How Microsoft 365 is Better from Traditional Microsoft Account – All Features Explained

This post summarizes how Microsoft 365 is better than the traditional Microsoft Account—all features explained.

If you’re doing it right, Microsoft 365 is your best and most practical and cost-effective ($20/user/month) IT security and management system.

Microsoft 365 Disaster Recovery and Business Continuity

Traditional Ways:

  • Weak/untested or nothing.
  • 3rd Party Service

Microsoft 365:

  • Microsoft 365 is 100% cloud
    • Disaster recovery is free
    • Business continuity is free
      • Managed by Microsoft
      • Geographically redundant datacenters
      • 99.9% uptime SLA

Phone System Business Continuity

Traditional Ways:

  • On-premise phone system
  • 3rd party hosted non-integrated phone system

Microsoft 365:

    • The Microsoft Teams Phone System
      • Complete business continuity
      • Managed by Microsoft
      • Geographically redundant datacenters
      • 99.9% uptime SLA

Microsoft 365 Computer Setups and Group Policies | Microsoft Endpoint Manager (formerly Microsoft Intune) configuration procedures

Traditional Ways:

  • Manual end-user computer configuration
  • Image-based end-user computer configuration
  • Windows Server AD Group Policies.

Microsoft 365:

  • Microsoft Endpoint Manager (Intune)
  • Configuration profiles

Microsoft Endpoint Manager Advanced: Security Baselines

Optimized modernization of Endpoint Manager:

Modernizing IT Security with Microsoft 365 – Part 2 – Infosec Memo

Microsoft Defender Antivirus

Traditional Ways:

Microsoft 365 Feature:

"

  • Microsoft Defender Antivirus-Included with Windows 10

Microsoft Defender for Endpoint (Advanced Antivirus)

Microsoft 365:

  • Microsoft Defender for Endpoints-Behavior-based monitoring, prevention, and control
  • A best practice is available from the Microsoft Baseline template.

Microsoft 365 Lost or Stolen Computer Protection | BitLocker Disk Encryption | Remote wipe | Remote lock

Microsoft 365:

  • Microsoft Bitlocker is included with Win10+
  • Azure AD BitLocker Recovery Key Sync (Azure AD P1)
  • Microsoft Endpoint Manager Remote Wipe

Microsoft 365 Web Browsing Protection | Web threat protection | Web Content Filtering

Microsoft 365 Include

  • Microsoft 365 Defender for Endpoint
    • Web Threat Protection
    • Web Content Filtering

Web Threat Protection: Advanced | Microsoft Edge Authentication | Microsoft Endpoint Manager Security Defaults for Microsoft Edge

Traditional Ways:

  • Any web browser the user wants
  • There are no web browsing security controls

Microsoft 365:

  • Authenticate in Microsoft Edge
    • Web App Virtual Containers
    • Microsoft Defender for Endpoint
    • Microsoft Endpoint Manager Security Defaults for Microsoft Edge (Baseline Template)

Legacy Server Backup and Security with Microsoft Azure | Blue Backup | Azure Defender

Usually includes MS SQL Server.

Traditional Ways:

  • On-premise virtual or physical servers
    • Server backup and disaster recovery
    • No antivirus or 3rd party antivirus

Switch to Microsoft 365:

  • Virtual servers in Azure Virtual Network
    • Azure Backup
    • Azure Defender
    • Disaster recovery is included for free
    • 99.9% uptime SLA
  • Accessed by
    • VPN

Microsoft 365 VPN

Traditional Ways:

  • On-premise firewall appliance hosting vpn

Modernized ways with Microsoft 365

  • No VPN required.
    • Data is 100% in the Microsoft 365 cloud.
    • All data is encrypted in transit and at rest.
  • Azure Active Directory: My Firewall (Identity Protection)
  • Only consider your endpoint device encryption, enable/configure conditional access.

Microsoft 365 Firewall

Traditional Ways:

  • An expensive on-premise firewall appliance
  • 1-3 year license/support renewals
  • 5 year hardware refresh

Modernized ways with Microsoft 365

  • Primary NAT Firewall or ISP router
  • Your IT services are 100% cloud
  • Cybercriminals don’t know about your LAN
  • Azure Active Directory My Firewall (Identity Protection)

Microsoft 365 hardware refreshes

Traditional Ways:

  • 5-year hardware refresh cycles.
  • 6th-year warranty extension

Modernized ways with Microsoft 365

  • The hardware is never refreshed.
  • Only the precinct remains.
    • A basic firewall
    • switches
    • Wireless access points
    • Network printers

Microsoft 365 Security Extras

The following features are considered additional.

Control company data on employees’ personal devices | Microsoft Endpoint Manager app protection policies

Traditional Ways:

  • Company emails and files are synced to employees’ personal cell phones.
  • No control over where company email and files are copied.
  • No data loss prevention control

Modernized ways with Microsoft 365

  • Microsoft Endpoint Manager app protection policies
    • Control security with a mobile app, not an employee’s personal cell phone.
    • Control copy/sync/share in mobile app.
    • Remote wipe
    • Automatic wipe

Microsoft 365 single sign on

Traditional Ways:

    • Employees are juggling multiple login accounts.
    • Neelavarna AD
    • Windows Server AD
    • Financial Web App
    • Sales Web APP
    • Activities web APP
  • Accounts use company email addresses and the same or similar passwords.
  • A security risk

Modernized ways with Microsoft 365

  • Azure Active Directory Single Sign-On
    • An Azure AD account is used as a single identity to access all company cloud systems.
    • An identity to create when an employee starts
    • An identification to cease when an employee quits

Secure files and emails anywhere in the world | Microsoft 365 Sensitivity Labels

Traditional Ways:

  • Folder-based security controls
    • Security is applied at the folder level.
    • File/email is no longer protected after being removed from the folder.

Modernized ways with Microsoft 365

  • Microsoft 365 Sensitivity Labels
    • The ability to apply a security group directly to a file or email
    • Security stays with the file or email no matter where it goes or with whom.

Microsoft 365 Device Compliance Policies

Traditional Ways:

  • Connect to Microsoft 365 regardless of device security.

Modernized ways with Microsoft 365

  • Microsoft Endpoint Manager is a
    • Device Compliance Policies: Users’ devices must comply with our security requirements.

Managing Microsoft 365 cloud services

Traditional Ways:

  • The IT Manager/Director manages hardware and software updates.
  • Log into servers to check and correct IT systems.
    • If the system is running, can you call it good?

Modernized ways with Microsoft 365

  • Microsoft maintains hardware and software updates.
  • You log into the portals to check and correct the IT system.
  • You configure processes around alerts and auto-remediation.

Microsoft 365 Secure Score

Traditional Ways:

  • There is no objective IT security scoring metric.
  • There is no guided path.
  • There is no checklist of industry best practices.

Modernized ways with Microsoft 365

    • Microsoft 365 Secure Score
      • A scoring metric for your entire Microsoft 365 tenant
      • Current score and score trending
      • Provides a priority technical checklist

Microsoft 365 Compliance Manager | Data protection baselines

Traditional Ways:

  • Compliance is a vague goal that no one on your team has real experience with
  • Compliance requirements seem ridiculously bureaucratic.
  • No industry best practices, NIST, ISO, Fedramp, GDPR
  • No guidance or integration with Microsoft 365

Modernized ways with Microsoft 365

  • Microsoft 365 Compliance Manager
    • Data protection baselines
      • It comes with all versions of Microsoft 365.
      • Beyond technical implementation in M365 Secure Score
      • Documentation, Policies, and Procedures
      • Microsoft best practices combined with industry compliance (NIST, ISO, Fedramp, GDPR
      • It provides a prioritized checklist.
      • Current score and score trend

Subscriptions and pricing

General Microsoft 365 setup:

Microsoft 365 Business Premium: $20/user/month (300 users) -> Enterprise version ($32/user/month)

+Microsoft 365 E5 Security Add-on: $12/user/month (ID protection, behavioral AI learning protection)

+Microsoft Phone System: $20/user/month

Total = $52/user/month (300 user limit).

Gun database breach leaks details of thousands of owners

Leave a Reply