Small Mobile Office Security

Let me present a scenario.

A small company has 6 mobile users that have 6 laptops spread across the country.  Two of the users use their personal laptops and the others have company issued.  There is no physical location for this company.  Some users have Windows and some have Macs.  They don't have a central server.  The 3rd party applications that they use for their data is Salesforce, dropbox and another one.   They constantly email each other with sensitive items in excel and also use slack to communicate.  The concern is data security and making sure there are no compromising behaviors with a need to utilize best practices.

What are some ideas to make sure data remains safe when emailing one another and sharing information?  Would it be a smart idea to utilize Office 365 in this scenario and keep all documents in One Drive or SharePoint?  Should I consider Enterprise Mobility + Security E3?     Or are there other methods to utilize security considering there are Macs in the picture?
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Rohit AnandCloud ArchitectCommented:

There are the multiple way to secure corporate data.
As you said, they dont have fixed location and also not have central server. Now, there are multiple things come in the picture..
Its good, if you are using Office365 E3/E5 Licenses. This licenses comes with the most features.

Let's start with devices.
Are those machines are domain joined to the onpremise AD? Even its not, You can register those Devices to Azure AD using Devices registration and can enforce MFA on it. (This only applicable to Windows 10 and afterwards. Not sure about MAC yet, but I hope, it will work)

Coming to the Data security, You can use Onedrive for Business as a feature of office365 for docs sharing and also you can define the Onedrive policies and also you can enforce MFA to Outlook for Windows & MAC.

You can also use MS Intune, If you want to have any kind of policy enforcement on devices. Yup, This can be done using EMS license.
This also applicable to the Mobile devices.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
al4629740Author Commented:
But how does the office 365 work with the Macs?
Rohit AnandCloud ArchitectCommented:
There Office for MAC is available.
Amazon Web Services

Are you thinking about creating an Amazon Web Services account for your business? Not sure where to start? In this course you’ll get an overview of the history of AWS and take a tour of their user interface.


To my opinion sensitive data should not go on the net.

I would at least encrypt with pw the files using a tool like this
 prior to save it on cloud or sending by email...
Scott FellDeveloper & EE ModeratorCommented:
Using office 365,  you can mange how data is used. However, what you can't manage is somebody doing a work around where they copy and paste data to another source and send it.  That is going to be a matter of trust.

However, using office365/sharepoint/onedrive, you can share documents by sending a link. That way, the data never goes through email and only authorized users will be able to open the link. You can also control if data can be downloaded or not.  Both Office365 and GSuite offer mobile protection where you can wipe devices remotely.
btanExec ConsultantCommented:
Need to protect where its touch points for attack as well as leakage. Consider ATP.

The endpoint is a key point of control when implementing an effective information protection strategy based on security principles. Endpoints are often the entry for sophisticated attacks conducted by an external adversary or an insider threat. Combine it with the fact that endpoints are usually the darkest spot in the enterprise for security and compliance teams, and you end up with a critical weakness in the enterprise information security posture.

Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP), Microsoft’s endpoint protection platform, addresses this challenge by integrating with Azure Information Protection, Microsoft’s data classification, labeling, and protection solution.

Microsoft Defender ATP’s built-in sensors discovers labeled data on all devices monitored by the Microsoft Defender ATP service. This data is then plugged into the Azure Information Protection reporting experience and it shows labeled documents discovered on Windows devices.

Microsoft Defender ATP monitors and calculates device machine risk level – an aggregated indicator of active security threats on each device. This data is also shared with Azure Information Protection reports.

Microsoft Defender ATP can further protect sensitive data by providing data loss prevention (DLP) functionality.

It all starts from the Office 365 Security and Compliance Center (SCC), Microsoft’s unified management console for information protection, where you can manage information protection configuration settings on Windows devices. As part of the label policy, you can define whether files with a specific label applied will be protected by Microsoft Defender ATP.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.