Secure Device Management and Monitoring

Key Goals & Requirements 1. Company-Owned Devices • Secure Login • Restrict login to authorized employees only (e.g., domain-like login or equivalent through Azure AD/Intune). • Implement MFA or a similar method to reinforce secure logins. • Usage Restrictions • Block social media, streaming sites, and any inappropriate or non-business-related websites. • Allow only business-critical apps and websites (primarily Microsoft 365 suite and any other approved tools). • HIPAA Folder Protection • Some employees need HIPAA compliance for certain folders in SharePoint; ensure access is locked down and logs are recorded appropriately. 2. Personal Devices (BYOD) • Limited Company Data Access • We do not plan to enforce full MDM or MAM policies, but we do want to ensure that when employees access company files or emails, our data remains secure. • App/Email Security • Configure policies (e.g., Conditional Access, if feasible) to protect corporate data in Microsoft 365. • Ensure employees can’t inadvertently sync or download sensitive files (like the HIPAA folder) to unapproved locations. 3. Microsoft Defender & Intune Configuration • Advanced Threat Protection • Enable real-time threat detection and response features. • Conditional Access (If Appropriate) • Only allow logins from compliant devices or require MFA if the device doesn’t meet certain criteria. • Firewall & Antivirus • Confirm that Defender antivirus and firewall are fully operational and configured on company devices. 4. Logging & Monitoring • We are unsure of the detailed logging/alerting level we need, so please recommend a lightweight or default approach. • Rely on Microsoft’s built-in reporting tools—no separate SIEM system. 5. Documentation & Training • Provide written, easy-to-understand guides for both our IT admin (if any) and end users. • Minimal end-user training may be needed—just enough to explain new login processes or restrictions. 6. Timeline & Budget • Deadline: We need this completed within one week of project start. • Budget: We’re a small business, so we’re looking for cost-effective solutions. 7. Rollout & Support • Rollout Strategy: Implement changes all at once for all 3 company-issued devices and relevant settings for personal devices. • Feedback & Troubleshooting: We’ll work closely with you to address any issues during the rollout. • Post-Deployment: No ongoing maintenance contract required; we just need a stable setup and documentation to manage afterward.