businesses manage their IT systems.

What Does Intune Do?

Intune’s capabilities can be broken down into three main categories: Device Management, App Management, and Security.

Device Management

Intune gives you control over how company devices such as laptops are used. With Intune, you can set password requirements to ensure all devices have strong, secure passwords. You can control which apps can be installed, preventing potentially harmful or unproductive apps from being used on work devices. Intune also allows you to configure device settings, setting up email, Wi-Fi, VPN, and other settings automatically. Perhaps most crucially, if a device is lost or stolen, you can remotely wipe data from it, protecting your company’s sensitive information.

App Management

When it comes to apps, Intune is your central command centre. You can push necessary apps to all devices, ensuring everyone has the tools they need to do their job effectively. Intune also allows you to control which apps can access company data, keeping your sensitive information safe. It can update apps automatically, keeping everyone on the latest, most secure versions. And when an employee leaves the company, Intune makes it easy to remove business apps and data from their device, protecting your intellectual property.

Security

Security is paramount, and Intune has you covered. Microsoft Intune is a robust solution for managing and securing your organisation’s devices and data. It ensures that all devices are up to date with the latest security patches and updates, reducing vulnerabilities. Intune also integrates seamlessly with Microsoft Defender and other security products, creating a comprehensive security ecosystem. By enforcing policies such as data encryption and remote wipe, Intune protects sensitive information even if a device is lost or stolen. Additionally, it links with Entra ID to manage multi-factor authentication and conditional access policies, preventing unauthorised access to company resources. With Intune, you can confidently safeguard your business data against a wide range of security threats.

Why Should You Care?

Now that we understand what Intune does, let’s talk about why it matters for your business.

Intune offers flexibility, working with both company-owned devices and personal devices in a Bring Your Own Device (BYOD) environment. This means you can secure your data whether your team is using company laptops or their own smartphones.

Simplicity is another key benefit. Instead of your IT team dealing with each device individually, they can manage everything from one place. This can save significant time and reduce headaches.

Security is a major advantage of Intune. It allows you to protect your business data without making life difficult for your team. Intune’s security features work in the background, allowing your team to focus on their work rather than wrestling with cumbersome security protocols.

Productivity gets a boost with Intune. By ensuring your team has the right tools and access, wherever they’re working from, Intune provides seamless access to business resources while maintaining control.

Finally, Intune can be cost-effective. By managing devices and apps centrally, you can often reduce your overall IT costs and simplify budgeting.

Is Intune Right for Your Business?

Intune can be particularly useful in several scenarios. If you have a mobile workforce that works from various locations or uses multiple devices, Intune can help keep everyone connected and secure. If you’re concerned about data security (and in this day and age, who isn’t?), Intune provides robust security features to protect your business data.

If you’re tired of hearing about individual device issues and want to simplify your IT management, Intune can streamline your processes. If you’re already using other Microsoft 365 products, Intune integrates seamlessly, creating a cohesive ecosystem. And if you’re supporting a bring-your-own-device (BYOD) environment, Intune allows you to secure company data on personal devices without infringing on employee privacy.

Real-World Example

Let’s consider a scenario to see how Intune works in practice:

Imagine you run a small marketing agency with 20 employees. Half of your team works in the office, while the others work remotely or at client sites. Some use company laptops, others use their personal devices.

With Intune, you can ensure all devices (company-owned and personal) that access business data have the necessary security measures in place. Your team can easily access the apps and data they need, whether they’re in the office or at a client site. If someone’s device is lost or stolen, your IT team can quickly remove business data from that device. When you onboard a new employee, they can automatically set up the device with all necessary apps and settings. And if an employee leaves, they can remove business apps and data from their device without touching their personal information.

Wrapping Up

Microsoft Intune is a powerful tool that can help streamline your IT management, enhance your security, and boost your team’s productivity. While it may seem complex at first, the benefits it brings to your business can be significant.

Remember, good IT shouldn’t give you headaches – it should solve them. Intune is just one of the many tools that can help make your business technology work for you, not against you.

At Grassroots IT, we’ve been helping businesses like yours leverage tools like Intune for nearly two decades. We understand that every business is unique, and we’re here to help you navigate the world of modern IT solutions. Whether you’re ready to implement Intune or just want to learn more, we’d be happy to chat about how it could work for your specific needs.

Technology should be an enabler for your business, not a barrier. Let’s work together to make sure your IT is helping your business thrive.

The Power of Integrated Lifecycle Management

Managing the lifecycle of users and devices is a critical aspect of IT operations. From the moment a new employee joins your organisation to the day they leave, and from when a device is first enrolled to when it’s retired, there are numerous considerations involved in maintaining a secure, efficient, and productive IT environment.

Two powerful tools in the Microsoft 365 suite can help streamline this process: Entra ID (formerly Azure AD) and Intune. In this post, we’ll explore how these services work together to provide a comprehensive lifecycle management solution for your users and devices.

User Creation and Onboarding

The journey begins when a new user joins your organisation. Entra ID facilitates this process through a series of steps:

Create the user account: Use the Azure portal to manually create the account, or leverage PowerShell scripts or HR system integration for automatic account creation

Assign licenses and access rights: Grant the necessary licenses (such as Microsoft 365 Business Premium) and provide access to required resources. For organisations with defined roles, Entra ID’s group-based licensing can streamline this process.

Enable multi-factor authentication (MFA): As a crucial security measure, add users to an MFA registration campaign to enforce MFA setup. Entra ID offers various options, including the Microsoft Authenticator app, SMS, or phone calls.

Configure conditional access policies: Set up policies to control resource access based on specific conditions. For new users, you might require a password change on first login or restrict access to certain apps until they’ve completed necessary training.

Provide necessary information to the user: Share login credentials, MFA setup instructions, and any other relevant information with the new user.

To streamline this process, consider creating a standardised onboarding workflow that automates as many of these steps as possible. This approach not only saves time but also ensures consistency in how new users are set up across your organisation.

Remember, user onboarding is more than just technical setup. It’s an opportunity to make a great first impression and set new team members up for success. Consider incorporating steps like sending a welcome email, scheduling an IT orientation session, or providing a digital welcome pack with key information about your organisation’s IT practices and policies.

Device Enrolment

Once a user account is set up, the next step is often to get them set up with a device such as a laptop. This is where Intune shines, offering a range of enrolment methods to suit different organisational needs and device types.

Company-Owned Devices

For company-owned devices, Intune allows you to pre-configure enrolment profiles. This proactive approach ensures that devices are compliant with your policies from the moment they’re turned on, saving time and reducing security risks.

BYOD Support

For organisations embracing Bring Your Own Device (BYOD) policies, Intune also supports personal device enrolment. In these scenarios, you can apply different policies that strike a balance between organisational security needs and user privacy.

Windows Autopilot

It’s worth mentioning Windows Autopilot as part of the same discussion as Intune and Entra ID. Windows Autopilot simplifies the device setup process, making new devices ready to use with minimal IT intervention. Here’s how it works:

Devices are pre-registered with your organisation (often by the hardware vendor).

When first turned on, the device automatically configures itself.

It joins your Azure AD, enrols in Intune, and applies your predefined settings and policies.

Autopilot is particularly useful for remote workers, as devices can be shipped directly to them, ready to use out of the box. This approach saves time for IT teams and ensures consistency across all devices.

Ongoing Management

Once users are set up and devices are enrolled, the focus shifts to ongoing management. This is where the true power of Intune and Entra ID’s integration becomes apparent, offering a comprehensive suite of tools for maintaining security, compliance, and efficiency.

Security Policies

Intune allows you to create and apply security policies to your devices. These policies can cover a wide range of security measures, including:

Device encryption requirements

Restrictions on certain device features

By applying these policies, you can ensure that all devices, whether company-owned or personal, meet your organisation’s security standards.

App Management

With Intune, you gain granular control over app deployment and management. You can:

Deploy both store apps and line-of-business apps to your devices

Manage app updates to ensure all devices are running the latest, most secure versions

Set up app protection policies to safeguard company data within applications

This level of control ensures that your users have access to the tools they need while maintaining security and compliance.

Compliance Monitoring

Intune continuously monitors devices for compliance with your policies. If a device falls out of compliance, you can configure automated actions, such as blocking access to company resources. This real-time monitoring and response capability helps maintain your security posture without constant manual oversight.

Access Management

As users’ roles change within your organisation, you can use Entra ID to adjust their access rights accordingly. This includes:

Modifying group memberships to grant or revoke access to specific resources

Updating license assignments as needed

Managing privileged access through Entra ID’s Privileged Identity Management feature

This dynamic access management ensures that users always have the right level of access for their current role, no more and no less.

Through the integrated use of Intune and Entra ID, ongoing management becomes a dynamic, responsive process. It allows you to maintain security and compliance while providing users with the tools and access they need to be productive. This balance of security and usability is key to a successful modern workplace strategy.

Embracing Comprehensive Lifecycle Management

The integration of Entra ID and Intune provides a powerful solution for managing the entire lifecycle of users and devices in your organisation. From streamlined user onboarding to simplified device enrolment, and from robust ongoing management to comprehensive security and compliance features, these tools offer a holistic approach to modern IT management.

By implementing this integrated lifecycle management approach, organisations can:

Enhance security posture through consistent policy application and advanced threat protection

Improve efficiency by automating many routine IT tasks

Ensure compliance with regulatory requirements through built-in features and detailed reporting

Provide a better user experience with seamless access to necessary resources

Adapt more quickly to changing business needs and evolving security threats

Particularly in a world where remote work is increasingly common, and security threats are ever-present, such a comprehensive approach to lifecycle management is no longer a luxury—it’s a necessity.

Whether you’re just starting your journey with Microsoft 365 or looking to optimise your existing setup, Grassroots IT is here to help. We can assess your current environment, design a tailored implementation strategy, and provide ongoing support to ensure your lifecycle management processes continue to meet your evolving needs.

The digital landscape has seen a fundamental shift in how businesses operate, with remote work becoming more than just a trend. While this flexibility brings numerous benefits, it also introduces new challenges in securing business data and maintaining a robust cybersecurity posture.

As your team members access sensitive information from various locations and devices, how can you ensure that your business data remains protected? Enter Microsoft Entra ID (formerly Azure AD) and Intune—two powerful tools that, when combined, provide a comprehensive solution for securing your remote workforce.

Understanding the Security Challenges of Remote Work

Before we dive into the solutions, let’s take a moment to understand the unique security challenges that come with remote work:

Increased attack surface: With devices operating outside the corporate network, not only are traditional security controls such as corporate firewalls rendered powerless, but there are also more potential entry points for cybercriminals. This can include unsecured Wi-Fi networks, personal devices, and even the use of public computers.

Data leakage risks: The use of personal devices for work purposes can lead to inadvertent data exposure. For example, a team member may unintentionally save sensitive company data on their personal cloud storage or accidentally share confidential information with unauthorised individuals.

Policy enforcement difficulties: Maintaining consistent security policies across a distributed workforce can be challenging. Traditional methods of enforcing policy, such as Active Directory, are unreliable at best with a remote workforce. This can lead to inconsistent security practices and increased vulnerability.

Shadow IT: Remote workers might resort to using unauthorised applications or services to get their work done, potentially exposing company data to unsecured platforms. This “shadow IT” can be difficult to detect and control in a remote environment.

Microsoft Entra ID: The Foundation of Identity Security

At the heart of securing your remote workforce is robust identity management. This is where Microsoft Entra ID shines.

Entra ID is a cloud-based identity and access management service that forms the backbone of security for Microsoft 365 and many other cloud applications. For securing and protecting remote workers, Entra ID offers several key benefits:

Single Sign-On (SSO): Allows users to access multiple applications with one set of credentials, improving both security and user experience. This reduces the likelihood of employees using weak or repeated passwords across multiple services.

Multi-Factor Authentication (MFA): Adds an extra layer of security by requiring two or more verification methods to access resources. This significantly reduces the risk of unauthorised access, even if passwords are compromised.

Conditional Access: Enables you to control access to your apps and data based on identity, device, and risk signals. For example, you can require additional authentication steps for access from unfamiliar locations or devices.

By implementing Entra ID, you create a strong foundation for securing your remote workforce’s identities and controlling access to your business resources. And the good news is, if you already have a Microsoft 365 subscription, you already have access to Entra ID.

Intune: Comprehensive Device Management for Remote Workers

While Entra ID secures identities, Microsoft Intune takes care of device and application management. Intune is a cloud-based service that focuses on mobile device management (MDM) and mobile application management (MAM).

Key features of Intune include:

Device enrolment: Easily enrol and manage devices across various platforms (Windows, iOS, Android). This allows you to maintain control over both company-owned and personal devices used for work, even allowing you to remote-wipe a device in the event it becomes lost.

Application management: Deploy and manage apps on remote devices, ensuring your team has the tools they need. This includes the ability to push required apps to devices and remove them when necessary.

Device compliance: Set rules, assess device compliance and deploy policies to protect company data. For instance, you can require devices to have up-to-date antivirus software and encrypted storage.

With Intune, you can ensure that all devices accessing your business data—whether company-owned or personal—meet your security standards.

Combining Entra ID and Intune for Robust Security

The real magic happens when you combine the powers of Entra ID and Intune. Together, they provide a comprehensive security solution for your remote workforce:

Conditional Access policies: Use Entra ID’s Conditional Access in conjunction with Intune’s device compliance to control resource access based on user, device, and risk factors. For example, you can require that devices be managed by Intune and compliant with your policies before allowing access to company resources.

App protection policies: Protect your data at the application level, preventing unauthorised sharing or saving of company information. This is particularly useful for BYOD scenarios where you need to separate personal and work data on the same device.

Automated enforcement: Ensure compliance requirements are met on remote devices without manual intervention. Non-compliant devices can be automatically blocked from accessing company resources until they meet the required standards.

Conclusion

Securing your remote workforce doesn’t have to be a headache. With Microsoft Entra ID and Intune, you have a powerful combination of tools at your disposal to protect your business data, manage devices, and ensure compliance—all while providing a seamless experience for your remote team.

By implementing these solutions, you’re not just reacting to the challenges of remote work; you’re proactively building a secure, flexible, and productive work environment for the future. You’re empowering your team to work from anywhere, without compromising on security.

Ready to take the next step in securing your remote workforce? At Grassroots IT, we’ve been helping businesses like yours navigate the complexities of IT security for almost 20 years. Get in touch today for a free consultation and let’s explore how we can empower your remote team while keeping your data safe.

Limited resources, diverse stakeholder needs, and the pressure to demonstrate impact – all contribute to the complexity of non-profit operations and emphasise the critical need for efficient workflows. Fortunately, Microsoft 365 offers a suite of powerful tools that can help streamline processes, enhance collaboration, and boost productivity. Let’s explore five key Microsoft 365 tools that can transform how your non-profit works.

1. Microsoft Planner: Streamline Task Management

Microsoft Planner is a user-friendly task management tool that can significantly improve your team’s productivity. In fact, here at Grassroots IT we use Planner on a daily basis to keep team meetings organised and track actions & accountabilities.

Here’s how it can benefit your non-profit:

Visual Task Boards: Create Kanban-style boards to visualize your projects and track progress at a glance.

Security Considerations: Running an unsupported operating system can expose your business to increased security risks, as Microsoft will no longer release security fixes and updates for issues that are discovered. Cybercriminals often target systems that no longer receive regular security updates.

Integration: Planner integrates seamlessly with other Microsoft 365 tools, making it easy to attach documents from SharePoint or OneDrive, or discuss tasks in Teams.

By using Planner, your non-profit can ensure that all team members are aligned on project goals, deadlines, and responsibilities, leading to more efficient project execution.

2. SharePoint: Centralise Document Management

SharePoint is a powerful platform for document management and collaboration. Not only that, but in preparation for AI tools such as Microsoft Copilot, SharePoint is the person place to store company information. For non-profits, it offers several key advantages:

Centralised Document Storage: Create a single source of truth for all your organisation’s documents, accessible from anywhere

Version Control: Track changes and maintain a history of document revisions, crucial for maintaining accuracy in reports and proposals

Intranet Capabilities: Build internal websites to share news, updates, and resources across your organisation

Granular Permissions: Control who can access, edit, or share specific documents or sites, ensuring data security

With SharePoint, your non-profit can improve information flow, reduce time spent searching for documents, and enhance collaboration across departments.

3. Microsoft Teams: Enhance Communication and Collaboration

Microsoft Teams is a hub for teamwork, bringing together chat, video meetings, file storage, and application integration. At Grassroots IT with a diverse team spread across five countries, we rely heavily on Teams to keep our people connected.

For non-profits, Teams can:

Facilitate Remote Work: Host virtual meetings, share screens, and collaborate in real-time, regardless of team members’ locations

Organise Conversations: Create channels for different projects or departments, keeping discussions focused and easily searchable

Integrate Apps: Bring other Microsoft 365 tools and third-party apps into your Teams workspace for a seamless experience?

External Collaboration: Invite volunteers, donors, or partners to specific teams or channels, fostering better stakeholder engagement

By leveraging Teams, your non-profit can break down communication silos and create a more connected, collaborative work environment.

4. Power Automate: Streamline Repetitive Tasks

Power Automate (formerly known as Flow) is a powerful tool for creating automated workflows. Here’s how it can benefit your non-profit:

Time-Saving Automation: Automate repetitive tasks like data entry, email notifications, or approval processes.

Cross-Application Workflows: Create flows that work across different Microsoft 365 apps and even third-party services.

Triggered Actions: Set up automated actions based on specific triggers, such as sending a thank-you email when a new form submission is received

Templates: Use pre-built templates to quickly implement common automation scenarios.

By automating routine tasks with Power Automate, your non-profit can free up valuable time for more strategic, mission-focused work.

5. Microsoft Forms: Streamline Data Collection and Surveys

Microsoft Forms is a simple yet powerful tool for creating surveys, quizzes, and polls. For non-profits, it offers several benefits:

Easy-to-Create Surveys: Build professional-looking forms and surveys without any technical expertise

Real-Time Analytics: Get instant insights with automatic charts that update as responses come in

Integration with Other Tools: Easily export data to Excel for deeper analysis or use Power Automate to trigger actions based on form responses

Accessible and Responsive: Forms work on any device, making it easy to collect data from volunteers, donors, or beneficiaries in the field

Multilingual Support: Create forms in multiple languages to reach diverse audiences

Microsoft Forms can help your non-profit gather valuable feedback, conduct needs assessments, or even manage event registrations with ease.

Final Thoughts

These five Microsoft 365 tools – Planner, SharePoint, Teams, Power Automate, and Forms – offer a powerful ecosystem to revolutionize your non-profit’s workflow. By leveraging these tools, you can enhance collaboration, streamline processes, and ultimately increase your organisation’s impact.

Remember, the key to success with these tools lies in thoughtful implementation and user adoption. Consider starting with one or two tools that address your most pressing needs, and gradually expand your use as your team becomes more comfortable with the new systems.

At Grassroots IT, we’re here to help you navigate the world of Microsoft 365 and find the best solutions for your non-profit’s unique needs. Reach out to us to learn more about how we can support your journey to a more efficient, tech-enabled workflow.

Microsoft 365 is the ideal platform to support and empower mission-driven nonprofit organisations, not least of all because Microsoft offers Microsoft 365 plans specifically designed for nonprofits. These plans are designed to provide the same high-quality technology and business tools that for-profit organisations use, but at a discount, making them accessible and affordable for nonprofits of all sizes.

Qualifying for Nonprofit Pricing

Needless to say, there are requirements that your organisation must meet in order to qualify for access to Microsoft nonprofit resources. In summary, your organisation must meet three eligibility criteria:

Your organisation must be a legally recognised nonprofit or NGO. Specifically in Australia, this means that:
1. Organisations must be deductible gift recipients (DGRs) endorsed by the Australian Taxation Office (ATO) or listed by name in the tax law.
2. Charities registered with the Australian Charities and Nonprofits Commission (ACNC); or
3. Income tax-exempt not-for-profit organisations as defined by the ATO.
Must operate on a not-for-profit basis and have a mission to benefit the local community.
Must be non-discriminatory.

There are also guidelines around which employees may use the licenses based on their employee status and role in the organisation. These guidelines draw a distinction between paid employees and volunteers and between Grants (free licenses) and discounted licenses.

You can read more about eligibility on the Microsoft website.

Microsoft 365 Nonprofit Pricing

Finding the right Microsoft 365 plan for your nonprofit can appear confusing due to the multiple options available. In practice, it’s quite straightforward, and here we aim to simplify the process and guide you towards making an informed decision that aligns with your specific needs both in terms of functionality and budget.

Price isn’t everything, but as consumers, we often consider price before any other factor. So, as a quick start, let’s look at this handy table below to see how Microsoft 365 for nonprofit plans compare with one another on price, before moving on to consider features and functionality.

Pricing

License	$AUD ex GST	Notes
Microsoft 365 Business Basic (Charity)	0	Free up to 300 users
Microsoft 365 Business Standard (Charity)	$4.73
Microsoft 365 Business Premium (Charity)	$8.61	Free up to 10 users
Microsoft 365 E3 (Charity)	$14.91
Microsoft 365 E5 (Charity)	$35.81
Prices are monthly, annual commitment, $AUD ex GST as at August 2025

Microsoft 365 Business vs Enterprise

When deciding which Microsoft 365 plan is right for your non-profit, the first decision to consider is whether to choose a Business plan or an Enterprise plan. Thankfully this can be an easy decision for most, given that the Microsoft 365 Business plans support a maximum of 300 users.

Put simply, if you are a non-profit with more than 300 users, have a strong digital focus, require cybersecurity features, and solutions for compliance and governance, then the Microsoft 365 Enterprise Plans such as E3 and E5 will be the best fit.

On the other hand, if you are a non-profit with less than 300 users and looking to utilise the Microsoft 365 suite of business applications and are security conscious, then the Microsoft 365 Business Plans are your best option.

As a general rule of thumb for most nonprofit organisations (under 300 users) we recommend Microsoft 365 Business Premium due to the included features, primarily around cybersecurity & data protection.

Case Study Example

Care-Full Services is a growing non-profit, currently with 43 staff, operating out of one office location with multiple staff working from home. Front-line staff are often required to visit clients and frequently work remotely.

Team members need access to Microsoft Office applications including Outlook and Word, both on their laptops and mobile phones, and cloud storage services such as SharePoint to access business documents.

Team communication and collaboration is a high priority for leadership, particularly given so many of the team work remotely, so tools such as Microsoft Teams and Viva are important.

Cybersecurity is also becoming an increasingly urgent concern for the organisation, particularly given the sensitive nature of the information that is stored about clients and benefactors.

Care-Full Services decides to move to the Microsoft 365 Business Premium plan to provide the organisation with the most appropriate features to support the growth of the organisation while meeting immediate cybersecurity and collaboration concerns. They did consider Microsoft 365 Standard and Basic, but decided that the advanced security features, and access to the full suite of Office applications was important.

With Microsoft 365’s scalable pricing, Care-Full Services can scale up and down as the organisation grows or takes on new projects. Flexible plans and service offerings mean they can use the Microsoft 365 products and services that they need now and explore additional features later.

Other Microsoft 365 Business Plans

Microsoft does have other plans such as the Microsoft 365 Frontline Worker plan that may be suitable for your non-profit in certain situations, however these plans do have an extremely limited set of features and are best applied only in specific situations. For this reason, we don’t go into detail on these plans here in this post, however, may include them in any detailed recommendations that we offer on a case-by-case basis.

Find the right Microsoft 365 Plan for your Nonprofit

Before you make any decisions on a Microsoft 365 plan, the best thing to do is to start with assessing your organisation, its current and future goals. Grassroots IT has extensive experience working with nonprofit organisations and can assist you with evaluating your readiness for the move to Microsoft 365 and which plan would best suit your organisation to ensure a smooth, easy and rewarding experience.

Detailed Plan Inclusions

Microsoft 365 Business Premium (Charity)

Price: AUD $8.20 + GST per user/month

Ideal for: Non-profits with less than 300 users that require the latest Microsoft 365 applications as well as cloud services, email hosting, Microsoft collaboration tools plus more advanced cybersecurity defence and device management features.

Features include:

Desktop and web versions of Outlook, Word, Excel, PowerPoint, and OneNote
PC only version of Access and Publisher
50gb email storage
Custom domain name
Access to Microsoft Exchange
Microsoft Teams – a chat-based collaboration hub that lets you host online meetings for up to 250 participants.
SharePoint – Share and collaborate on files and content with your own organisational intranet.
1TB of OneDrive cloud storage
Exchange Email Protection – protect organisation emails from spam, malware and known threats.
Microsoft Bookings – allows customers to easily schedule appointments
Advanced Threat Protection – Protect your organisation with Microsoft’s state of the art security defence against more sophisticated cyberattacks.
Manage and control access to corporate files and data remotely
Enforce malware protection policies to prevent future cyberbreach attacks
PC and mobile device management
Automatic Office 365 applications deployment to managed devices.

If you’re a non-profit that highly prioritises data security and cybersecurity, then a Microsoft 365 Business Premium Plan is your ideal option. You can get your always up-to-date Microsoft 365 essentials with cloud storage, integrated Microsoft business tools plus a highly advanced Microsoft defence system to give you peace of mind about the security of your data and resources. Have the ability to manage the devices that access your data and create policies to make sure that your business is protected against internal cyberattacks.

Microsoft 365 Business Standard (Charity)

Price: AUD $4.50 + GST per user/month

Ideal for: Non-profits with less than 300 users that require up-to-date versions of Office applications as well as cloud services, email hosting, and Microsoft collaboration tools, but do not need advanced cybersecurity protection or centralised device management.

Features include:

Desktop and web versions of Outlook, Word, Excel, PowerPoint, and OneNote
PC only version of Access and Publisher
50gb email storage
Custom email domain name
Access to Microsoft Exchange
Microsoft Teams – a chat-based collaboration hub that lets you host online meetings for up to 250 participants

SharePoint – Share and collaborate on files and content with your own organisational intranet
1TB of OneDrive cloud storage
Exchange Email Protection – protect organisation emails from spam, malware and known threats
Microsoft Bookings – allows customers to easily schedule appointments

The Microsoft 365 Business Standard Plan is perfect for your non-profit if you require the Microsoft Office 365 applications, as well as cloud storage and customised domain for your company email. This plan does not have the advanced security features of the Business Premium plan.

Microsoft 365 Business Basic (Charity)

Price: Free for up to 300 users.

Ideal for: Non-profits with less than 300 users that require web-only versions of Office applications as well as cloud services, email hosting, and Microsoft collaboration tools.

Features include:

Web versions of Outlook, Word, Excel, PowerPoint, and OneNote
50gb email storage
Custom email domain name
Access to Microsoft Exchange
Microsoft Teams – a chat-based collaboration hub that lets you host online meetings for up to 250 participants.
SharePoint – Share and collaborate on files and content with your own organisational intranet.
1TB of OneDrive cloud storage

The Microsoft 365 Business Basic Plan is perfect for your non-profit if you require only web-based access to Office apps and cloud services and have no particular concerns about cybersecurity. In some situations, Microsoft 365 Business Basic can be a good fit for frontline works who only require a bare minimum of access to corporate systems.

Microsoft 365 E3 (Charity)

Price: AUD $14.20 + GST per user/month

Ideal for: A digital-driven organisation with more than 300 users that requires the essential Office 365 business tools, more storage options plus more powerful functionalities and integration between apps to keep up with the growing needs of the business using the help of Microsoft 365 enterprise technologies.

Highlight Features included:

All features included in Microsoft 365 Business Premium Plan
Enterprise-class Microsoft 365 applications
Microsoft Teams – a chat-based collaboration hub that lets you host online meetings for up to 250 participants using the desktop or web applications
OneDrive for Business (Talk to us about storage options)
Windows Enterprise
Microsoft Intune
Microsoft Endpoint Configuration Manager
Windows Autopilot
Azure Active Directory Premium Plan 1
Microsoft Endpoint Configuration Manager
Microsoft 365 data loss prevention
Windows BitLocker
Microsoft Security and Compliance Center
Microsoft 365 Admin Center
Microsoft Advanced Threat Analytics
Advanced organisational productivity insights with MyAnalytics
Azure Information Protection P1

Having a Microsoft 365 E3 Plan in your non-profit means that your organisation has the right tools to move forward with a more collaborative approach. With fully integrated applications and administration tools in the bag, Microsoft 365 E3 enables you and your organisation to work more efficiently while maintaining the security of your corporate data.

test
1. test with number
2. test with number
3. test with number
test
test

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.

Tips on choosing the right Microsoft 365 plan for your business

Understanding Microsoft 365 pricing is crucial when navigating the various options and selecting the right plan for your business. In this blog post, we’ll help you cut through the confusion, simplify the choices and guide you to make the most informed decision based on your business needs!

Price isn’t everything, but as consumers we often consider price before any other factor. So let’s look at this handy table below to see how the Microsoft 365 for Business plans compare with one another:

Note: This article covers Microsoft 365 commercial pricing. If you are a nonprofit, click here to learn more about Microsoft 365 Nonprofit pricing.

^^Please note these costs are monthly, but based on an annual commitment, and do not include GST.

Now that you have an idea of the costs involved, let’s dive into the features that you get from each plan.

All business and enterprise plans of Microsoft 365 (previously Office 365) come with the Office applications that are vital for any business. However, the Business Plans cater for a maximum of 300 users. If your organisation has more than 300 users, an Enterprise Plan is what you should be looking for.

Here’s a breakdown of the main features included in each plan, starting off with the Microsoft 365 Business Plans:

Microsoft 365 Business Premium

Price: AUD $32.90 + GST per user/month

Ideal for: Businesses with less than 300 users that require up-to-date versions of Office applications as well as cloud services, email hosting, Microsoft collaboration tools plus more advanced cybersecurity defence and device management features.

Features include:

Desktop and web versions of Outlook, Word, Excel, Powerpoint, and OneNote
PC only version of Access and Publisher
50gb email storage
Custom domain name
Access to Microsoft Exchange
Microsoft Teams – a chat-based collaboration hub that lets you host online meetings for up to 250 participants
Sharepoint – Share and collaborate on files and content with your own organisational intranet
1TB of OneDrive cloud storage
Exchange Email Protection – protect organisation emails from spam, malware and known threats
Microsoft Bookings – allows customers to easily schedule appointments
Advanced Threat Protection – Protect your organisation with Microsoft’s state of the art security defence against more sophisticated cyberattacks.
Manage and control access to corporate files and data remotely
Enforce malware protection policies to prevent future cyberbreach attacks
PC and mobile device management
Automatic Office 365 applications deployment to managed devices

If you’re a business that highly prioritises data security and cyberbreach prevention then a Microsoft 365 Business Premium Plan has everything you need. You can get your always up-to-date Office 365 essentials with cloud storage, integrated Microsoft business tools plus a highly advanced Microsoft defence system to give you peace of mind about the security of your data and resources. Have the ability to manage the devices that access your data and create policies to make sure that your business is protected against internal cyberattacks.

Microsoft 365 Business Standard

Price: AUD $18.70 + GST per user/month

Ideal for: Businesses with less than 300 users that require up-to-date versions of Office applications as well as cloud services, email hosting, and Microsoft collaboration tools.

Features include:

Desktop and web versions of Outlook, Word, Excel, Powerpoint, and OneNote
PC only version of Access and Publisher
50gb email storage
Custom email domain name
Access to Microsoft Exchange
Microsoft Teams – a chat-based collaboration hub that lets you host online meetings for up to 250 participants
Sharepoint – Share and collaborate on files and content with your own organizational intranet
1TB of OneDrive cloud storage
Exchange Email Protection – protect organisation emails from spam, malware and known threats
Microsoft Bookings – allows customers to easily schedule appointments

The Microsoft 365 Business Standard Plan is perfect for your business if you require all the up-to-date Office 365 applications, as well as cloud storage and customised domain for your company email. This plan does not have the advanced security features of the Premium plan.

Alternatives to Office 365 for business

If you’re just looking to utilise the core functions of Office 365, which includes web and mobile versions (no desktop versions) of the Office 365 apps with 50gb mailbox allocation and 1 TB cloud storage in OneDrive, an alternative option is the Microsoft 365 Business Basics plan. This is best suited for frontline workers who aren’t sitting at a desk and therefore don’t have need for desktop versions of the Office 365 apps. It includes the productivity apps (Word, Excel, Powerpoint) as well as the collaboration apps (Teams, Sharepoint, OneDrive, Exchange).

Last on the list of the Microsoft 365 Business plans is the Microsoft 365 Apps plan which can provide for your basic Office application needs (desktop, web and mobile versions of Word, Excel, Powerpoint and Outlook) with OneDrive storage access to let you keep your files in the cloud. Basically, it’s a basic apps-only plan. On this plan, there is no shared email (via Exchange) or collaboration features (like Teams or Sharepoint).

Now that the Business Plans are covered, let’s move on to the Microsoft 365 Enterprise Plans. If what you need is a more robust solution for your growing organisation, these Enterprise plans offer a wider spectrum of functionalities and a higher user limit that you won’t find in the Microsoft 365 Business Plans.

Microsoft 365 E3

Price: Contact Us for Pricing

Highlight Features included:

All features included in Microsoft 365 Business Premium Plan
Enterprise-class Microsoft 365 applications
Microsoft Teams – a chat-based collaboration hub that lets you host online meetings for up to 250 participants using the desktop or web applications
OneDrive for Business (Talk to us about storage options)
Windows Enterprise
Microsoft Intune
Microsoft Endpoint Configuration Manager
Windows Autopilot
Azure Active Directory Premium Plan 1
Microsoft Endpoint Configuration Manager
Microsoft 365 data loss prevention
Windows BitLocker
Microsoft Security and Compliance Center
Microsot 365 Admin Center
Microsoft Advanced Threat Analytics
Advanced organisational productivity insights with MyAnalytics
Azure Information Protection P1

Having a Microsoft 365 E3 Plan in your business means that your organisation has the right tools to move forward with a more collaborative approach. With fully integrated applications and administration tools in the bag, Microsoft 365 E3 enables you and your organisation to work more efficiently while maintaining the security of your corporate data.

How do I decide whether to buy a Business Plan or an Enterprise Plan?

Put simply, if you’re a business with 300 or less users and looking for solutions to start your move to the cloud and migrate data, utilise the Office 365 suite of business applications and are security conscious, then one of the Microsoft 365 Business Plans is your best option.

If you’re an organisation with more than 300 users, that has a strong digital focus, requires cybersecurity features, as well as solutions for compliance and governance, then the Microsoft 365 Enterprise Plans may prove a more effective solution for you.

Case example:

Acme Engineering is a growing business, currently with 57 staff, operating out of two office locations. Engineering staff are often required to travel and work from remote locations.

Team members need access to Office application, both on desktop and mobile versions, and cloud storage services.

They are also working towards promoting a more positive collaboration culture and are interested in using the features available in Teams, such as video calls, file sharing and project collaboration.

Some of the staff are bringing their own devices to do their job and cybersecurity is a priority for the business, therefore they require advanced cybersecurity defences and device management options.

Acme Engineering decides to move to Microsoft 365 Business Premium plan which can provide the business with the appropriate features to support the growth of the organisation.

One important thing to mention is that Microsoft plans are both flexible and scalable. With scalable pricing, you can scale up and down as your business grows or you take on projects. Flexible plans and service offerings mean you can use Microsoft 365 products and services that you need now and explore additional features later. You can even mix and match to suit different staff requirements.

Find the right Office 365 plan for your business

Before you make any decisions on a Microsoft 365 plan, the best thing to do is to start with assessing your organisation, its current and future goals. Seek the help of an expert to assist you with evaluating your readiness for the move to Microsoft 365 and which plan would best suit your organisation to ensure a smooth, easy and rewarding transition.

If you’d like more information, get in touch with the Grassroots IT team on 1300 554 138 or contact us online.

Updated 21 April 2026 with new licensing details.

Getting Your Business Ready for Microsoft Copilot

Most of the conversations we have with Brisbane business owners about Microsoft Copilot start the same way. They’ve heard the pitch. They know AI is changing how businesses work. They want to know if it’s worth the investment.

That’s the wrong question to start with.

The better question is whether your business is set up to get value from Copilot once you turn it on. Because Copilot doesn’t transform a chaotic Microsoft 365 environment into an organised one — it operates within whatever environment you give it. Get the foundations right, and Copilot can be a genuine productivity accelerator. Skip them, and you’ll find it underwhelming, or worse, create new problems you didn’t have before.

After two decades working with Brisbane SMEs on their Microsoft environments, here’s what we know actually needs to be in place.

Your data needs to be in the right place

Copilot draws on the information it can access within your Microsoft 365 environment — your SharePoint files, emails, Teams conversations, and documents. This is what makes it more powerful than generic AI tools like ChatGPT: it can work with your actual business information, not just publicly available knowledge.

But that’s also what makes preparation critical. If your business information is scattered across local drives, email attachments, and shared folders with no clear structure, Copilot will reflect that back to you. It might surface a document from 2018 that nobody’s looked at since. It might pull context from the wrong project. It will make the state of your information visible in ways that can be uncomfortable.

What does ‘ready’ look like? Your critical business information — the documents, processes, and data your team actually relies on — should be stored in SharePoint or OneDrive, named consistently, and reasonably current. Not every file needs to be perfect. But your sources of truth for key business functions should be findable, up to date, and in cloud storage that Copilot can access.

A practical test: if someone new joined your team today, could they locate the information they need within your digital environment? If the honest answer is ‘not really’, that’s where to start.

Your permissions need to be deliberate

Here’s something most businesses don’t realise until they start thinking about AI deployment: Copilot respects the same access controls as your staff. If a user has access to a file, Copilot can surface it for them. If they don’t, it can’t.

This is by design, and it’s good for security. But it also means that whatever your permission structure looks like today, Copilot will inherit it — including any problems.

We regularly see two failure modes. The first is overly permissive environments, where broad access means Copilot can surface sensitive information to staff who shouldn’t see it. The second is overly restrictive environments, where Copilot is barely useful because users can’t access the information they legitimately need.

Before deploying Copilot, it’s worth a review of who can access what, and whether that reflects how your business actually operates. This isn’t just a Copilot consideration — it’s good information governance that should be in place regardless. But Copilot makes the stakes higher.

Your Microsoft 365 environment needs to be in reasonable shape

Copilot sits on top of your existing Microsoft 365 setup. It requires current M365 apps — Word, Outlook, Teams — to be properly deployed and in active use. It requires multi-factor authentication to be enabled. It requires your environment to be configured consistently, not patched together over years of ad hoc decisions.

We see a lot of environments at Grassroots IT that have drifted over time. Licences that don’t match the user count. Security settings that were configured years ago and never revisited. Apps deployed but never properly adopted. None of these are blocking issues in day-to-day operations, but they become visible when you try to layer something like Copilot on top.

The good news is that a basic M365 health check can identify the gaps quickly. Most are straightforward to address. And fixing them makes your environment better in ways that go beyond Copilot.

Your team needs time to actually learn it

This is the one organisations most often underestimate. Rolling out Copilot and expecting staff to figure it out on top of their existing workload rarely produces meaningful results. It produces a tool that people try a few times, don’t find impressive, and quietly stop using.

The businesses we see getting the most from Copilot are doing a few things differently. They’re giving staff dedicated time to experiment — not months, but enough breathing room to genuinely try things. They’re setting realistic expectations upfront: Copilot is a productivity aid, not a replacement for thinking. And they’re creating space for people to share what’s working and what isn’t, so the whole team benefits from individual discoveries.

The prompting skills that make Copilot genuinely useful aren’t difficult to learn, but they do take practice. Treat the rollout like any other tool adoption, not a software switch.

What does the licence actually look like?

Microsoft 365 Copilot is a paid add-on licence that sits on top of your existing Microsoft 365 subscription. It currently costs from AU$26.91 per user per month (excluding GST) and requires a qualifying underlying plan — Business Standard, Business Premium, E3, or E5.

You don’t need to licence every user immediately. Most businesses start with a pilot group — team members who are likely to get the most from it and can help others learn — and expand from there once they’ve seen how it works in practice.

It’s also worth noting that Microsoft has announced pricing changes for Microsoft 365 business plans taking effect from 1 July 2026, which will affect underlying subscription costs. If you’re planning a Copilot deployment, factor that into your timing.

The right approach for Brisbane SMEs

The businesses we work with that see the best results from Copilot aren’t necessarily the ones with the largest budgets or the most mature IT environments. They’re the ones who took the time to get the foundations right before switching it on.

That means data in the right place, permissions that make sense, an M365 environment that’s configured properly, and a team with realistic expectations and enough time to learn. None of that is complicated. But it’s the work that determines whether Copilot delivers or disappoints.

If you’re considering a Copilot deployment and want to understand where your environment stands, a readiness assessment is a good starting point. It identifies what’s in good shape, what needs attention, and what a practical rollout would look like for your business specifically.

Grassroots IT is a Brisbane-based managed IT services provider specialising in Microsoft solutions for SMEs. If you’d like to talk about Microsoft Copilot readiness, contact us at grassrootsit.com.au/microsoft-copilot/

The question of whether you should be backing up your Microsoft Office 365 data will often illicit passionate arguments from both sides. On one hand, you have those who argue that Microsoft 365 already has built-in backup and disaster recovery features, making an additional backup unnecessary. On the other hand, you have those who swear by Office 365 backups as a necessary precaution against potential data loss.

But what is the truth? Is backing up your Microsoft 365 data necessary or is it all just a conspiracy by software vendors to sell you more products. The answer to that will ultimately depend on what purpose you see Microsoft 365 backups serving.

The fact is that the Microsoft 365 platform is built from the ground up with resilience and data-integrity in mind, so many of the traditional reasons for backups, such as protecting against data corruption or system failure, are simply no longer of concern.

In addition to that, Microsoft 365 has various features to protect against other forms of data loss, such as accidental deletions and malicious attacks (assuming of course that you have appropriate licensing). So why bother with a backup then?

In our years of experience at Grassroots IT supporting clients with Microsoft 365, there are still several scenarios where the native data recovery capabilities can fall short, and third-party Microsoft 365 backups will shine.

When you need to minimise Microsoft 365 licensing costs

For those clients looking to actively minimise their licensing costs by choosing a lower-end plan, third-party backup solutions can provide functionality that might otherwise be missing, such as the Litigation Hold feature found in the more complete plans. Litigation hold is an invaluable tool for eDiscovery and compliance purposes, essentially allowing you to indefinitely keep any emails or documents. In lower-end plans without this feature, deleted data will ultimately become unrecoverable after a set retention period, unless you have third-party Microsoft Office 365 backups in place.

Another related scenario that we often face with cost-conscious clients is what to do with staff members’ Microsoft 365 data when they leave the organisation. To keep their profile fully active would require a paid license, while to archive their mailbox into a free shared mailbox would only retain their mailbox, and not data stored elsewhere, such as in OneDrive. With a third-party backup solution in place, the ex-staff member’s account can be fully deleted, safe in the knowledge that all their Microsoft 365 data has been retained within the backups.

When you need a point-in-time snapshot of your data

While the native Microsoft 365 backups do retain previous versions of your files to allow recovery from unwanted deletions, they can only go back so far, and don’t always allow you to restore from a particular point in time very easily. External backups on the other hand, provide you with the flexibility to restore from any point in time that has been captured within your backup schedule.

When you have compliance obligations to meet

For organisations subject to strict compliance regulations, such as those in healthcare or finance industries, having an additional layer of control over your Microsoft 365 data is non-negotiable. Microsoft 365 backups are also important for organisations looking to improve their cybersecurity posture by aligning with one of the major frameworks, such as the Essential Eight.

When data is intentionally deleted

It’s a scenario we all hope to never encounter, but the reality is that data can be intentionally deleted by disgruntled employees or external attackers. While Microsoft 365 does have a feature to recover recently deleted items, this only works if the data is still within the retention period and hasn’t been permanently deleted. Third-party backups are an essential safeguard against these types of malicious actions, ensuring that your organisation’s critical data remains safe and accessible.

When quick & complete data recovery is a priority

As capable as the native data recovery features of Microsoft 365 are, they don’t always make it easy to rapidly restore the data that you need, nor to recover the full structure of data, such as email folder structure or SharePoint document libraries. With third-party backups, you have the peace of mind that you can quickly and easily restore large quantities of data without any hassle.

Conclusion

Ultimately the decision is yours – are Microsoft 365 backups a necessity or overkill? From our perspective we see the addition of a third-party backup solution to your Microsoft 365 tenant as a wise investment. In some cases, it can provide the belt to Microsoft 365’s braces, while in other cases, without external backups, you may truly be sod-out-of-luck.

If you would like to talk about backing up your Microsoft Office 365 data, contact us today.

As businesses increasingly migrate to digital platforms, cybersecurity has become a non-negotiable priority. Microsoft 365 leads the way in providing robust security solutions and offers an abundance of features designed to safeguard your business data and systems – but how do you navigate the plethora of options available to ensure that you’re choosing the best security measures for your specific needs without feeling overwhelmed? Enter Microsoft Secure Score.

Just as the name suggests, Microsoft Secure Score is a built-in tool that not only scores your security posture but also recommends actions for improvement. With Secure Score, enhancing your cybersecurity is no longer a daunting task but a series of quick, actionable wins that will strengthen your defence line further against potential threats.

What is Microsoft Secure Score?

Secure Score is a free tool that comes with Microsoft 365 that analyses your organization’s security stance based on your unique use of Microsoft 365 services. It provides a numerical score, along with a detailed breakdown, of how well you are implementing the recommended security controls. Quite simply, the higher your Secure Score, the lower your risk level.

Secure Score monitors Identity, Apps, Data, and Devices in Microsoft 365, helping you to report on the current state of your security posture, suggest improvements by providing guidance, visibility and control, and compare yourself against similar sized organisations.

Importantly, it does not simply focus on one specific area of security in your Office 365 environment. Instead, it looks at all products available under your current licensing and providing recommended actions across multiple areas. Recommendations are presented in an easy-to-understand dashboard, grouped by product, and sorted by the impact the recommended change will have on improving the security of your Microsoft 365 environment. This approach makes it easy to focus your efforts in the right area and avoid spending unnecessary time on actions that won’t move the needle as much.

Key features of Secure Score

Key features of include:

Security Recommendations

Secure Score provides actionable security recommendations tailored to an organization’s specific environment. These recommendations cover areas like identity and access management, data protection, threat detection, and more.

Point-Based Scoring

Each recommended security improvement comes with a point value. By implementing the recommendations, your organization can earn points and increase your Score.

Comparison and Benchmarking

Secure Score allows you to compare your security posture with industry benchmarks and similar organizations. This feature provides valuable insights into how well you are performing relative to your peers.

Threat Intelligence Integration

The tool integrates with Microsoft Threat Protection, offering real-time threat intelligence and helping you stay ahead of emerging threats.

Historical Tracking

The system maintains a historical record of progress, enabling you to visualize your security journey and measure improvements over time.

Why use Microsoft Secure Score?

Microsoft Secure Score provides high impact recommendations to improve your cybersecurity posture, usually requiring little or no additional expense. Rather than requiring new and additional security services, Secure Score simply helps you to make the most of the features that you already have access to within the Microsoft 365 platform.

Importantly, Secure Score may help you reduce your cyber-insurance premiums. With cyber-insurance becoming a vital piece of any cybersecurity strategy, many insurers are now recognising the value of Microsoft Secure Score and factoring it in when calculating insurance premiums. Improve your Secure Score and you can potentially reduce your cyber-insurance premiums.

Not only that, but if your organisation aligns with one of the recognised cybersecurity frameworks, such as the Essential Eight, improving your Secure Score can also positively impact your alignment with your chosen framework.

Using Microsoft Secure Score

You can find your Secure Score in the Microsoft Defender Portal. Navigating the portal is quite intuitive, allowing you to focus on the insights and recommendations provided. Importantly, each recommended action also provides details on how the action will impact your security standing, along with any potential user impact.

Recommendations may range from reviewing an existing policy to implementing changes that may have a significant impact on users completing everyday tasks. As with all such changes, it’s important that you carefully assess the recommendation and consider the potential impact on operations.

Reporting and Tracking with Secure Score

When embarking on a process of change, it’s important to measure and demonstrate progress over time. Thankfully the Secure Score portal provides a historical view of your organisations score over the last 90 days, showing a trend line that makes sudden changes easily visible. A list of recommended actions is also shown, showing when there was a change to each action, if points were gained or lost and allowing you to understand sudden changes in score.

The Secure Score dashboard shows different metrics and trends, where an action may have regressed, recent decreases, points achieved, along with a comparison against similar sized organisations. Metrics and trends can be shown over 7, 30, & 90 days or using a custom date range and can be filtered based on the 4 main categories Secure Score applies against.

Safely Implementing Changes (without the drama)

Unfortunately, there are too many stories of (easily avoided) problems being created when security changes are made without proper consideration. One story that we’ve heard too many times is when an over-enthusiastic sysadmin has enabled multi-factor authentication or conditional access policies within Microsoft 365 without properly preparing the organisation – thus effectively locking many, if not all, staff out of the system. Problems like this are easily avoided though, with appropriate forethought and planning.

For many clients we find that an effective approach is to develop a roadmap of changes based on the Secure Score recommendations, and then progressively work through these changes over a period of weeks, reviewing improvements in their Secure Score as they go. Some changes may be quick and easy to implement, while others may require more careful management, such as technical change control and user training. By approaching this as a progressive roadmap of smaller actions you can ensure ongoing improvement while managing the risk of disruption.

How we improved both user experience and security with secure score

Grassroots IT recently helped a mid-sized non-profit organisation that was struggling with their systems. They reported inconsistent user experience across their Tenant, no defined settings for users when accessing systems and their users didn’t trust that they could easily access Office 365. When a review was conducted of the organisation’s Secure Score, it was immediately apparent that there were problems with both Identity and Apps within their tenant.

Utilising the recommended actions in Secure Score, Grassroots IT was able to implement multiple changes to their environment that made the user experience easier while also improving their overall security posture. Some of these changes included simplifying the user login process, enabling self-serve password recovery and using a single authentication service for apps. At the same time, multifactor authentication was enabled for all users, and appropriate policies were implemented to protect users from malicious content and emails, significantly improving their Secure Score and security posture.

Additional Resources

Microsoft Secure Score is a powerful tool for improving the security of your Microsoft 365 environment. To learn more, speak to us today, or explore some of these additional resources.

Microsoft Office 365 is built from the ground up to be a highly secure platform, but that doesn’t necessarily mean that your own Office 365 environment is configured securely. There are numerous different ways that organisations can use Office 365, and just as many ways that it can be configured.

Ultimately the responsibility for securing your Office 365 environment, and the information and data stored in there, rests with you. Microsoft provides the platform and the means, but it’s up to you to consider your unique situation and ensure that appropriate security measures are taken.

So how do you know if your Office 365 environment is secure? Every organisation is different, and with so many ways of using and securing Office 365 there is no one-size-fits-all solution. The good news is that there are some well-established best-practices that can significantly strengthen the security of your environment.

Here are five critical questions that you need to ask about your Office 365 security to ensure that you’re properly protected.

#1. What Microsoft Office 365 plan do we use?

Let me start by saying that Microsoft has a frustrating habit of changing product names and bundles regularly, which can lead to some confusion. So, for the sake of clarity, let me share a bit of history with you.

First there were the Office 365 plans, offering a suite of products such as Word, Excel, Email and Teams. Then Microsoft added a whole new line of plans called Microsoft 365, which included all the things from Office 365, plus added a whole lot more, mainly to do with security and governance. Then more recently the Office 365 name has been retired entirely, leaving only Microsoft 365 plans to choose from. If you were using Office 365 plans before these changes happened, you will still be on those same Office 365 plans now.

It’s important to understand which Microsoft Office 365 plan you subscribe to, because not all of them have access to the better security features. For most organisations, we recommend that you subscribe to the Microsoft 365 Business Premium plan, or for some larger organisations, the enterprise level Microsoft 365 E3 or Microsoft 365 E5 plans. The important services that are included in these plans (but not the lower plans) are Azure Information Protection and Intune, both of which bring a range of security and data governance capabilities to your environment.

Recommendation

Review all your Microsoft Office 365 subscriptions and consider upgrading any that are not Microsoft 365 Business Premium, E3 or E5 so that you can take advantage of the better security and governance capabilities.

#2. What’s our Microsoft Secure Score?

Microsoft Secure Score is a rating of your organisation’s Microsoft 365 security posture, compiled from a range of configurations, metrics and various other data points, depending on what Microsoft 365 plan you subscribe to, and what services you use. The higher the number, the more secure you are.

In addition to a numeric score, the Secure Score dashboard will also provide actionable insights and prioritized recommendations tailored to your unique needs. By following these recommendations, you can progressively improve your Secure Score and strengthen the security posture of your Microsoft 365 environment to provide better protection for your confidential data.

Recommendation

Review your Secure Score and progressively implement the recommendations to improve your score.

#3. Is Multi-factor Authentication enabled on all our Microsoft 365 accounts?

Multi-factor authentication (MFA) is an authentication method that requires a user to provide two or more verification factors to prove their identity and gain access to your Microsoft 365 environment, most often a password plus a unique code provided by a separate app.

Despite being one of the most effective cybersecurity measures you can implement in your Microsoft 365 environment, MFA is not always enabled by default or enforced across all accounts. The important point to remember is that your security is only as strong as the weakest link, so for MFA to be most effective it must be enforced on all accounts in your Microsoft 365 environment, not only some of them.

Recommendation

Review all accounts in your Microsoft 365 environment and enable MFA where necessary. Configure Microsoft 365 to enforce MFA on all accounts by default.

#4. Are we using dedicated Microsoft 365 admin user accounts?

Every Microsoft 365 environment has one or more “admin” user accounts. These accounts possess elevated privileges that allow them to perform sensitive tasks such as changing system settings and accessing data anywhere across the environment. These admin privileges can be seen as the “keys to the kingdom”, and if allowed to fall into the wrong hands can be exploited to cause significant damage.

User accounts used for everyday tasks such as checking email and editing work documents should never be granted such elevated admin privileges, so as to reduce any potential harm should the account be compromised. Instead, dedicated “admin” accounts should only ever be used for duties requiring elevated security privileges.

Not only does this approach reduce the risk of accidental changes or security breaches, but it also makes it easier to monitor and audit their activities, improving accountability and traceability of any suspicious actions taken within your Microsoft 365 environment.

Recommendation

Review all user accounts in your Microsoft 365 environment for elevated admin privileges and remove such privileges in favor of dedicated admin accounts.

#5. How are we monitoring for suspicious activity within Microsoft 365?

Even with a well secured Microsoft 365 environment, ongoing monitoring and alerting of unusual activity is important for the prevention of a full-blown security incident. Monitoring can help identify a range of suspicious activities, such as multiple failed login attempts, unusual data access or transfers, and changes in user permissions. These could be signs of a brute force attack, data breach, or insider threat.

Moreover, monitoring isn’t just about detection, it’s also about response. When you spot suspicious activity, you can quickly investigate, take corrective action, and learn from the incident to strengthen your defenses.

Recommendation

Ensure monitoring is configured within your Microsoft 365 environment, and alerts are sent to the most appropriate person to take action as required.

Microsoft 365 is a highly secure platform, but that doesn’t mean that your organisation’s Microsoft 365 environment is secure by default. Microsoft provides the means, but ultimately, it’s up to you to ensure that your environment is secured appropriately, and that starts with asking the right questions.

If you have questions about your Microsoft 365 security, Grassroots IT can help. Speak with us today.