Microsoft 365 Intune Configuration and Optimization

---

Project Brief: Microsoft 365 Security & Device Configuration Project Scope. We are seeking a qualified vendor to implement a comprehensive Microsoft 365 security and compliance hardening project across our organization. This includes MFA enforcement, device compliance via Intune, conditional access policies, secure app deployment, and advanced Microsoft 365 security configurations. The goal is to ensure our environment is secure, compliant, and optimized for end-user productivity while maintaining zero trust best practices. ________________________________________ Functional Requirements by Area 1. Microsoft Entra MFA & Self-Service Password Reset (SSPR) • Enforce modern MFA policy across all users using Microsoft Authenticator with number matching. • Update SSPR to: o Require 2 authentication methods 2. Microsoft 365 Security Configuration General Configuration: • Enable audit logging for all users. • Ensure mailbox auditing is enabled for all users. • Configure email encryption policies across Microsoft 365. Defender for Office 365: Implement and document the following: • Anti-Spam Policy • Anti-Phishing Policy • Anti-Malware Policy • Safe Attachments Policy • Safe Links Policy Additional Policy Enforcement: • Disable external calendar detail sharing. • Enable internal phishing protection for Microsoft Forms. • Block installation of: (exceptions to be provided) o Word/Excel/PowerPoint, Outlook add-ins • Block user consent to third-party apps accessing company data. • Restrict calendar and contact sharing to internal users only. • Enforce Client Rules Forwarding Block. • Enable MailTips. • Ensure DKIM, SPF, and DMARC records are configured for all Exchange domains. 3. SharePoint, OneDrive & Teams Access Policies • Lock down external sharing: o Disable anonymous access o Limit sharing to known users only • Block OneDrive for Business sync from unmanaged devices • For Microsoft Teams: o Enable external sharing only for approved cloud storage providers (list to be provided) o Restrict Teams app installations to approved apps only 4. Intune Device Compliance & Configuration Configuration Policies: • BitLocker: Enforce drive encryption and back up keys to Entra • Password Policy: o Require complex passwords o Block use of common or company-related terms • Timeout Policy: o Enforce lock screen and idle timeout as per Microsoft security baseline Compliance Policies: • Verify BitLocker is applied correctly on all devices • Confirm all devices have security agent stack installed • Ensure Windows Hello for Business is configured Other: • Provide mobile device enrollment instructions • Verify enterprise app settings are correctly applied for all users 5. Intune Application Deployment • Deploy the following apps to all users via Intune: o Adobe Reader Pro o Microsoft 365 Apps (Word, Excel, PowerPoint, Outlook, Teams) o CCH Install Manager o Ring Central and Ring Central Teams add-on 6. Entra Conditional Access Policies • Require MFA when users attempt to Entra join a device • Block access from non-compliant devices • Block sign-ins from foreign countries • Block legacy authentication protocols ________________________________________ Deliverables • Configured Microsoft 365 environment per above specifications • Intune compliance and deployment dashboards validated • Email and Teams protections live and tested • Documentation of conditional access rules and security baselines ________________________________________ Timeline Please provide: • Project start availability • Time estimates per category or milestone • Total expected deployment time

Keyword: App Management

Microsoft Azure Office 365 Windows Administration Microsoft Active Directory System Administration Network Administration Windows Server Microsoft Windows