Microsoft 365 Business Premium Is The Best Choice For Your Business!

welcome back to another episode of cappuccino chat this time we're talking about why Microsoft business premium is the best subscription level you should be on for your business all right so this time we're talking about Microsoft Office subscription levels and one of the questions I often get asked uh when comparing and after making my recommendations of why they should be going with business premium Now is just the differences between the subscription they're on now and what you get with business premium years ago I used to recommend just standard it it saved money it got you the office suite word excel Outlook all that good stuff installed on your computers allow mobile access all that good stuff was there but they didn't really roll in a whole lot of security so we had a layer on other solutions from other partners of ours which sometimes do a better job sometimes the same job so on and so forth there's still certain things that Microsoft doesn't offer easily uh to ensure protection one of them being uh backing up your office suite of tools now in the business premium you get a lot of additional security functions and this is one of the things I really want to bring home with this video is letting you know why you should upgrade to business premium even though you might seem like that's not a good reason to spend that extra money because it is about $10 more per user per per month over the normal standard license but the protections it gives you is more than worth it so let me explain you get some additional anti- fishing uh protections or actually you get the anti-fishing protections that you don't get in um standard editions and the lower editions uh you get some additional spam protections and rules we can create and things like that but the big one is something called conditional access now this is where we can enable MFA which is your multiactor authentication which is the code that you give on your cell phone you get a text those kinds of things they plus they're also really pushing you to use that Microsoft authenticator app now one of the biggest push backs I always get is users being bothered by having to enter that code Andor having to set up the authenticator app on devices so that they can authenticate to their email so with this uncond with this um condition access rules the best feature that it offers is our ability to say anything at your company behind your corporate firewall that we have set up is trusted in other words you don't need to prompt for the TFA MFA code this means we don't have to set it up for all employees just employees that need to have access to their Corporate email outside of the business so from home on mobile devices checking in from laptops those types of things so it greatly reduces the number of users we have to deal with now it also again enforces MFA across the entire um tenant the entire domain that you have set up your email domain which means as users come on and come off uh we nobody has to remembered oh did we set up tofa did they do it right is it set up it's automatically set up whether they ever get prompted for it or not it's being enforced so again this means brand new user comes in they have a weak password for whatever reason password gets cor um compromised uh maybe they don't have a weak password but they were fished and convinced to give up their password somebody tries logging in from um grandma's basement that they shouldn't be there or a foreign country or whatever the case might be they will get prompted for that TFA code even though the user at your office was never prompted because they're not at your office uh some of the other things we can do is we can block foreign country login so uh primarily most businesses Only log in from the United States and we can say anything outside the United States don't even allow them to log in so even if the password was compromised in some way shape or form they would try to log in they would be denied because they're coming in from a foreign country so it wouldn't even get to that MFA stage um but we can't do that without the conditional access piece which is added to that premium license um we um cannot allow MFA registration so that initial setup of MFA again we can allow that to only happen at your company office so we had a um client who was using the free built-in MFA that you have to manually configure and set up for Office 365 and they were fished and convinced to give away their MFA token so they said yes allow typed it in and the threat actor was able to get into their account what that threat actor immediately did because they saw that MFA was set up was set up their own MFA method so they set up a secondary method by which they can provide that MFA code so now when they would go to log out and log back in later they they had their cell phone and they could type in the app password uh and MFA code and get logged right into the the user account so we can block those types of things these threat actors nowadays are getting very very good at what they do in convincing users to give up their username password and even their MFA codes a lot of times they're setting up phony redirects so this is a kind of a new a type of attack Vector for uh uh collecting credentials and MFA tokens is that that old man in the middle we used to call these man INE middle attacks with Wi-Fi when you'd go to certain places but basically a user would click on a link that would redirect them um to a site that looks just like a legitimate site that would pass through the information to the the legitimate site so let's say again login into Office 365 they would set up a website that kind of looked like the login page for Microsoft 365 and user would type in username password put in their code it would actually pass it through to the legitimate Microsoft site so that the user would then see the normal Pages get into their email get into their apps all that good stuff just like normal but the thread actor has now captured that data and now has that token so they're now able to also log in as that user so again there's they're getting really tricky about getting into this stuff because they know the best way to get to your data and your company is through email because once they're in if you get an email from a fellow employee they're more trusted to then again open that email click on a link open open an attachment plus they now get access to everybody you know so again that's what they want they want to spread as quickly as possible so if they get into one person that one person knows people they don't know and then those people know people they don't know so on and so forth so that is their ultimate goal that's why they spend so much time in attacking email is it's their easy way in uh to get to know people and get into businesses and people's personal uh devices that they normally wouldn't have access to so I know it's a little bit more money but the protections are well worth it if you have a breach and that data is compromised and it gets out there imagine what your clients would say knowing that their data was leaked because of somebody opening an email or clicking an attachment and it could have been easily caught also cyber Insurance uh definitely requiring this this is a question on every cyber uh Insurance questionnaire I've gotten is are you using MFA on your email make sure you answer that question 100% this allows you to answer that without doubt that yes 100% all users all accounts have MFA enabled because with cyber insurance if you've got one person two people that didn't set it up it was never configured and you have a breach and they find out after they do their audit before they give you that check they're not going to just send you that check if they find out that somebody didn't and that what you said on that application questionnaire was wrong that's a reason for them to deny your claim and that's what they're looking for a lot of those audits are yes they're looking for the ways in now they're starting to use them as ways to not pay you uh because you answered a question incorrectly so if you have questions about which subscription is right for your business are there other ways of doing it yes can you mix and match licenses yes but we need to have this feature turned on for all users there's different ways of doing it so if you'd like help with this going through doing an Office 365 audit uh talking about what you can do how you can get better secure please reach out to us here at the office at 760 77052