End to End email protection with Microsoft 365–Part 6

This is part of a series of articles about email security in Microsoft 365. Please check out previous articles here:

End to End email protection with Microsoft 365 – Part 1

End to End email protection with Microsoft 365 – Part 2

End to End email protection with Microsoft 365 – Part 3

End to End email protection with Microsoft 365 – Part 4

End to End email protection with Microsoft 365 – Part 5

These articles are based on a model I have previously created, which you can read about here:

CIAOPS Cyber protection model

designed to help better explain expansive security included with Microsoft 365.


Email reporting and auditing

It’s now time to look at all the logging that occurs during even the simply process of receiving and viewing an email. For starters there is:

Message tracing

and

Message trace in the modern Exchange admin center

Message trace in the Security & Compliance Center follows email messages as they travel through your Exchange Online organization. You can determine if a message was received, rejected, deferred, or delivered by the service. It also shows what actions were taken on the message before it reached its final status.

There is also reporting options like:

Mail flow insights in the Security & Compliance Center

and

Mail flow reports in the Reports dashboard in Security & Compliance Center

as well as:

Microsoft 365 Reports in the admin center – Email activity

If you want to specifically look at email security there is:

Email security reports in the Security & Compliance Center

as well as:

Defender for Office 365 reports in the Reports dashboard in the Security & Compliance Center

and

Reports for data loss prevention (DLP)

I have also spoken about the importance of the Unified Audit Logs (UAL) in Microsoft 365:

Enable activity auditing in Office 365

Unified Audit Logs in Microsoft 365

and you need to ensure that these have been enabled so that you can:

View mailbox auditing

Starting in January 2019, Microsoft is turning on mailbox audit logging by default for all organizations. This means that certain actions performed by mailbox owners, delegates, and admins are automatically logged, and the corresponding mailbox audit records will be available when you search for them in the mailbox audit log.

Here are some benefits of mailbox auditing on by default:

  • Auditing is automatically enabled when you create a new mailbox. You don’t need to manually enable it for new users.

  • You don’t need to manage the mailbox actions that are audited. A predefined set of mailbox actions are audited by default for each logon type (Admin, Delegate, and Owner).

  • When Microsoft releases a new mailbox action, the action might be automatically added to the list of mailbox actions that are audited by default (subject to the user having the appropriate license). This means you don’t need to monitor add new actions on mailboxes.

  • You have a consistent mailbox auditing policy across your organization (because you’re auditing the same actions for all mailboxes).

With this auditing enabled you can do things like:

Reporting mailbox logins

and

Search the Office 365 activity log for failed logins

as well as

Audit Office 365 user logins via PowerShell

Many of the reports that you find in the Microsoft 365 Admin area can be scheduled to be sent via email per:

Scheduling compliance reports

Apart from auditing and security you can also do more typical things like:

Viewing mailbox usage

Viewing Email apps usage

The availability of all this data is covered here:

Reporting and message trace data availability and latency

typically being 90 days.


User reporting and auditing

For information more specifically about user logins into the service and the Identity container, the best place to look is in Azure Active Directory (AD).

What are Azure Active Directory reports?

Find activity reports in the Azure portal

Azure Active Directory sign-in activity reports – preview

Audit activity reports in the Azure Active Directory portal

and if you want use PowerShell

Azure AD PowerShell cmdlets for reporting

Device reporting and auditing

There are lots of options when it comes to monitoring and reporting on devices. Apart from what is offered locally you also have:

Intune report

Create diagnostic settings to send platform logs and metrics to different destinations

Manage devices with endpoint security in Microsoft Intune

You can even get telemetry data and analytics reports from your desktop applications via:

Windows Desktop Application Program


Aggregated data reporting and monitoring

As you can see with all the options above, it is easy to get to information overload trying to keep up with all those signals. Luckily Microsoft provides a range of services to aggregate all this for you to make monitoring and report easier.

The first is Microsoft Cloud App Security services:

Cloud App Discovery/Security

Microsoft Cloud App Security overview

Microsoft Cloud App Security data security and privacy

There are plenty of reasons why you really should have Microsoft Cloud App Security in your environment:

A great security add on for Microsoft 365

Office 365 Cloud App Discovery

Next, is Microsoft Defender for Endpoint that will aggregate security and threat information for devices in your environment and make it available in a single console.

Overview of Microsoft Defender Security Center

Microsoft Defender Security Center portal overview

Microsoft Defender for Endpoint

Microsoft Defender for Endpoint evaluation lab

Finally for me, there is Azure Sentinel, which I see as really the ultimate hub for event reporting, monitoring and alrtign across the whole service.

Another great security add on for Microsoft 365

Introduction to Azure Sentinel

Azure Sentinel is a service that growing in features rapidly:

A couple of new additions to Azure Sentinel

Stay ahead of threats with new innovations from Azure Sentinel


Summary

Hopefully, all this gives you some insight into all the auditing and usage data that Microsoft 365 captures during any interaction within the service. One of the biggest benefits is also how this information is integrated between services, especially those that aggregate information lime Microsoft Cloud App Security and Azure Sentinel. This means you don’t have to crawl through individual log entries, you can use a dashboard and drill down from there. I also like the fact that all of these services and data are accessible using a scripting tool like PowerShell if you want to automate this further.

Remember, throughout this six part series I’ve just looked at what happens when a single email is delivered and view with Microsoft 365. If you expand that out to all the services and capabilities that Microsoft 365 provides you can hopefully get a better appreciate of the protection it provides in place for your data on many different levels.

The call to action for readers is to go away and implement all the security features that Microsoft 365 provides. This may of course vary by the license that you have. You should then consider what additional security offerings the Microsoft cloud stack can offer that makes sense for your business, then implement those. Remember, security is not a destination, it is journey.

Get Intune and Endpoint policies using PowerShell

Recently, I wrote an article about how to use PowerShell to connect to Intune and Microsoft Endpoint Manager. You’ll find it here:

Intune connection PowerShell script

Having a script that just connects to Intune doesn’t achieve a whole lot now does it? It’s now time to put that connection script to good use.

image

I’ve created another script, that once connected to Intune will allow you to display all the policy names you have configure in both Intune and Endpoint Manager as shown above. You can find that script here:

https://github.com/directorcia/Office365/blob/master/intune-policy-get.ps1

You’ll need to use my script to connect to Intune first. Once you have you can run the second script.

Although these scripts don’t do a huge amount, they will help you hopefully more easily connect to Intune with PowerShell and understand how you can also use PowerShell to work with information in both Intune and Endpoint Manager.

I’ll work on more advanced scripts for Intune and Endpoint that I’ll share in the future. However, this should hopefully get you up and running with automating device management in Microsoft 365.

End to End email protection with Microsoft 365–Part 5

This is part of a series of articles about email security in Microsoft 365. Please check out previous articles here:

End to End email protection with Microsoft 365 – Part 1

End to End email protection with Microsoft 365 – Part 2

End to End email protection with Microsoft 365 – Part 3

End to End email protection with Microsoft 365 – Part 4

These articles are based on a model I have previously created, which you can read about here:

CIAOPS Cyber protection model

designed to help better explain expansive security included with Microsoft 365.

In the previous part we had arrived at the stage where the user had successfully logged into a Windows 10 device.

At this point, the user is most likely to launch Outlook to read their emails. Visually the process is going to look like:

image

The email has been delivered from outside the Microsoft 365 Service to the Data container. The User has authenticated themselves via various methods to the Device container. An App on the device will now apply the User authentication to allow the App access to Data container to retrieve the email so it can be displayed to the User.

The focus for this articles will be the access of the App (Outlook) to the email Data as mentioned.

When it comes to the security of this interaction the place to start is to ensure that the App (Outlook) is supported and up to date. The first thing to check is:

What version of Outlook do I have?

and make sure that it is supported by the Service:

Office versions and connectivity to Office 365 services

Given that most Microsoft 365 plans come with a subscription to Office on the desktop, the assumption here is that it is fact supported. There are various ways to:

Download and install or reinstall Microsoft 365 or Office 2019 on a PC or Mac

but for simplicity the assumption will be that it is installed and maintained using:

Deploy Microsoft 365 Apps with Microsoft Endpoint Configuration Manager

It is obviously very important to ensure that all applications that access secure data are updated regularly.

Choose how to manage updates to Microsoft 365 Apps

How to install the latest applicable updates for Microsoft Outlook (US English only)

The assumption will be that, via whatever method, the Microsoft Office desktop application are indeed up to date.

When the Outlook app runs, it will do so on the device, which will be typically connected to the public Internet. this means it is going to need top copy data from the secure Data container in the above model to the secure Device container which lives in another location.

Transferring secure data across an insecure medium like the Internet involves a lot of technology. A lot of them you can read here:

Exchange-Outlook Protocols Documentation

however the most relevant is probably:

How Exchange Online uses TLS to secure email connections

Microsoft 365 is also moving to TLS 1.2 in Office 365 for further security.

Once the email data has traversed from the Data container in Microsoft 365 to Outlook on the user Device is typically stored in an OST file on the local machine.

Introduction to Outlook Data Files (.pst and .ost)

This OST data file is not itself encrypted but the location in which it resides on the device is encrypted using BitLocker.

Outlook incorporates a number of in-built security features including:

Outlook blocked access to the following potentially unsafe attachments

Security Behavior of the Outlook Object Model

Protected Properties and Methods

New feature in Office 2016 can block macros and help prevent infection

Plan security settings for VBA macros in Office 2016

Enable or disable macros in Office files

Overview of the Junk Email Filter

Emails in Outlook will also be protected by Defender for Office 365:

Zero-hour auto purge (ZAP) in Exchange Online

Safe Links in Microsoft Defender for Office 365

Safe Attachments in Microsoft Defender for Office 365

Yet another layer of protection will be:

Microsoft Defender for Endpoint

including technologies like Attack Surface Reduction (ASR) which I have detailed previously:

Attack surface reduction for Windows 10

Further data protection can then be provided by Windows Information Protection (WIP) per:

Protect your enterprise data using Windows Information Protection (WIP)

“Windows Information Protection (WIP), previously known as enterprise data protection (EDP), helps to protect against this potential data leakage without otherwise interfering with the employee experience. WIP also helps to protect enterprise apps and data against accidental data leak on enterprise-owned devices and personal devices that employees bring to work without requiring changes to your environment or other apps.”

For example, if WIP was implemented, it would prevent user saving corporate attachment to non-compliant devices. Perhaps like a USB key.

Further still there is:

Azure Information Protection

which protects information no matter where it travels.

So even when a copy of the email is sitting in Outlook on the desktop it is and can be protected by a wide variety of technologies in Microsoft 365.

image

If we now take a step back and have a look at a summary of many of the protections we have been talking about so far we would see something like shown above. Remember here that all we have focused so far on is email! Many of these protections will in fact protect information as well as the protection it provides for email. The take away is, in a nutshell, there is a lot of stuff protecting user data provided by Microsoft 365.

Although there is a lot of protection capabilities in Microsoft 365, many of the protection services are either not enabled by default, require unique policies or have generic policies. It is important for each organisation to evaluate what their security requirements are (i.e. what they want to protect) and then implement the services available to them in Microsoft 365 to meet these requirements. The take away is, if you want all the protection features available in you need to configure them, they don’t all magically work to your requirements out of the box!

Also, simply enabling or configuring all these services is something that will need to be continually reviewed and adjusted over time. We’ll also cover that topic in some details in upcoming articles.

Now you can enable all these services and make everything super secure but doesn’t provide absolute security, because that simply doesn’t exist. It will certainly mitigate the majority of threats out there but it still means that the whole environment needs to be monitored constantly to ensure nothing is getting through. Remember, every time we cross a container boundary above, logs are generated. Where and how to use these logs will be the subject of the next part in this series, so stay tuned.

End to End email protection with Microsoft 365–Part 6


My podcasts – 2021

desk-music-headphones-earphones

You can find the previous year’s selection here:

My podcasts 2020

I do spend a lot of time listening to podcasts, generally in between things, like travelling. However, there is a limit to how many you can consume in a week and that’s why I need to be very discerning about what I listen to.

Regulars

These podcasts are ones that I generally won’t miss an episode of.

Windows Weekly

The latest Microsoft news with some fun and entertainment along the way. Paul Thurrott’s musing make this podcast alone something worth listening to.

The Tim Ferriss Show

Some really great advice, business insights and strategy. Also lots of life lessons that I have found work really well for me. A weekly must listen for me.

Hardcore History

These tend to be quite long, like reading a book, but a very good and very interesting. Luckily, they are not that frequent, so it can make a nice change from all the tech stuff

The Intrazone

All the latest news and information about SharePoint, OneDrive for Business, Teams and more directly from Microsoft.

Sync Up

A podcast focused on the Microsoft files experience around OneDrive from Microsoft.

MJF Chat

Mary Joe Foley interviewing someone in the technology field. What I really like about these are they are short and to the point. Makes it much easier to listen to on a regular basis.

Darknet Diaries

Really well produced cybersecurity focused podcast. Has a nice variety of topics and the content is good and well researched. If you enjoy the security side of IT you’ll love these episodes.

Currently evaluating

These podcasts I listen to frequently, but maybe not every episode. Some of these may eventually get cut from the roster. Anything here has to provide real business value for it to remain long term.

Security Unlocked

Still findings its feet but with the growing need focus on security I think this will provide some valuable information from Microsoft.

Windows Insider podcast

Always interesting to hear what’s the latest and greatest with Windows from Microsoft.

Microsoft Cloud Show

Tends to be somewhat developer focused but there is handy information here, once you get past some of the other stuff, although I must admit this is becoming less and less the case. In short, podcast is starting to become a little off topic and may need to make room for something else.

Cyber

A podcast focused on cybersecurity. Fairly broad and somewhat more laid back and less technical (from what I’ve listened to so far) when it comes to content. Will need to listen to more episodes before deciding if this podcast makes the cut.

#Shifthappens

A podcast focused on digital transformation, typically in the enterprise and government space. Not too long which is good.

If I have time

There are simply not enough hours in a day to get through everything. These are great podcasts but I simply don’t have the time to listen to them regularly unfortunately.

Jocko Podcast

Probably too hard core for most. For me it is a great mix of military history and business mindset training. If you have a ‘fanatical’ tendency then give this one a listen.

The Kevin Rose Show

A bit like the Tim Ferriss podcast. Plenty of interesting and different stuff that always makes you think. Somewhat irregular episodes but I am still enjoying what I’m hearing.

Business wars

Interesting to get the story behind major business rivalries. More a ‘stage production’ than a podcast. Very enjoyable if you have the time.

Behind the Tech

Hosted by Microsoft’s Chief Technology Officer, Kevin Scott, it has lots of interesting guests and topics.

Once off podcasts

Think of these more of a book you’d read or a TV show you’d watch.

13 minutes to the moon

If you love space, you’ll love this ‘podumentary’ on the moon land. The production quality is simply first class, which you would expect from the BBC. Make sure you listen to both seasons so far!

The Bomb

Another amazing BBC production focused on the Atom bombs. If you are a history buff, I’ll bet you’ll love this one as well.


I churn through these mostly at 2x speed to allow me to get through as much content as possible. I do have a few other podcasts on my current podcasting app. I am always on the lookout for good podcasts business, technology, history, whatever. So if you can recommend something you like, I’m all ears.

Finally, of course, there is my own podcasting effort:

Need to Know podcast

which covers the Microsoft Cloud (typically Microsoft 365 and Azure) as well as business topics. I encourage you to have a listen and me know what you think. 2021 will be the eleventh year that it has been available.

Hopefully, there is something of interest to you in what I listen to. Feel free to let me know as well as any recommendations you may have, as I said, I’m all ears!

My Tech Books – 2021

Tech is as much a lifestyle choice these days as it is a career. The geeks and nerds have risen to rule the world. Don’t believe me? Ask Bill Gates! Sometimes it is good to step back and take a wide look at how technology has changed the world we live in – for better and worse. My selection below I have found to be enjoyable and thought provoking in many different ways and I recommend them to everyone who is interested in tech.

There hasn’t been an change to this since last year. Good tech books are hard to come by it seems!

You can follow all the books, tech, business, non-fiction I read and want to read over at Goodreads where I have an account. You can also view my activity via:

https://www.goodreads.com/director_cia

1. Daemon – Daniel Suarez [Fiction]

A glimpse into the future of where drones and augmented reality may take us. That may not necessarily be a good place either.

2. Freedom TM – Daniel Suarez [Fiction]

A follow up to Daemon. What happens when technology dominates the world? Who benefits?

3. Ready Player One – Ernest Cline [Fiction]

Much like the Matrix. What is life like if you live inside the machine? You can be just about anyone you choose. I also love this book for all the retro technology that was part of my life. TRS-80 anyone? This book has become so popular that there is now a movie. Believe me, the book is better.

4. Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin’s Most Dangerous Hackers – Andy Greenberg [Non-Fiction]

This is a great book if you are interested in IT security. It is also a very current book which makes it even more engrossing. It is easy to read and quite comprehensive in its approach, not only dealing with the technology of security attack but also the geopolitical reasons and consequences.

It reveals that shadow world of nation state cyber attacks and illustrates how they are happening today and likely to increase in the future. The connected world of the Internet has brought us many benefits but it is now increasing risks as our dependencies increase to the point that there are few manual backups that don’t depend on technology.

I think this book is a real glimpse into the future and what we may be in store for in the even of rising global conflicts. If you like tech, you’ll love this!

5. Future Crimes: Inside the Digital Underground and the Battle for our Connected World – Marc Goodman [Non-fiction]

Technology will ultimately doom us all I believe because we are building our world on stuff that unfortunately places a low regard for security and privacy. This book will show you why that is a road to ruination.

6. Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon – Kim Zetter [Non-Fiction]

If you don’t believe cyber warfare is real then read this book to understand how software is now a weapon as potentially devastating as any nuclear device.

7. Beyond Fear: Thinking Sensibly about Security in an Uncertain World – Bruce Schneier [Non-Fiction]

Security is important but it is important in context. We need to be rational when we consider our security not emotional. A great level headed approach to how we need to be secure.

8. American Kingpin: The Epic Hunt or the Criminal Mastermind Behind the Silk Road – Nick Bilton [Non-Fiction]

An amazingly detailed book on the rise and fall of Ross Ulbricht, the creator of the Silk Road web site. In here are asked to think about whether technology plays something more than a neutral role in today’s world.

9. The Cuckoos Egg – Clifford Stoll [Non-Fiction]

Before the Internet was in the public sphere it existed in the world of academia. This is the story of how one man’s search for the source of an accounting error uncovered something are more sinister.

10. Takedown – John Markoff and Tsutomu Shimomura [Non-Fiction]

The pursuit and eventual capture of notorious hacker Kevin Mitnick makes for great reading. Is somewhat dated now but still a great read.

New Intune connection PowerShell script

image

I’ve uploaded a new connection to Intune script that is freely available on my Github repository. You’ll find it here:

https://github.com/directorcia/Office365/blob/master/Intune-connect.ps1

image

Once it has been run you can run commands like:

get-autopilotprofile

as shown above.

To allow this script to operate correctly you’ll need the following two modules installed:

WindowsAutoPilotIntune

and

Microsoft.Graph.Intune

Both of these will be installed as part of my o365-setup.ps1 and o365-update.ps1 scripts, which are also freely available.

image

I’ve also added this Intune connection script to the connection selector script (c.ps1) in the same repository.

image

When intune-connect.ps1 runs you’ll be prompted for your credentials as normal.

image

Then you password and MFA if required.

image

Because connection to Intune via PowerShell now uses the Microsoft Graph, you’ll need to allow the above permissions as shown once.

SNAGHTML95fe247f

You’ll find those permissions, when you accepted them, in Azure AD, User, Applications as shown above inside the Azure portal. In there will be an application called Microsoft Intune PowerShell as shown above.

image

If you select that Microsoft Intune PowerShell and scroll down to the bottom of the screen that is displayed, you can select a link View granted permissions as shown above.

image

You will then see all the permission granted to that user for accessing the Graph. You can also remove these if you ever want to as well here.

Having access to Intune and Autopilot via PowerShell will make automating device management much easier.

My Business Books – 2021

Check out my recommendations from last year:

My Business Books – 2020

Honourable mentions that I read last year:

– Indistractable: How to Control Your Attention and Choose Your Life – Nir Eyal, Julie Li

– Mastery – Robert Greene

– Atomic Habits: An Easy & Proven Way to Build Good Habits & Break Bad Ones – James Clear

– Thinking in Bets: Making Smarter Decisions When You Don’t Have All the Facts – Annie Duke

You can follow all the books I read and want to read over at Goodreads where I have an account. You can also view my activity via:

https://www.goodreads.com/director_cia

Here’s my current top business books in order:

1. The Art of War – Sun Tzu

The all time classic on strategy. As relevant today as it ever was. A very short read but very deep.

2. The Millionaire Fastlane – M.J. DeMarco

I love the brutal honesty of this book. It doesn’t mince words about what it takes to shift from a pay check to actually living the life you want.

3. The Tipping Point – Malcolm Gladwell

The world is all about not what you know but who you know. This book explains exactly how this works and how to use it to your advantage.

4. The Four Hour Work Week – Tim Ferriss

Many people believe this book is about shirking responsibility. It is in fact a blueprint for how to free up your time to do things you want and enjoy. It will challenge the way you look at your career.

5. Secrets of the Millionaire Mind: Mastering the Inner Game of Wealth – T. Harv Eker

The successful are defined by a different mindset. This mindset can be learned. It can be trained. This is a great book to show you how to do just that.

6. Talent is over rated: What Really Separates World-Class Performers from Everyone Else – Geoff Colvin

Demonstrates that the best comes from implementing a system. Having a system allows you to focus on the right thing and do that work that is required. If you want to take yourself to an elite level, beyond just good, then read this book.

7. Book Yourself Solid: The Fastest, Easiest, and Most Reliable System for Getting More Clients Than You Can Handle Even If You Hate Marketing and Selling – Michael Port, Tim Sanders

You can’t survive in business without a steady flow of customers. Selling to people is the wrong approach, you instead need to attract them to your business. This book helps you achieve exactly that.

8. Profit First: A Simple System To Transform Any Business From A Cash-Eating Monster To A Money-Making Machine – Mike Michalowicz

Business is about making a profit. This then gives you the freedom to do what you want with that profit. This book helps you focus on profit and setting up systems to make the most of the profit you generate.

9. Barking Up the Wrong Tree – Eric Barker

Conventional wisdom does not always apply and in some case can actually be detrimental. Challenging what is taken for granted should be in the play book of everyone who wants to achieve at the highest level. Important lessons can be learned in the strangest places and form the strangest people. Have an open mind and you might be surprised at what you have believed to be bad in fact turns out to get just what you need.

10. Unbeatable Mind: Forge Resiliency and Mental Toughness to Succeed at an Elite Level – Mark Divine

Another mindset book. Business is not always going to be easy or take the intended route. This is when you need to have the determination to see your plans through to success. This book shows you how to develop the mental toughness to make this happen.

11. Mastery – Robert Green

Excellent read with lots of great strategies to take away. Excellence is not a talent it is a skill. That means that it takes hard work to achieve, but hard work is available to everyone, yet few choose the path. There is no secret to Excellence, it is something only time and effort will reward you with and iof you choose that path you’ll be one of the few.

12. Tools of Titans – Tim Ferriss

There are few books that take the learnings for so many exceptional people and puts them at your fingertips. This is one such book that packs a lot of business and life learnings between the covers.

13. Predictably irrational: The Hidden Forces that Shape our Decisions – Dan Ariley

Although we like to think logic and rationality rule our world emotion is by far the more powerful influence. Understand this in the context of business and you are well on your way to understanding why people make the decisions they do and how to best profit from them.

14. Extreme Ownership – Jocko Willink and Lief Babin

Moving beyond blame is tough. This book illustrates the ownership of the problem and the environment is a key to success in the military or in business. It is a path few will elect to take voluntarily, however more may do so after reading this.

15. Peak Performance: Elevate your game, avoid burnout and thrive with the science of success – Brad Stulberg

Success is largely about developing a winning system. This book show you how to approach that pragmatically. If you want to see results use this book to help you build the system.

16. Blink: The Power of Thinking Without Thinking – Malcolm Gladwell

The older you get the more experience you get. This experience is aggregated in your ‘gut feel’. Trusting your ‘gut’ may not appear rational but this book will help you understand why it is in fact your best option in many cases.

17. The Now Habit: A Strategic Program for Overcoming Procrastination and Enjoying Guilt-Free Play – Neil A. Fiore

Plenty of great productivity learnings in here that help you take action. It shows you how to focus on the right stuff in the right priority. Even if you are not a major procrastinator there is plenty in this book that you can take away.

18. The One Thing – Gary Keller

Multi-tasking is a myth. Focus is the key to success to bringing all your resources to bear in unison makes a hell of a lot of difference. Most people can’t do it, so those that can stand a much greater chance of success.

19. Deep Work – Cal Newport

Distractions are wasted energy and time that you’ll never get back. You’d be amazed at how distracting the modern world is. If you can minimise these distractions you can focus more and be far more productive.

20. The E-Myth – Michael Gerber

The classic on ‘procedurising’ your business and creating a structure that doesn’t need you to survive. The simple secrets inside this book can transform any business from hardship to joy.

Let me know what you think. Do these work for you? What’s your top business reads? I’d love to hear.