Video Transcript
## Scene 1:
**Speaker:** Zoe Tsoraklidis
You have your preferred digital ecosystem – whether that’s Google Workspace or Microsoft 365. Your team knows these tools, and is productive with them.
## Scene 2:
**Speaker:** Zoe Tsoraklidis
But here’s the challenge: how do you secure everything inside that ecosystem?
The answer is Identity Management with Conditional Access Policies.
**Speaker:** Zoe Tsoraklidis
At TUCU, we use Microsoft’s Identity Management and Conditional Access tools as a security gateway, that sits in front of your existing Microsoft or Google accounts.
## Scene 3:
**Speaker:** Zoe Tsoraklidis
Let’s break it down using Airport Security as an analogy – and then I’ll show you how this works for your computers and mobiles.
**Speaker:** Zoe Tsoraklidis
We have 3 key components at work:
**Speaker:** Zoe Tsoraklidis
1. Entra Identity Management. This is like your passport, and proves WHO you are. It’s your credentials, which are used to manage user accounts, groups and roles, and basic authentication.
2. Intune Device Management. This is like luggage inspection. It checks WHAT you’re bringing with you.
**Speaker:** Zoe Tsoraklidis
3. Conditional Access. This is like the TSA officer at the luggage checkpoint. They make the final entry decision using info from BOTH of the above tools.
## Scene 4:
**Speaker:** Zoe Tsoraklidis
Here’s how it works.
**Speaker:** Zoe Tsoraklidis
When any device attempts to access your data, your Border Agent, or Identity Manager first checks for a Passport, so they know who you are.
**Speaker:** Zoe Tsoraklidis
If your passport clears, you pass through, and they check your luggage. In this case, we’re checking if the device meets your security rules.
## Scene 5:
**Speaker:** Zoe Tsoraklidis
For example, your rules may be that every computer must be bound to your domain, have antivirus, EDR, and an encrypted hard drive, and be located in Canada to connect.
## Scene 6:
**Speaker:** Zoe Tsoraklidis
If all conditions are met, The Conditional Access Policy, or TSA guard, allows entry to your trust boundary, where your email, data, and applications live.
**Speaker:** Zoe Tsoraklidis
If the device fails to meet your security rules, access is denied.
**Speaker:** Zoe Tsoraklidis
This is known as a Trusted Device in a Zero Trust Framework. It’s how you differentiate your trusted staff and computers from hackers online.
## Scene 7:
**Speaker:** Zoe Tsoraklidis
Your preferred tools stay the same. Whether you use Google Workspace or Microsoft 365, your email, drives, and apps remain unchanged, but now you have real cloud security in place.
## Scene 8:
**Speaker:** Zoe Tsoraklidis
Before we touch on new computer setups, it’s important to note that Conditional Access Policies offer MUCH more than just initial entry approvals.
**Speaker:** Zoe Tsoraklidis
There are options to block file downloads, restrict copy/paste to protect company data, enforce re-sign in if there are signs of risky or suspicious behaviour, and more.
## Scene 9:
**Speaker:** Zoe Tsoraklidis
Now, what about new devices? We make this easy too.
Whether you need Macs or PCs, every device arrives pre-provisioned into your Conditional Access tools.
## Scene 10:
**Speaker:** Zoe Tsoraklidis
Pre-provisioning, or, White Glove deployment, means we work with the computer manufacturer to do most of the device configuration before it’s shipped to you.
**Speaker:** Zoe Tsoraklidis
Mac devices are pre-provisioned through Apple Business Manager.
**Speaker:** Zoe Tsoraklidis
PCs, through Windows AutoPilot.
## Scene 11:
**Speaker:** Zoe Tsoraklidis
Here’s how it works.
**Speaker:** Zoe Tsoraklidis
We get a serial number from the manufacturer.
We add that serial number to your security tools.
**Speaker:** Zoe Tsoraklidis
Then, the device is shipped to you.
## Scene 12:
**Speaker:** Zoe Tsoraklidis
When your staff receive the new computer, they turn it on and connect to wifi. The computer will ‘check in’ and begin to pre-provision itself.
**Speaker:** Zoe Tsoraklidis
Because the serial number was entered in to YOUR security tools, the computer knows it belongs to YOUR organization, adopts your security controls, and can enter your Trust Boundary.
**Speaker:** Zoe Tsoraklidis
This is what is known as a pre-provisioned device.
**Speaker:** Zoe Tsoraklidis
## Scene 13:
**Speaker:** Zoe Tsoraklidis
With a few more clicks, our technicians have your staff logged in to email, and all their work apps installed. This is streamlined new computer setups made easy.
## Scene 14:
**Speaker:** Zoe Tsoraklidis
That’s Identity Management with Conditional Access in a nutshell.
**Speaker:** Zoe Tsoraklidis
You will have enterprise-grade security without changing how your team works. They keep using the tools they know, but now everything is properly protected.
**Speaker:** Zoe Tsoraklidis
**Speaker:** Zoe Tsoraklidis
Please let us know if you have any questions – we’re always happy to help.
**Speaker:** Zoe Tsoraklidis
You can check the description for more links, or visit us online at tucu.ca to learn more about cloud security solutions for small business teams.
**Speaker:** Zoe Tsoraklidis
Thank you for watching!
How To Protect Business Cloud Accounts
Computer security is a smoke detector. IT security is a smoke detector, sprinklers, fire extinguishers, an evacuation plan, and fire-rated doors.
Computer security is a padlock on a storage unit. IT security is a security system for the whole building, including cameras, key cards, and a guard who notices when something’s wrong.
Computer security stops yesterday’s threats. IT security is active, working in the moment, and anticipating tomorrow’s threats.
Computer security protects a device. IT security protects your business.
Your most important data is in the cloud. It lives in your email inbox and your cloud drives. Computer security such as antivirus, don’t cut it.
This 4 minute video introduces the concept of Identity Management and Conditional Access Policies, which build the foundation of your cloud security.
What is Identity Management?
Think of IAM as your digital security guard and gatekeeper combined. Identity Access Management is simply a set of tools and processes that help you:
- Control who can log in to your business systems
- Decide what each person can and cannot access
- Monitor how company resources are being used
- Easily add or remove access when people join or leave your team
It’s like having a sophisticated key system for your digital business – some people get master keys, others can only enter specific rooms, and you have a record of who went where.
That kind of visibility is crucial to protecting your accounts and data.
How does Identity Management improve cybersecurity?
You might think, “My team is small, we all trust each other, so why bother?” Here’s why IAM matters for businesses of all sizes:
Protection from External Threats
Hackers don’t just target large corporations. In fact, small businesses are often targeted precisely because they typically have weaker security measures. When employee credentials are compromised (through phishing emails or data breaches), an attacker can gain access to your entire business. IAM helps prevent this by adding layers of protection beyond just passwords.
Streamlined Operations
Have you ever wasted time tracking down access to a document or system? IAM creates a structured approach to who can access what, making onboarding new team members faster and reducing delays caused by access issues.
Compliance Made Easier
Depending on your industry, you may have legal obligations regarding data protection and privacy. IAM helps ensure you’re meeting these requirements by controlling and documenting who has access to sensitive information.
Protection During Staff Changes
When team members leave or change roles, IAM makes it simple to immediately adjust their access rights, protecting your business data from unauthorized use.
Real World Example: Meet Sarah, the Accounting Firm Owner
Sarah runs a small accounting firm with six employees. Before implementing IAM, she faced several challenges:
- Her team needed access to different client files, but she worried about over-sharing confidential information
- When a bookkeeper left suddenly, Sarah wasn’t sure if they still had access to client financial data
- Team members were storing passwords insecurely or sharing them via email
- Remote work meant team members were logging in from various locations, raising security concerns and increasing her risk and liability
After implementing a simple IAM system through Microsoft 365 and Intune, Sarah’s firm experienced immediate benefits:
- Client data was strictly compartmentalized – team members only saw the files they needed
- When staff changed, removing their access took minutes instead of hours
- Two-factor authentication added an extra security layer, even if passwords were compromised
- Sarah could see who accessed what and when, providing peace of mind, real risk reduction and accountability
How Identity Management Works
Modern IAM doesn’t have to be complicated. Here’s what a typical system includes:
1. Identity Management
This creates and manages digital identities for each employee. When someone joins your team, you create their profile and assign appropriate access levels.
2. Access Controls
This determines what each person can access. For example:
- Your marketing team might need access to social media accounts but not financial records
- Your bookkeeper needs access to QuickBooks but not your customer database
- Contractors get limited access only to projects they’re working on
3. Authentication
This verifies that users are who they claim to be. Modern authentication includes:
- Strong password policies
- Multi-factor authentication (confirming identity via a second method like a text message code)
- Single Sign-On (SSO) capabilities that let users securely access multiple systems with one login
4. Monitoring and Reporting
This gives you visibility into how your systems are being accessed and by whom, helping you identify unusual activity that might indicate a security problem.
Implementation: Getting Started with IAM
Implementing IAM doesn’t have to be overwhelming. Here’s how to begin:
1. Start with What You Already Have
If you’re using Microsoft 365, Google Workspace, or other cloud platforms, you already have basic IAM tools at your disposal. Begin by learning how to use these built-in features effectively.
At TUCU, we typically recommend these IAM solutions for small business:
Microsoft 365 with Intune: Provides comprehensive identity management that works seamlessly with Office applications, email, and file sharing
Google Workspace: Offers strong IAM features for businesses primarily using Google’s ecosystem
BitWarden for passwords: Password management tools that improve security while making it easier for teams to use strong, unique passwords
For businesses with more complex needs, we deploy Azure Active Directory advanced capabilities.
2. Implement Multi-Factor Authentication
This single step dramatically improves your security posture. Require a second verification method (typically a code sent to a mobile device) in addition to passwords.
3. Create Access Groups
Instead of managing permissions individually, create groups based on roles (e.g., “Accounting,” “Marketing,” “Management”) and assign appropriate access to each group.
4. Document Your Processes
Create clear procedures for:
- How new employees get system access
- How access changes when roles change
- How access is removed when someone leaves
5. Regularly Review Access Rights
Schedule quarterly reviews to ensure everyone still has appropriate access levels – no more and no less than they need.
Identity Management with Conditional Access: Complete Security
Scroll back up to watch the video again, and note how Conditional Access Policies work with Identity Management solutions to provide you with complete security.
Need help protecting your cloud accounts?
If you’re using Microsoft 365, we implement comprehensive Identity Management and Conditional Access policies that protect your cloud accounts while satisfying vendor security requirements.