365labs - Microsoft 365 and cybersecurity consultancy

View Original

Digital-First with an Estonian Company

Paul Barton

Note: Nothing here constitutes financial or legal advice in any jurisdiction. For informational purposes only.

We work exclusively with digital-first and cloud-first companies, helping them move away from relying on on-premise systems and workflows. Our favourite clients to work with are startups, as a blank canvas allows us to apply the best products from the outset using best practices. When a prospective Digital Marketing Agency (DMA) approached us to set up a brand new agency, we were delighted to help set up their cloud products and create an integrated and secure infrastructure.

Wait, why Estonia?

The agency planned to be a fully remote, fully digital organisation covering all of the EU and Europe, including the UK. We suggested they consider incorporating their business in Estonia due to its advanced digital ecosystem. Estonia offers a unique corporate tax system where profits are not taxed until they are distributed (e.g., as dividends), which is advantageous for businesses looking to reinvest profits for rapid growth. Moreover, Estonia's e-Residency program allows non-Estonians to start and manage an EU-based company online, making it an ideal choice for digital-first businesses.

Initial Setup

Domain and Email

Before setting up other services, we needed to purchase their domain names and set up a Microsoft 365 account for email and SSO capabilities. We created an account with Cloudflare to purchase their domain names, granting our engineers access to complete the DNS setup and implement features like a web application firewall. Microsoft 365 Business Premium was chosen for its comprehensive offerings, including:

  • Cloud-based email and document storage: OneDrive and SharePoint

  • Microsoft Entra ID: For Single Sign-On (SSO)

  • Defender for Business: Endpoint protection for Windows and macOS

  • Intune: For endpoint management of Windows, macOS and iOS.

  • Microsoft Office: For productivity

We purchased domains through Cloudflare and Almic.ee (for the EE domain), with identity proof for the EE domain streamlined using the e-Residency digital identity card.

Security and Integration

We set up essential security protocols such as DNSSEC, SPF, DMARC, DKIM, and Brand Indicators for Message Identification (BIMI). For further integration and security, we established Google Workspace and Apple Business Manager using SSO via SAML with Microsoft Entra ID as the sole Identity Provider for both services. For cloud services not supporting SAML, we used OAuth 2.0 with Microsoft, Google, or Apple IDs.

Their Microsoft credentials were protected with conditional access policies, requiring either a password-less login or a Yubikey hardware token as a backup. This setup allowed the client to leverage their Microsoft credentials across all cloud services supporting Microsoft, Google, or Apple IDs.

Tools and Services

Through collaboration with 365labs and various partners, the following products were chosen to build their business:

  • Wise.com: Integrating Wise with Xero for seamless transaction management and multi-currency support.

  • Xero: Connected with HubSpot CRM for invoicing and financial tracking.

  • Remote.com: Set up payroll and HR processes for all European employees, integrating with Xero for financial records.

  • Microsoft 365: Utilized for collaboration (Teams), email (Outlook), and document management (OneDrive/SharePoint). Including Endpoint Protection with Defender for Business.

  • HubSpot CRM: Managed client interactions and integrated with Xero for financial data, used alongside Hootsuite for social media campaigns.

  • Hootsuite: Managed and scheduled social media posts, tracked engagement, and integrated with HubSpot CRM.

  • Webflow: Designed and built the agency’s website, integrated with HubSpot for lead capture forms, and Google Analytics for tracking.

  • Google Analytics: Monitored website performance and user behavior, integrated with Webflow for insights into traffic and conversions.

  • Zapier: Automated workflows between apps, such as creating tasks in Microsoft Teams from HubSpot activities or sending form submissions from Webflow to HubSpot CRM.

  • 1Password: Securely managed and shared passwords within the team.

  • Cloudflare: Improved website performance and security with a content delivery network (CDN), DDoS protection, and SSL management.

  • Apple Business Manager: Deployed and managed Apple devices across the organization.

  • ChatGPT: Used for content creation, customer support automation, and internal process improvement.

Conclusion

By implementing a carefully curated selection of tools and services, we were able to provide a well-secured and integrated cloud infrastructure for the agency. This setup not only met their current needs but also ensured scalability for future growth. We are proud to have facilitated their journey towards becoming a fully remote, digital-first organisation.

We have Estonian e-Residents who are well versed in the procedures and requirements, and we have now added Spanish, Portuguese, and Estonian translations to our website, reflecting our growing work in these markets. If you would like a free no-obligation chat about any of these issues please get in touch. We’d be happy to help!