What VPN for a small business of 50 devices... - Page 1 - Computers, Gadgets & Stuff

Original Poster

3,845 posts

287 months

Tuesday 3rd March

I'm supporting a charity that has 50 win 11 devices that only access internet via free WiFi, or personal WiFi at home.

They all used 365 for Business - effectively all remotely.

They have no dedicated corporate network. All shared data is on sharepoint.

What you the great folk of PH recommend for a cost effective VPN to install on each device?

Are there any solutions we can integrate with the Endpoint bit of 365 admin?

TIA

FG

Captain_Morgan

1,429 posts

82 months

Tuesday 3rd March

If you have no corporate network and simply access MS365 (or whatever they call it nowj, what role do you think a vpn will play?

Obviously MS365 uses https so what more do you need?

What antivirus platform are you using on the systems?

camel_landy

5,386 posts

206 months

Tuesday 3rd March

If there is no corporate network and you're just accessing the M$ cloudy resources, you don't need a VPN.

M

ecs0set

2,505 posts

307 months

Tuesday 3rd March

If they are fully cloud native, what are you hoping to achieve from the VPN? I'd be looking at ZTNA first.

Harpoon

2,415 posts

237 months

Tuesday 3rd March

As above, I can't see the need for a VPN based on what has been posted.

I presume everyone has MFA enforced on their 365 accounts?

Depending on which tier of 365 licenses you are on, you could look at combining / adding Intune P1 and Entra ID P1 (IIRC) which provides things like Conditional Access which could add a useful layer. With CA you do things like block logins from selected countries, so if you are a UK charity you might deny all login attempts from the usual suspects.

Edited by Harpoon on Tuesday 3rd March 13:30

UpTheIron

4,057 posts

291 months

Tuesday 3rd March

As others have said, why do you think a VPN is needed? I'd be more concerned about the users Identity, the endpoint and the data on it than the lack of a network tunnel, you've got data in transit encryption as it is.

What Microsoft licenses does the charity have?
Assume Entra is the IdP? MFA & CA enabled? Tenant hardened?
Who owns the endpoints?
How are they configured, hardened, managed, patched etc?
What AV/EDR?
What are they doing for DLP?
How do they do remote support?
Proper controls around privileged roles?
Etc.

Original Poster

3,845 posts

287 months

Tuesday 3rd March

Thanks all. Glad I asked - not a specialist, over thinking it,

They have 365 for business premium, MFA is enabled, as is remote wipe etc. Permissions are role based and all but 2 admins, every one has the most limited access rights.

many thanks for you help.

pokegone

28 posts

113 months

Tuesday 3rd March

Not sure if you’ve come across NCSC but some reasonable advice for those seeking to mitigate the basics. https://www.ncsc.gov.uk/collection/small-business-...

Original Poster

3,845 posts

287 months

Tuesday 3rd March

What Microsoft licenses does the charity have? 365 Business Premium
Assume Entra is the IdP? MFA & CA enabled? Tenant hardened? Yes Entra is Idp MFA is enabled, I'll look at CA.
Who owns the endpoints? The charity
How are they configured, hardened, managed, patched etc? Windows 11 pro with windows update on.
What AV/EDR? AV = windows defender
What are they doing for DLP? relying on sharepoint and onedrive
How do they do remote support? they don't currently
Proper controls around privileged roles? yes on 2 admins rest use basic users
Etc.

many thanks

Original Poster

3,845 posts

287 months

Tuesday 3rd March

pokegone said:

Not sure if you ve come across NCSC but some reasonable advice for those seeking to mitigate the basics. https://www.ncsc.gov.uk/collection/small-business-...

excellent thanks

ecs0set

2,505 posts

307 months