Project

One-time Microsoft 365 project deployment.

  • Microsoft 365 Modern Workplace Services
  • Email analytics, compliance &
    PowerBI Reporting
  • Third-Party Application Patching & Vulnerability Management
  • Microsoft Sentinel Security Orchestration Automation and Response
  • AppLocker Application White-Listing
  • Dark-Web Monitoring
  • Microsoft 365 Backup

Standard

Standard security and device management.

  • Microsoft 365 Modern Workplace Services
  • Email analytics, compliance &
    PowerBI Reporting
  • Third-Party Application Patching & Vulnerability Management
  • Microsoft Sentinel Security Orchestration Automation and Response
  • AppLocker Application White-Listing
  • Dark-Web Monitoring
  • Microsoft 365 Backup

Security

Advanced security and device management.

  • Microsoft 365 Modern Workplace Services
  • Email analytics, compliance &
    PowerBI Reporting
  • Third-Party Application Patching & Vulnerability Management
  • Microsoft Sentinel Security Orchestration Automation and Response
  • AppLocker Application White-Listing
  • Dark-Web Monitoring
  • Microsoft 365 Backup

All-inclusive

All security features and full backup of all resources.

  • Microsoft 365 Modern Workplace Services
  • Email analytics, compliance &
    PowerBI Reporting
  • Third-Party Application Patching & Vulnerability Management
  • Microsoft Sentinel Security Orchestration Automation and Response
  • AppLocker Application White-Listing
  • Dark-Web Monitoring
  • Microsoft 365 Backup

Experience a Secure and Efficient Modern Workplace.

Built on the robust foundation of the Microsoft 365 platform and fortified with security features from our cutting-edge automation engine, our modern workplace services are designed to provide your users with a stable and user-friendly environment.

Within this environment, we ensure that all your valuable data is not just safe but also monitored, assuring you of a secure and hassle-free experience.

Some benefits are:

  • A Phish-resistant environment!
  • Microsoft Secure Score of over 80%
  • Permanent Single Sign-On (SSO)
  • Automated application deployment
  • Automatic device enrollment (sign-in on any new computer, and it will be enrolled with all settings and applications)
  • Windows Tweaks and optimizations
  • Windows and Edge ads/news blocker
  • Synced Edge profile
  • OneDrive auto sign-in and backup of user documents
  • Windows Sign-In with MFA (Bluetooth, face recognition, fingerprint, or YubiKey) [Optional]
  • Mobile phone security policies, extra encryption and authentication layer
  • Defender for Endpoint Cloud Protection (EDR)


SECURITY BEST PRACTICES

All known and lesser-known security best practices are included in our baseline, remediating a wide range of security risks.

Some examples:

  • Customized Exchange rules that block known malicious email patterns
  • Exchange NDR turned off
  • Phish and Spam protection policies
  • Email security – DKIM, SPF, BIMI & DMARC Analyzer
  • Entra ID risk remediation
  • Guest access limitations

COMPLIANCE POLICIES

Compliance policies ensure that company data is accessible only from registered compliant devices meeting vital security criteria such as drive encryption and antivirus level.

As a result, high-risk, unmanaged computers are prevented from accessing the environment, resulting in a phish-resistant environment.

Optionally, YubiKeys (usb device) can be used to access the environment from non-compliant computers.

SECURITY ORCHESTRATION, AUTOMATION, AND RESPONSE (SOAR)

Advanced monitoring and response capabilities scan for malicious activities, and our custom automation engine isolates users and devices during high-severity incidents.

This containment ensures that potential security threats are neutralized, safeguarding data, systems, and the integrity of the environment.

Our SOC monitors your environment 24×7 for malicious activity and alerts.

ENDPOINT (VULNERABILITY) MANAGEMENT

Leveraging Defender for Endpoint on Windows and Mobile devices, we scan and alert for potential vulnerabilities. Where possible, applications are automatically updated, ensuring a good and secure user experience.

Users are alerted daily for potential risks, and Mobile device OS levels are enforced, ensuring secure endpoints and uncompromised accounts.

Leveraging custom scripts, we monitor for integrity of OneDrive and SharePoint on local devices, and other soft and hardware errors.

Dark Web & Security Monitoring

Microsoft 365 Threat Intelligence

We match Microsoft 365 activity with threat intelligence, containing malicious IP addresses and bot network info.

Suspicious Activity

We monitor for suspicious Microsoft 365 account activity that could indicate compromises.

Security Orchastration Automation and Response

 Our custom automation engine  isolates users and devices during high-severity incidents.

Dark Web Monitoring

24×7 monitoring of Dark Web for domains, credentials, IP and email addresses, alerting in case of breaches.

Application Packaging & deployment

There are multiple methods to deploy applications. Leveraging these methods, ensure an auto-enrollment experience for new devices and users, and less manual labor.

1. Chocolatey
  • Uses a community packages to download and install applications
  • Many applications such as browsers are easily installable
  • Example install command: choco install googlechrome -y
  • Can easily be scripted and deployed from Intune
  • Does not require expertise
  • Requires private hosting solution, as public ip addresses are rate limited

Prof-IT Services hosts a private Chocolatey repository with malware scans, that does not have rate limiting.

2. MSIX Application Packaging

MSIX application packaging is a simplified way to create and deploy legacy applications. Applications can be packaged into the MSIX format and distributed to managed Windows devices via Intune. This process ensures smooth installation and updates, making app management easier and more reliable.

  • Applications are recorded and deployed in a virtual bubble
  • Can easily be installed, uninstalled, and updated
  • Requires expertise

Prof-IT Services has a dedicated packaging team available that specializes in Intune application packaging.

3. PowerShell scripts/Intunewin
  • Used if other options are not available
  • Used for more complex installations
  • Requires expertise

Prof-IT Services custom scripts included in the baseline, are deployed on all Windows devices to manage and update applications. Vulnerability reports are reviewed daily to include new applications.

Contact us for more information!

2578 Broadway #579
New York 10025
United States

Korte Lijnbaanssteeg 1-4261
1012SL, Amsterdam
The Netherlands