Keep Sensitive Client Data Safe With Microsoft Mobile Device Management

Reach CPA is a CPA cloud accounting firm that supports hundreds of Canadian small businesses with cloud accounting and bookkeeping services. They also specialize in setting up paperless, automated, integrated technology solutions from their home in the Comox Valley.  Regroove assisted Reach CPA in keeping their client data safe with Microsoft Mobile Device Management.

Challenge 

Reach CPA realized they needed to bring in a specialist to collaborate on how to overcome some technical challenges they faced after migrating their systems over to the Office 365 cloud. Additionally, they wanted to ensure maximum security of their Office 365 migration in keeping client data safe.

Fabien Gendron, CPA and Partner, who ran the project explained that they made the switch to Office 365 based on the value you get for the price – “it’s packed with so much stuff.” 

They had originally been using a server stored in their office that was on its last legs before moving their files over to SharePoint Online. Staff could now work from home as they had quick, easy access to work files from anywhere on any device with an internet connection.  

Fabien quickly recognized the shift to having a mobile workforce traveling out of the office using laptops and cellphones meant they needed to increase security to prepare for the unlikely, yet possible, major security risk to their data – keeping client data safe.

Reach CPA stores and works sensitive personal and private information, including SIN numbers and bank account information. They had already setup multiple safeguards for external threats such as strong passwords and multi-factor authentication. 

Now they wanted to be proactive and prepare for the potential of internal threats – such as people losing their password, having their device stolen or misplaced, or a disgruntled employee leaving. 

Solution  

Reach CPA brought in Regroove to act as their technology and cyber security advisor. Fabien recognized Regroove’s Office 365 experience surpassed that of other IT firms who did not specialize in cloud technology.  

Regroove recommended that Reach CPA get all their devices running Windows 10 and then link them to Microsoft Intune. Intune is a cloud-based service that focuses on mobile device management and mobile application management. It was also recommended Azure Active Directory be set up, as it integrates with Intune to control who has access to data and what they can access. 

They explained the correct licensing to allow them to provision the security tools they needed including Intune, Azure Active Directory, Conditional Access, Azure Rights Management, and Multi-Factor Authentication for Azure.  

They worked together to discuss Intune features and requirements such as: 

• Application provisioning and policies for mobile apps 
• Software updates for devices 
• Conditional access policies 
• Device restriction policies 
• Reporting 

Reach CPA are unique as they preferred their staff perform the technical setup work on-site under the guidance of cloud specialists. Regroove created and shared videos with Reach CPA to explain options for Intune setup. The videos were straightforward and staff were able to walk themselves through with ease. 

What was especially pleasing was how well the two companies were able to collaborate remotely.  

Regroove specializes in Office 365 and knew what they were talking about which was really nice. I would look forward to working with Regroove again for that reason.

Fabien Gendron, CPA and Partner, Reach CPA 

Outcome and Benefits 

• Fabien can now see what every staff member is doing on their work devices.  
• He can control how the devices and applications are used and, most importantly, wipe a device if it gets stolen, lost, or compromised. The best part is he can do this from any computer that he has access to. 
• A new device can be set up in less than a day so staff can get back to work quickly if a laptop is lost or damaged.   
• The entire company was able to shift to working from home with minimal disruption due to enhanced portability.  
• Scalability is simple using the Office 365 Admin Center to easily set up accounts to add new employees to the system as the company grows. 
• The security concerns of potential new client about the safety of their personal data are eased with external safeguards and internal security measures in place. 
• Reach CPA can manage Intune and Azure Active Directory in-house going forward to keep costs down. 
• Staff can use the Office 365 Teams app on their mobile devices as a virtual office phone system to avoid using use their personal cellphone numbers and cellular plans for work calls. 
• Reach CPA can soon achieve their goal of operating 100% virtually using cloud-based software. 
• The physical server in their office space can be backed up, wiped, and dismantled.  
• They will be able to swap their physical office for access to a shared boardroom in a local co-working space. 

I love how I can manage all the laptops and mobile devices in a secure way. I feel like I could pick up any computer if I lost my computer, and the restart time would be pretty fast. I feel much more resilient from that perspective.

Fabien Gendron, CPA and Partner, Reach CPA

This solution was build using: 

• Microsoft Intune 
• Azure Active Directory 
• Microsoft Office 365 

Learn more: 

• Blog Posts:
  • What the F is MFA? 
• Videos:
  • What is MFA? | Do better with passwords.