Microsoft 365: A Simple Architecture for SMB’s

By | January 2, 2020
0 Comment

I would like to share with you a simple architecture than can achieve quite a lot for small to medium sized businesses. This post is based on a full cloud environment with no on premise servers.

The Architecture

M365Architecture

M365ArchitectureDownload

Pre-Requisites

For this particular case we will be utilizing services such as Intune for Device Management, Azure Active Directory for Identity management, security and conditional access, Windows Autopilot for Device Enrollment.

It is important to have a license within Microsoft 365 which covers the above. I recommend the Microsoft 365 Business license.

As well as the license, you should have a test PC to deploy your policies too. This post is based on Windows 10 devices.

Breaking it Down

  • Identity Management and protection – Azure AD
  • Device Configuration, Protection & Management – Microsoft Endpoint Management / Intune
  • Zero touch deployment – Windows Autopilot
  • On premise encrypted VPN for any apps you may need to access hosted on a desktop. E.g. accounting software
  • Cloud to Cloud Backup – Keep yourself protected. You can choose your provider. E.g. Ave Point, Backupify and more.

What Can be Achieved from this?

You may or may not be surprised what we can achieve with this license. Some of the key points I will highlight below.

Identity Management

  • Centralized Identity which can be integrated with third parties for SAML SSO
  • Conditional access polices to secure applications and services (Can even be based on device compliance status)
  • Multi-Factor authentication (Can reduce attacks by 99.9%)
  • Risky user and sign in detection

Device Management

  • Deploy Configuration profiles and polices
  • Deploy PowerShell Scripts
  • Create a zero touch deployment with Windows Autopilot
  • Secure device and corporate data
  • Manage applications
  • Generate compliance reports

The Office 365 Services plus More

  • All the services from Business Premium (Exchange Online P1, Applications, Storage, Collaboration etc.)
  • Advanced Security for emails and corporate data/devices

The full list of features can be found here.

Next Steps

The next steps for you are to get at least one license and device and start setting up your environment.

Over the next few months I will do doing a video series on this Architecture to show you how to set this up as well as explaining different policies and configurations. I have started recording the videos and will be uploading them to my website.

Related Posts