Can Your Staff Work From Home Securely?

Most Perth SMBs allow remote work — but very few have the security configuration in place to do it safely. DM1 explains what's required and what's missing.

Book a Remote Work Security Review

Working From Home Expands Your Attack Surface

When your staff work from the office, they're behind a business network with defined security controls. When they work from home, they're on a residential broadband connection, using personal devices or business laptops with no central management, accessing your business systems from locations you have no visibility over. Microsoft 365 includes the tools to secure remote work properly — but they need to be configured. DM1 does this as part of every new client security engagement.

Most Perth SMBs DM1 takes over have no Conditional Access policies, no device management and no multi-factor authentication enforcement. Staff are accessing business email and files from any device, on any network, with no controls in place.

What DM1 Configures for Secure Remote Work

These are the security controls DM1 puts in place for Perth businesses whose staff work from home or remote locations:

Multi-Factor Authentication (MFA)

The single most effective control for remote work security. MFA requires staff to verify their identity via a second method — the Microsoft Authenticator app — before accessing business email and files from any location. DM1 enforces MFA for all users.

Conditional Access Policies

Conditional Access is the traffic cop of Microsoft 365. DM1 configures policies that control which devices, locations and network conditions are allowed to access your business systems — and block or challenge anything that doesn't meet the criteria.

Intune Device Management

Microsoft Intune (included in Business Premium) allows DM1 to enrol and manage business laptops and mobile devices centrally — enforcing encryption, screen lock, and security baselines regardless of where the device is used.

Device Compliance Requirements

DM1 configures Conditional Access to require that only Intune-enrolled, compliant devices can access business data. A personal device that isn't enrolled and managed cannot connect to your Microsoft 365 tenant.

Microsoft Defender for Business

Included in Business Premium, Defender for Business provides endpoint protection across all enrolled devices — detecting and responding to malware, ransomware and suspicious activity whether the device is in the office or at home.

Session Controls and App Restrictions

For particularly sensitive data, DM1 can configure session controls that limit what staff can do when accessing Microsoft 365 from an unmanaged device — allowing email viewing but blocking downloads, for example.

No VPN Required — Conditional Access Instead

Traditional VPNs are complex to manage and create a single point of failure. Microsoft 365 with properly configured Conditional Access provides equivalent or superior security without a VPN — DM1 explains the trade-offs for your specific situation.

Sign-In Risk Policies

DM1 configures sign-in risk policies that automatically block or challenge logins from unusual locations, impossible travel scenarios, or known compromised IP addresses.

Remote Work Security Gaps DM1 Finds at New Client Onboarding

These are the remote work security problems DM1 encounters most often when a Perth business comes on board:

No MFA enforced

Staff are accessing Microsoft 365 with a username and password only. A single compromised password gives an attacker full access to business email, files and contacts from anywhere in the world.

Personal devices with no management

Staff are using personal iPhones, Android phones or home laptops to access business email and files. DM1 has no visibility of these devices, and the business has no way to wipe business data if the device is lost or the employee leaves.

Business Premium licences with no Premium features configured

The business is paying for Business Premium — which includes Intune, Defender and Conditional Access — but none of these features have been set up. Remote staff have no additional protection compared to a free email account.

Home Wi-Fi with no security baseline

Staff working from home are on residential broadband networks that may be shared, unsecured or compromised. Without Conditional Access, Microsoft 365 has no way to assess the risk of the connection.

Shared computers at home

Staff sharing a home computer with family members and accessing business email through a browser with saved passwords — leaving business credentials accessible to anyone who uses the device.

No way to remotely wipe a lost device

A staff member loses their laptop at a café. The business has no way to remotely wipe business data from the device because it was never enrolled in Intune. All business email, files and saved passwords are accessible to whoever finds it.

How DM1 Secures Remote Work for Perth SMBs

DM1 follows a structured process to put the right controls in place — without making it so complicated that staff route around the security.

Audit your current Microsoft 365 security configuration

DM1 reviews your Microsoft 365 Admin Centre, Azure Active Directory, and Conditional Access policies to understand what's currently in place — and what's missing.

Enforce MFA for all users

DM1 configures and enforces multi-factor authentication for every user account. Staff are guided through setting up the Microsoft Authenticator app on their phone.

Configure baseline Conditional Access policies

DM1 implements a baseline set of Conditional Access policies — requiring MFA, blocking legacy authentication, and flagging sign-ins from unusual locations.

Enrol devices in Intune

For businesses on Business Premium, DM1 enrols business laptops and approved mobile devices in Microsoft Intune — applying security baselines, encryption requirements and compliance policies.

Configure Defender for Business

DM1 activates and configures Microsoft Defender for Business on all enrolled endpoints — providing real-time protection and a central dashboard for security alerts.

Train staff on the new process

DM1 explains the changes to staff in plain English — why MFA is required, how to use the Authenticator app, and what to do if they're locked out. The goal is compliance, not confusion.

What DM1 Found When New Clients Came On Board

These are real situations discovered during DM1 new client onboarding. Business names are not used.

DISCOVERED DURING DM1 NEW CLIENT ONBOARDING

Financial Services Business — Perth Southern Suburbs

The problem: The business had five staff working from home two days per week. No MFA was enforced. Staff were using a mix of business laptops and personal devices. The principal assumed that because they were on Microsoft 365, their remote access was secure.

What DM1 found: DM1's security audit found no Conditional Access policies, no MFA enforcement, and no Intune enrolment. Three of the five remote staff were accessing Microsoft 365 from personal devices that had never been reviewed by IT. One account had a sign-in from an overseas IP address in the audit log that had never been investigated.

The outcome: DM1 enforced MFA across all accounts, configured four Conditional Access policies, enrolled the three business laptops in Intune, and investigated the suspicious sign-in (which turned out to be a failed brute-force attempt that MFA would have stopped). The overseas sign-in had accessed the account's email before MFA was in place.

DISCOVERED DURING DM1 NEW CLIENT ONBOARDING

Healthcare Practice — Perth Northern Suburbs

The problem: A practice manager worked from home one day per week, accessing the practice's Microsoft 365 environment from a personal laptop shared with their teenage children. Patient correspondence, appointment records and referral letters were accessible from the shared device.

What DM1 found: DM1 found the practice was on Microsoft 365 Business Premium with none of the Premium features configured. No MFA was enforced. The practice manager's account had full access to all patient-related correspondence with no device controls in place.

The outcome: DM1 enforced MFA, enrolled a dedicated business laptop in Intune, and configured a Conditional Access policy requiring Intune compliance for access to Microsoft 365. The practice manager's personal device was removed from business access. Given the nature of the data involved, DM1 also provided documentation of the security changes for the practice's privacy compliance records.

Why Perth Businesses Use DM1 for Remote Work Security

✓ Microsoft 365 Business Premium Expertise

DM1 configures the full suite of Business Premium security features — Intune, Conditional Access, Defender for Business — as a complete, integrated system rather than isolated tools.

✓ Plain English for Staff

Security controls only work if staff use them correctly. DM1 trains your team on MFA, the Authenticator app and device enrolment in plain English — no jargon, no manuals.

✓ No Unnecessary Complexity

DM1 doesn't implement security for its own sake. We configure what's appropriate for your business size, risk profile and working patterns — and explain the trade-offs clearly.

✓ Privacy Act Considerations

For businesses handling personal information, remote work security is not just an IT question — it's a compliance question. DM1 configures controls that support your Privacy Act obligations.

✓ Ongoing Monitoring

For managed services clients, DM1 monitors sign-in logs, Defender alerts and Conditional Access events — catching unusual activity before it becomes an incident.

Find Out Whether Your Remote Work Setup Is Actually Secure

DM1 reviews your Microsoft 365 remote work security configuration and puts the right controls in place — MFA, Conditional Access, Intune and Defender — configured correctly for Perth SMBs.

Contact DM1 (08) 6202 6012