Joel Dueck

Day-zero security for your new business

Nobody starts a business this way… But if you wanted secure digital infrastructure from the literal first moment a business exists, here's how I’d do it — before setting up an entity or a checking account or literally anything else.

Step 0: Get an iPhone

Buy an iPhone, or an iPad. It doesn’t need cell service. You could even get a used one, but make sure it runs the latest OS. Factory-reset it. Create a fresh iCloud account with MFA enabled.

This device is now company property — the root of your identity infrastructure, and completely unentangled with your personal life.

Step 1: Register your domain

Use that iCloud email to open an account with a domain registrar. Then buy your domain.

Now DNS management is locked to your root device.

Step 2: Set up MS 365

Go with Business Premium or E5, and an admin account on the .onmicrosoft.com domain with passwordless MFA (tied to the iPhone). Use the iCloud email as your backup/recovery address — your recovery path now exists outside the tenant itself.

Add and verify your domain name within the new MS365 tenant. Set up Conditional Access. Configure DMARC and SPF so your email deliverability is rock-solid.

Step 3: Create your “daily driver” user account

Create the “normal” you@yourcompany.com account that you'll use day-to-day, and set up MFA for it (also tied to the iPhone).

Step 4: Now get your laptop

Order a Windows laptop pre-assigned to your business via Autopilot, managed through Intune. Your first employee device is enrolled before it’s ever unboxed.

The result: an unbroken chain of trust, from a physical device you control, through every layer of your business’s digital existence. Each layer’s security is anchored to something outside itself under your direct control.

You can always build this after the fact. But there’s something satisfying about speaking a business into existence and having it be right from the first moment.