Forum Discussion
Daelos
Jan 05, 2023Copper Contributor
Need some resources to help me with very SMB type questions about Conditional Access.
Helping a company that has just upgraded some of it's core users from Business Standard to Business Premium. Half of the team are part timers that are on Business Basic licenses. I'm a Defender for M...
NickNieuwenhuis
Jan 06, 2023Copper Contributor
Hi Daelos,
It's worth looking into Microsoft Defender for Business, which is basically enterprise-security for SMB (up to 300 seats). Furthermore you can do the following:
A: turn off services you don't want your users to use, you can do this from the m365 admin portal. E.g. turn off power automate and only use Teams & Exchange (be aware that Teams uses other services that might need to be enabled for it to function as expected)
B: I think you should only look at how the device is managed (unmanaged/managed) and use Intune to create specific protection policies for registered devices
C: Auto detect in Azure AD, see below response
😧 You can use (hybrid) azure ad join as a condition to grant access to one or several apps for specific users (might use group-based licensing to seperate business standard and premium users)
This might be a useful resource as well: https://www.bing.com/search?q=register+vs+join+azure+ad&cvid=b39ab099ef8e453983c4700a9e78f2d6&aqs=edge.0.0j69i57j0l7j69i11004.2456j0j1&pglt=163&FORM=ANNAB1&PC=U531
Cheers,
Nick
It's worth looking into Microsoft Defender for Business, which is basically enterprise-security for SMB (up to 300 seats). Furthermore you can do the following:
A: turn off services you don't want your users to use, you can do this from the m365 admin portal. E.g. turn off power automate and only use Teams & Exchange (be aware that Teams uses other services that might need to be enabled for it to function as expected)
B: I think you should only look at how the device is managed (unmanaged/managed) and use Intune to create specific protection policies for registered devices
C: Auto detect in Azure AD, see below response
😧 You can use (hybrid) azure ad join as a condition to grant access to one or several apps for specific users (might use group-based licensing to seperate business standard and premium users)
This might be a useful resource as well: https://www.bing.com/search?q=register+vs+join+azure+ad&cvid=b39ab099ef8e453983c4700a9e78f2d6&aqs=edge.0.0j69i57j0l7j69i11004.2456j0j1&pglt=163&FORM=ANNAB1&PC=U531
Cheers,
Nick