The Benefits of Microsoft Business Premium

Microsoft Business Standard has been the go-to for Australian small and medium businesses for years. It provides a great range of standard features including, emails, file storage and sharing and the Microsoft office suite. These are standard features needed by all businesses to complete their day-to-day operations.  With the shift to cloud and becoming more and more popular, it is important to ensure your needs are still met by your Microsoft subscription.

Business Premium includes all the features of Business Standard; however, it expands this offering and bundles additional cybersecurity and management features. Below we will go through some of the main benefits we have seen for our clients by using Microsoft Business Premium.


Advanced Multifactor Authentication

With business premium you are also given an EntraID Plan 1 license. This allows for advanced MFA controls. It will allow your business to use some of the most secure MFA methods including FIDO2, Windows hello for business (Including Biometric), and Hardware based tokens. These hardware keys are the gold standard for security.

You also get the ability to restrict access or block less secure authentication methods, such as phone call, email and SMS. These are considered weaker forms of MFA and should be avoided if possible. The Microsoft Authenticator app is also considered a strong option, for those not wanting physical keys. The app uses a number matching system, where staff members need to enter the number presented onscreen into the authenticator app.

We can walk your team through the entire MFA setup process, ensuring they understand the role it plays in keeping the business secure.


Defender for 365

Microsoft defender for 365 Plan 1 is also included in Business Premium. This is one service that we would highly recommend. It further extends the capabilities of exchange online protection (EOP) with additional safeguards to protect your staff from threats.

  • Safe Attachments – This provides zero-day protection to safeguard your emails. Emails and attachments that do not have a virus/malware signature are sent to a sandbox environment before they reach your inbox; Machine learning and analysis techniques are then used to detect malicious emails and block them before reaching your staff.
  • Safe Links – Similar to safe attachments, safe links provides time-of-click verification of URL’s in your emails and office files. Each time a link is clicked it is scanned and verified before sending you to the destination. Malicious links are dynamically blocked.
  • Microsoft Defender for Office 365 protection for workloads (ex. SharePoint Online, Teams, OneDrive for Business) – This uses the safe attachment and safe link technology on data stored in OneDrive, teams and SharePoint. This allows malicious files to be blocked before they are opened by your staff and customers.
  • Anti-Spoofing in Defender for Office 365 – This detects attempts of user and domain impersonation. For example, you may receive an “important” email from your CEO asking you to do a task for them. When you look at the email you realise the name matches but the email is either a random address or an address that closely matches your real business address. Anti-spoofing will attempt to detect this deception and use machine learning models and advanced algorithms to stop phishing attacks.


Conditional Access Policies

EntraID plan 1 also includes Conditional Access Policies. These allow you to have more granular control over when, where and how your staff are asked to provide MFA. It allows you fine grain control including Dynamic triggers based on risk events, Authentication and authorisation policies, configurations based on location and device state and the ability to completely block individual users and services. These controls allow you to specifically customise when MFA is needed, you can also enforce an MFA policy that asks for MFA at every login attempt. Further, you can use trusted locations to limit access to specific countries if required.


Device Management

Microsoft Intune provides a broad range of device, app, and identity management capabilities. Intune offers a range of services that are very useful, especially if you are looking at moving away from an on-premise active directory and to a cloud identity service. Some of the benefits are:

  • Managing users and devices including BYOD and company owned devices. Intune supports almost any device including Android, IOS, macOS and windows. You can create policies to customise how these devices access your company resources.
  • Use Intune to deploy policies for devices and users. These can include security, compliance and conditional access. This helps secure your staff’s devices and reduce the threat surface. You can further limit access and lock down devices, to ensure limited users cannot perform privileged tasks.


Wrap Up

Microsoft Business premium offers a wide range of additional benefits to business who require a more advanced level of security, management, and compliance. While we have only touched on the start in this article, we can provide an in-depth review for your business. Of particular importance is defender for office 365 and the role it plays in reducing business email compromise.

As part of our Managed IT services, we partner with your business to understand your needs and recommend the Microsoft services that fit your business and staff. We will tailor your Microsoft 365 tenant with policies that work for your business requirements.

If your business is looking for a strategic IT partner to review and manage you IT and licenses, contact FordhamIT for a review of your IT and Security.