On December 31st 2019, China reported its first case of COVID-19 (LINK). Less than a month later WHO declared it an international public health hazard and many of us didn’t fully comprehend the impact it would have on our daily lives then. Now, 3 months into this world pandemic, we have many states issuing a “Shelter-in-place” mandate (LINK). 
Many folks in IT had to scramble as the workforce they used to support on-site was suddenly shifting to working from home. We wanted to take the time to provide 3 safety tips for end-users as well as 3 best practices for IT administrators.
End-User Safety Tip #1: Beware the increase in spam messages
Just because your workload has shifted or even decreased doesn’t mean those who have been spamming you before are taking it easy. They know that we are relying more on emails and will try to slip past the spam filters just to get you to click on a link. Please be vigilant in what you click and respond to; don’t be afraid to call the person who sent you the message either.
End-User Safety Tip #2: Keep personal & work separate
Whether you already had a company provided laptop or were recently given one in order to work from home; remember that only work should be performed on these devices. More than likely your IT team has security software installed on the devices in order to adhere to compliance regulations.
End-User Safety Tip #3: Communicate often
Even though this is more of a mental safety tip, be communicating with your coworkers often throughout the day. Chances are you have a brand-new instant communication (Microsoft Teams) package deployed that allows you to chat & video call with your coworkers. Use it to its full advantage in order to have contact with others.
IT Admin Best Practice #1: Review Azure AD sign in logs
Using the Azure AD Sign-in portal (LINK) you have the ability to review the 4 W’s (Who, What, Where, When). As you can see in the below screenshot I had successfully logged into the Azure portal from my hometown (in order to take said screenshot). This portal will also report about users logging into different portals or when their apps (like Outlook) authenticate. 
IT Admin Best Practice #2: Increase your cloud security package
Office 365’s introductory licenses (Business Essentials & Business Premium) are starting to show their age as they are only offerings into the cloud-hosted solutions with only a pinch of security thrown in for good measure. The newly introduced Microsoft 365 Business is pretty much Office 365 Business Premium but if it went to the “Pumping Up Security Gym”. At only $20 per user, Microsoft includes their advanced email filters, Azure AD premium plan 1, and mobile device management. 
IT Admin Best Practice #3: Verify user’s identity before changing security
I recently read a story (unrelated to current pandemic) of an IT manager (LINK) who disabled MFA for a user because she was getting too many notifications. Most of us can assume what happens after that, but the TL;DR version is that the hacker was able to get in and send out an email blast. That being said; it might be hard to verify a user’s identity when not face-to-face if they need a password reset or having issues with MFA. Come up with a business-friendly way to verify a user’s identity by either asking for their employee number or maybe even having their manager vouch for them. We are all having to deal with the COVID-19 pandemic in different ways and we want to help where we can with either with getting migrated into Microsoft’s cloud platform or even shoring your current Microsoft tenant.