Client Portal — NxtLayer IT

Client Dashboard

Welcome back

Loading engagement details...

— —

Engagement Progress

📝

Assessment Forms

Submit information for your engagement

📄

Your Documents

Reports and deliverables for your engagement

📅

Schedule a Call

Book time with your NxtLayer IT consultant

📅

Book a Review Session

Schedule a 30-minute call to walk through findings, ask questions, or discuss your engagement roadmap.

📅 Open Scheduling Calendar

📚

Resources & Guides

Microsoft reference material for your team

🛡️

Zero Trust Checklist

PDF Guide

📊

M365 License Comparison

PDF Guide

📱

Intune Deployment Checklist

PDF Guide

🎯

Raise Your Secure Score

PDF Guide

🏥

HIPAA Safeguard Mapping

PDF Guide

💻

Cloud PC vs VPN Cost Guide

PDF Guide

🕐

Recent Activity

Latest updates on your engagement

⚡

Microsoft Implementation Hub

Your assigned step-by-step implementation guides — with PowerShell scripts and visual walkthroughs

Open Hub →

              📚 BUILT-IN GUIDES — Click a category to explore. These are general Microsoft baseline guides available to all clients.
            

🔐 MFA & Conditional Access 📱 Intune Device Compliance 🛡️ Defender for Endpoint 📋 DLP & Purview 👤 Identity & Entra ID 🏢 SharePoint & Teams

⚡ PowerShell scripts included 🖥️ Visual step guides ✓ Progress tracking 🤖 AI-generated on demand

🔍

Microsoft Environment Health Assessment

Your environment assessment results from NxtLayer IT — reviewed across 11 security and compliance areas

⚡ AUTOBOTS · BASELINE RECOMMENDATIONS

Microsoft Baseline Policy Recommendations

Select the policies you want to implement in your environment. NxtLayer IT will generate a step-by-step implementation guide for each one and add it to your hub.

🛡️ Compliance Policies

✓

Windows Compliance Policy

Require BitLocker, Secure Boot, min OS version. Block non-compliant devices via CA.

✓

Mobile Compliance Policy

Require PIN, encryption, no jailbreak or root on iOS and Android devices.

✓

Password Complexity Policy

Minimum 12 characters, complexity required, 90-day expiry aligned with Entra ID.

✓

Firewall State Check

Require Windows Firewall enabled across all profiles. Non-compliance triggers CA block.

✓

Antivirus State Check

Require real-time Defender protection. Triggers immediate non-compliance if missing.

⚙️ Configuration Policies

✓

BitLocker Encryption

XTS-AES 128-bit silent encryption with recovery key escrow to Azure AD.

✓

Windows Hello for Business

Passwordless PIN/biometric login. Requires Entra ID P1. Significantly reduces phishing risk.

✓

Defender Antivirus Baseline

Real-time protection, cloud-delivered intelligence, auto-remediation via security baseline.

✓

Firewall Configuration

Block inbound, allow outbound across all profiles. Log dropped packets via CSP profile.

✓

Windows Update Ring

Semi-Annual Channel with 3-ring deployment: Pilot → Early Adopters → Broad rollout.

✓

App Protection Policy (MAM)

Block copy/paste to unmanaged apps, require PIN for M365 apps on iOS and Android.

🔐 Conditional Access Policies

✓

Require MFA — All Users

Block sign-in if MFA not satisfied. Exclude break-glass accounts. Start in Report-Only mode.

✓

Block Legacy Authentication

Block IMAP, SMTP, POP protocols that bypass MFA. Monitor sign-in logs before enforcing.

✓

Require Compliant Device

Require Intune-compliant or Hybrid AAD joined device for resource access.

✓

Require Trusted Location or MFA

Require MFA when signing in from outside named/trusted locations across all cloud apps.

✓

Admin MFA — Always Require

All directory roles require MFA with no exclusions except documented break-glass accounts.