Announcing the Microsoft 365 SMB Data Protection ToolkitAlex Fields
Update March 2023: This product has been updated significantly, and renamed too. It is now called The SMB Guide to Data Protection and Microsoft Purview in Microsoft 365 Business Premium Plans. It still contains the written guide as well as supporting materials such as scripts and templates to help you implement the features more quickly. You can get the product here. It is also included in the Consultant’s Bundle.
Perhaps you have noticed that it has been quieter around here in the last couple of months. Usually, silence is an indicator that I’ve been a busy bee, working on some other endeavors. Today I am happy to announce that one of my labors has finally come to fruition (I wanted to get this done before Ignite this year, and I made it just under the wire)!
The Data Protection Toolkit is a resource for IT Consultants who struggle to help their small and mid-sized customers grow in maturity and adopt better data security and management practices. This type of work is somewhat more difficult for us because it goes beyond just providing a service. It requires more engagement from the customer.
Traditional Managed Services Providers and consultants tend to be good at three things: (1) break-fix, (2) implementing new technologies (a.k.a. projects or “set-and-forget”), and (3) providing some type of low-touch “on-going” monitoring and maintenance (keeping the lights on, watching for emerging threats, etc.).
But Data Protection is fundamentally different. Here we must set up and nurture an organizational culture; one that requires each Organization to take ownership of their data management program from the inside, and ultimately for the end-users to become aware of context, and to become part of the solution. After all, every person who works with an organization’s corporate data is on some level a data steward. Therefore, all employees share responsibility in data protection. You want everyone to do their part to mitigate data loss/leakage, reduce organizational exposure and risk, and to become more compliant with policies, laws and regulations.
We begin this journey from the CIS Controls framework, following their recommended safeguards for Data Protection, and finding ways to make these outcomes a reality leveraging the tools in Microsoft 365. I have attempted to keep this program approachable and applicable across subscription levels (minimum of Microsoft 365 Business Premium recommended). Here is what is included in the Kit:
- Complete 55-page guide to implementing CIS Data Protection standards (pdf)
- Data Access and Management Plan Policy template (docx)
- Project Statements of Work for selling and implementing Data Protection (docx):
- Sensitivity Labels, Retention Policies and Labels, and Data Loss Prevention
- Mobile Device Management for Data Protection on personal devices
- Windows 10 Management for Data Protection on personal devices
- Scripts to help implement features faster and save time on projects (ps1)
- End-user communication template for introducing Microsoft 365 Sensitivity labels (docx)
- Data Governance Planning Workboook (xlsx)
If you are one of the thousands (I still can’t believe it sometimes) who already own the Consultant’s Bundle, then you will be happy to learn that you already have access to this new publication (just download the latest from GumRoad, and P.S.: I also added some updates to the Best Practices checklists).
The members of this year’s Practice Development group have asked for a simplified way to support my work moving forward (I have heard this from others outside the group as well). Watch for this announcement before the end of the year.
Thanks again to my fans and supporters out there: you were the inspiration for this project, and I am very happy to bring you the result.