1. Intune Implementation • Create Intune policies to replace existing Group Policies already in place. Ensuring that remote machines are getting the latest policies regardless of their onprem status. • Create MFA with conditional access security to protect Global Admin and Admin roles in the Microsoft tenant • Create device compliance/configuration policies with best practice standards • Create app configuration policies for Office and any LOB application with an MSI package • Configure prerequisites to enable unattended provisioning • Configure policies to allow bulk join Windows devices to Azure AD • Extend a Geoblock rule managed by our firewalls on prem to users when working from home and are off VPN o Example: Restrict access to websites on district devices that are hosted outside of the United States and Canada. • Review and update security policies with best practice standards • Create an enrollment Status Page or Report • Create Attack Surface Reduction policies • Review and create security-enabled groups 2. Data Loss Prevention Implementation • Develop and implement the use of sensitivity labels for data onprem and in the cloud. • Enhance the organization’s security profile by preventing unauthorized access, sharing and leakage of sensitive information • Configure to work with Exchange Online, SharePoint, OneDrive, Teams, and other Microsoft 365 products and data hosted on prem on file shares • Create baseline policies to detect sensitive info, classify it and secure unauthorized access regardless of its location and tying those polices to Active Directory security groups • Develop automated policies to detect and stop the sharing of sensitive info that are not already handled specifically by other policies • Review and update policies with best practice standards
