New security capabilities designed for SMEs allow IT admins to apply baseline security settings across an organization.
Microsoft is making it easier for IT admins to configure baseline security settings for Windows 10 business users.
The company has introduced a new, ‘streamlined’ setup experience that allows admins to apply security settings on an organization-wide scale via the Microsoft 365 Admin Center.
SEE: SMB IT stack decisions based on fulfilling business needs (TechRepublic Premium)
This includes activating Windows Defender Antivirus for all users, web filtering and protecting files and folders on PCs with BitLocker Drive Encryption.
The feature has been built “with small and medium-sized businesses in mind” and is available to customers using Microsoft 365 Business Premium.
“Applying security policies to the computers in your organization is a foundational security practice. It’s especially important now that more employees are using these devices away from the office,” said Microsoft.
“To make it easier for you to protect your organization’s devices, we’ve added a new setup experience to the Microsoft 365 admin center that allows you to establish a security baseline for all of the Windows 10 PCs in your organization in just a few clicks.”
The new capabilities began rolling out on August 26. Microsoft said it is expected to reach all eligible customers “within the next few months”.
For the security settings to be applicable, each end-user PC needs to be enrolled in
, Microsoft’s cloud-based mobile device management service.
SEE: TechRepublic Premium editorial calendar: IT policies, checklists, toolkits, and research for download (TechRepublic Premium)
Baseline security settings recommended by Microsoft are:
- Help protect PCs from viruses and other threats using Windows Defender Antivirus
- Help protect PCs from web-based threats
- Prevent network access to potentially malicious content on the internet
- Help protect files and folders on PCs from unauthorized access with BitLocker
- Turn off device screen when idle for an amount of time
Microsoft said the capabilities had been built based on data from Intune reflecting the most commonly applied policies, as well as feedback from SME IT partners and customers.
To access these new capabilities in the Microsoft 365 Admin Center, open Setup on the left menu. In the Sign-up and Security section, find Secure your Windows 10 computers, and hit the View button.
Full setup instructions can be found here.