Testing - IT Services Company in Auckland NZ

Please enable JavaScript in your browser to complete this form.

- Step 1 of 11

Microsoft 365 Secuirty Features Implementation Form

Name *

EMAIL ID *

If you Want to Change your Phase

Identity & Access Management

1- Configuration of MFA using Microsoft Authenticator for all users

Do you want to configure MFA for all users?

Note

2- Prevent users from joining devices to Entra ID

Do you want to prevent users from joining devices to Entra ID?

Note

3- Prevent users from enrolling devices to Microsoft Intune

Do you want to prevent users from enrolling devices to Microsoft Intune?

Note

4- Entra ID Joining and Profile Migration

Do you want to enable Entra ID joining and profile migration?

Note

5- AutoPilot Configuration

Windows Autopilot simplifies device setup, configuration, reset, repurposing, or wiping.

Note

6- Endpoint Manager Device Registration

For devices previously joined to Entra but not enrolled in Intune

Note

7- Block Legacy Authentication

Enhances security by disabling older, less secure authentication protocols.

Note

8- Enable Self Service Password Reset

Allows users to reset passwords without IT intervention.

Note

9- Password-less Sign-In for MS Cloud Apps

Configure policies for signing in without a password using Microsoft Authenticator.

Note

10- Enable Device-Based Conditional Access Policies

Enforce access based on device compliance and security posture.

Note

Notes and Feedback

Device Security & Administration

1- Activate BitLocker for Enhanced Device Security

Encrypts data on devices; BitLocker keys will be stored in Office 365.

Note

2- Configure Windows Local Administrator Password Solution (LAPS)

Manages local administrator passwords securely.

Note

3- Configuration of a Local Administrator for Devices

Option to create an Office 365 admin account for device-specific credentials that rotate every 30 days.

Note

4- Deactivation of All Local Administrators

Prevents elevation of privileges; note: does not apply to BYOD devices.

Note

5- Implementation of Best Practice Security Baseline Policies for Windows (Test Group)

Roll out baseline policies first to a test group (please provide 5 test user emails) before organization-wide deployment.

Note

6- Company Portal Application Configuration

Configure the portal so users can install/uninstall approved applications.

Note

7- List of Installed Applications Currently in Use

Provide a list of applications (e.g., Adobe Reader, Chrome, VLC) for reference.

Note

Notes and Feedback

Browser & Application Security

1- Implementation of Best Practice Security Baseline Policies for Microsoft Edge

Set policies for browsers and other applications.

Note

2- Block Internet Explorer on Devices

Prevent use of outdated browser technology.

Note

3- Change Default Search Provider in Microsoft Edge to Google (from Bing)

Note

4- Disable Option to Save Passwords in Google Chrome

Enhances security by reducing password storage risks in personal accounts.

Note

5- Disable Option to Clear History in Google Chrome

Note

6- Disable Option to Save Passwords in Microsoft Edge

Note

7- Disable Option to Clear History in Microsoft Edge

Note

8- Show a Message Regarding Company Policy Before Logon

Provide a simple text message for display (formatting will be ignored).

Note

Notes and Feedback

Collaboration & Communication Security

1- Office 365 Guest Settings – Organisation Wide

Configure who can invite guests and set collaboration restrictions.

Note

2- Configure External Access in Teams

Options: Allow all external domains, allow only specific domains, block specific domains, or block all.

Note

3- Configure Guest Access in Teams

Enable or disable guest access (requires proper Office 365 guest settings).

Note

4- Teams Presenter and Screen Sharing Settings

Define who can present (Everyone, organisers only, etc.) and set screen sharing options (Entire Screen, Single Application, or None).

Note

5- Configure Ability for Participants to Give or Request Control

Enable or disable control sharing during meetings for both internal and external users.

Note

6- Disable 3rd Party & Custom Apps in Teams

Only allow Microsoft apps while restricting external apps.

Note

7- Disable Third-Party Cloud Storage in Teams

Specify allowed providers (e.g., Dropbox, Google Drive) if any.

Note

Notes and Feedback

Email & Data Security

1- Activate and Configure Microsoft Anti-Threat Protection for Email

Users receive notifications when an email is quarantined, with options to allow, block, or release.

Note

2- Customize Quarantine Permissions and Policies

Allow users to request the release of lower-risk quarantined messages.

Note

3- Block All Executable Email Attachments

Prohibits receipt/execution of attachments with executable file extensions.

Note

4- Configure Safe Links

Protects users from malicious websites by checking URLs in emails/documents.

Note

5- Enable Mail Tips

Provides informative messages during email composition to prevent potential issues.

Note

6- Enable Alert Policies

Alert on suspicious activities (e.g., elevation of privileges, invalid internal recipients).

Note

7- Enable Email Encryption Option

Alert on suspicious activities (e.g., elevation of privileges, invalid internal recipients).

Note

8- Manage User Email Phishing/Junk Reports

Decide if reported messages should be sent to a reporting mailbox or directly reported to Microsoft.

Note

Notes and Feedback

Office Desktop App Security

1- Implementation of Best Practice Security Baseline Policies for Microsoft Desktop Apps

This includes: Blocking Macros (with an option to exclude Excel if needed) Disabling older Office file formats Enabling Protected View for files from untrusted locations Blocking unsafe files with executable content Disabling trusted network locations Legacy JScript blocking Enforcing file extension matching Blocking Excel XLL add-ins from untrusted sources

Note

2- Sensitivity Labels

Define labels (Public – No Restriction, Public – View Only, Internal, Confidential, Restricted) and specify users for sensitive labels.

Note

Notes and Feedback

Defender & Windows Security

1- Configuration of Defender to Work with Intune

Focus on endpoint protection and advanced threat management.

Note

2- Security Policy for Windows Firewall

Focus on endpoint protection and advanced threat management.

Note

3- Defender Notifications & Alerts

Specify an email ID to receive notifications.

Note

4- Configuration of Defender Policies

Note

5- Configuration of Defender Tamper Protection

Note

6- Configuration of Attack Surface Reduction Rules

Note

7- Activation of Credential Guard

Note

8- Defender Web Content Filtering Setup

Note

9- Block USB Drives Read and Write Access for Specific Users

Provide the email addresses for the users this policy should apply to.

Note

10- Optional: Make USB Drives Read-Only for Specific Users

Users in read-only mode can transfer files from USB to computer (allowed) but not vice versa.

Note

11- Activation of Windows Defender and Removal of Sophos

Users in read-only mode can transfer files from USB to computer (allowed) but not vice versa.

Note

Notes and Feedback

Compliance & Updates

1- Configure Default Compliance Policy Settings

Use default settings (minimum OS version, threat level, etc.) with actions for noncompliance.

Note

2- Setup Compliance Notifications

Note

3- Create Compliance Policies for Each Platform

Note

4- Configure Enterprise State Roaming (Deprecated)

Sync user settings (theme, taskbar, wallpaper, etc.) with Microsoft Entra ID.

Note

5- Use Configuration Analyzer for EOP and Defender for Office 365

Compare current email protection settings to Microsoft recommendations.

Note

6- Hardening of Conditional Access Policies

Note

7- Configure Windows Update Rings Policy

Set up two rings: Test Group (Ring 1) and all other users (Ring 2). Specify weekly install day and time.

Note

8- Configure Windows Feature Updates Policy

Manage yearly Windows version upgrades (manual updates with each Microsoft release).

Note

9- Configure Windows Quality Updates Policy

Regular check for critical quality updates (manual for unmanaged environments).

Note

10- Configure Windows Driver Updates Policy

Option to automatically or manually approve driver updates.

Note

11- Configure Update Policy for Office Apps

Manage yearly Windows version upgrades (manual updates with each Microsoft release).

Note

12- Miscellaneous Security Recommendations

Manage yearly Windows version upgrades (manual updates with each Microsoft release).

Note

Notes and Feedback

BYOD Policies

1- Policy for Personal Computers (BYOD) to Access Company Data

Access will be restricted to web access only (e.g., via Microsoft Edge with a work profile).

Note

2- Policy for Personal Mobiles and Tablets (BYOD) to Block Access via Third-Party Email Apps

Only Microsoft Outlook will be allowed; other email apps (e.g., Apple Mail, Samsung Mail) will be blocked.

Note

3- Policy for Personal Mobiles and Tablets (BYOD) to Access Company Data

Personal or company-owned devices with data sharing protection, allowing only Microsoft apps with app protection policies.
Company-owned devices managed via Intune MDM (with additional charges and strict provisioning).

Note

Notes and Feedback

Task status *

Get notified about status update

Note* : Don't forget to save and continue before leaving this form otherwise your progress wont be saved

Get notified about status update

Note* : Don't forget to save and continue before leaving this form otherwise your progress wont be saved