Experience a Secure and Efficient Modern Workplace.
Built on the robust foundation of the Microsoft 365 platform and fortified with security features from our cutting-edge automation engine, our modern workplace services are designed to provide your users with a stable and user-friendly environment.
Within this environment, we ensure that all your valuable data is not just safe but also monitored, assuring you of a secure and hassle-free experience.
Some benefits are:
- A Phish-resistant environment!
- Microsoft Secure Score of over 80%
- Permanent Single Sign-On (SSO)
- Automated application deployment
- Automatic device enrollment (sign-in on any new computer, and it will be enrolled with all settings and applications)
- Windows Tweaks and optimizations
- Windows and Edge ads/news blocker
- Synced Edge profile
- OneDrive auto sign-in and backup of user documents
- Windows Sign-In with MFA (Bluetooth, face recognition, fingerprint, or YubiKey) [Optional]
- Mobile phone security policies, extra encryption and authentication layer
- Defender for Endpoint Cloud Protection (EDR)
SECURITY BEST PRACTICES
All known and lesser-known security best practices are included in our baseline, remediating a wide range of security risks.
Some examples:
- Customized Exchange rules that block known malicious email patterns
- Exchange NDR turned off
- Phish and Spam protection policies
- Email security – DKIM, SPF, BIMI & DMARC Analyzer
- Entra ID risk remediation
- Guest access limitations
COMPLIANCE POLICIES
Compliance policies ensure that company data is accessible only from registered compliant devices meeting vital security criteria such as drive encryption and antivirus level.
As a result, high-risk, unmanaged computers are prevented from accessing the environment, resulting in a phish-resistant environment.
Optionally, YubiKeys (usb device) can be used to access the environment from non-compliant computers.
SECURITY ORCHESTRATION, AUTOMATION, AND RESPONSE (SOAR)
Advanced monitoring and response capabilities scan for malicious activities, and our custom automation engine isolates users and devices during high-severity incidents.
This containment ensures that potential security threats are neutralized, safeguarding data, systems, and the integrity of the environment.
Our SOC monitors your environment 24×7 for malicious activity and alerts.
ENDPOINT (VULNERABILITY) MANAGEMENT
Leveraging Defender for Endpoint on Windows and Mobile devices, we scan and alert for potential vulnerabilities. Where possible, applications are automatically updated, ensuring a good and secure user experience.
Users are alerted daily for potential risks, and Mobile device OS levels are enforced, ensuring secure endpoints and uncompromised accounts.
Leveraging custom scripts, we monitor for integrity of OneDrive and SharePoint on local devices, and other soft and hardware errors.
Modern Management
We monitor and proactively manage the entire environment, and notify you of any potential issues, before they cause any downtime.
Packed with custom-built user notifications, monitoring, and automation to prevent outages, increase security, user awareness, and ensure a smooth user experience.
Our 24×7 SOC is automatically alerted for high-priority alerts that require immediate attention, and our Service Desk is always available for questions, ensuring peace of mind for all users.
Application Packaging & deployment
There are multiple methods to deploy applications. Leveraging these methods, ensure an auto-enrollment experience for new devices and users, and less manual labor.
1. Chocolatey
- Uses a community packages to download and install applications
- Many applications such as browsers are easily installable
- Example install command: choco install googlechrome -y
- Can easily be scripted and deployed from Intune
- Does not require expertise
- Requires private hosting solution, as public ip addresses are rate limited
Prof-IT Services hosts a private Chocolatey repository with malware scans, that does not have rate limiting.
2. MSIX Application Packaging
MSIX application packaging is a simplified way to create and deploy legacy applications. Applications can be packaged into the MSIX format and distributed to managed Windows devices via Intune. This process ensures smooth installation and updates, making app management easier and more reliable.
- Applications are recorded and deployed in a virtual bubble
- Can easily be installed, uninstalled, and updated
- Requires expertise
Prof-IT Services has a dedicated packaging team available that specializes in Intune application packaging.
3. PowerShell scripts/Intunewin
- Used if other options are not available
- Used for more complex installations
- Requires expertise
Prof-IT Services custom scripts included in the baseline, are deployed on all Windows devices to manage and update applications. Vulnerability reports are reviewed daily to include new applications.
2578 Broadway #579
New York 10025
United States
Korte Lijnbaanssteeg 1-4261
1012SL, Amsterdam
The Netherlands