The COVID-19 crisis has resulted in a tidal wave of organizations scrambling for remote work solutions they can quickly implement. One of the most popular solutions in the corporate sector is Microsoft Teams, which provides an online hub that enables teams of employees to work together using chat, threaded conversations, meetings, and video conferencing. Unfortunately, many companies have jumped onto the Microsoft Teams bandwagon without proper planning or adequate preparation, and this can result in serious issues arising in the areas of security and governance. I recently had a chat about this with Doug Hazelman, the senior vice president and chief evangelist at CoreView, and I’m sharing our conversation here for the benefit of readers who may be concerned about the security and compliance of their hastily performed Microsoft Teams deployment.
MITCH: I’m talking today with Doug Hazelman, the senior vice president and chief evangelist at CoreView. While somewhat new to CoreView, Doug has spent over 20 years in the software industry at successful companies such as Aelita Software (acquired by Quest Software), Veeam, and, most recently, CloudBerry/MSP360. Doug can be found on most social media platforms as @VMDoug.
Thanks, Doug, for agreeing to let me interview you about automating Microsoft Teams governance and how you don’t need to be a PowerShell expert to do it.
DOUG: Thank you, Mitch, for the opportunity.
MITCH: Doug, the huge push to remote work that the COVID-19 pandemic has created has led to a lot of companies and organizations ramping up their use of Microsoft Teams, especially those who were already Microsoft Office 365 shops. But before we dig further into the ramifications of this, can I ask briefly how the COVID crisis has affected your own company and its use of remote work technologies?
DOUG: I joined CoreView at the beginning of August, and because of travel restrictions and our offices being closed, I’ve never actually met any of my co-workers face-to-face. So far, all of our interactions have been over Microsoft Teams. Being a technology company, working from home hasn’t been a real issue for us as a company, but it does slow down our customer interactions because we’re no longer able to engage with prospects and customers in person. Our use of Microsoft Teams has been steadily increasing month over month with both internal communications and external communications.
MITCH: Wow, what a way to start off running!
MITCH: OK, let’s get down to nuts and bolts now. As businesses shift toward remote work, it seems to me that many of them are rolling out solutions like Microsoft Teams too quickly and without proper consideration, especially with regard to governance and compliance matters. Is this what you have seen?
DOUG: We have definitely seen this across multiple prospects and customers. Most organizations were just trying to get started with Teams when everything shut down, so those plans accelerated very quickly. The use of other SaaS tools and platforms has also proliferated, leading to a rise in shadow IT. We quickly went to work on the product side to add more detail to our Teams reports and currently have our CoreTeams Analytics in beta across several customers. CoreTeams Analytics helps organizations quickly see the trends in the use of Teams and also brings in metrics on call, video, and sharing quality. This allows organizations to identify trouble areas and help the users fix problems — often not a trivial task with so many working from home.
MITCH: Why is it hard for companies to ensure by themselves that their Microsoft Teams rollout is in compliance with required governance standards in their sector? Doesn’t the MicrosoftTeamsPowerShell module provide them with the basic PowerShell cmdlets they can use to craft their own in-house solution for monitoring Microsoft Teams governance and compliance? Though I imagine doing that would require quite a bit of PowerShell expertise!
DOUG: In most cases, central IT is fully capable of ensuring the workloads they deploy are compliant. The struggle has been balancing the structural and security-related requirements with day-to-day IT operations. As that balance shifts, IT tends to become overwhelmed and the bottleneck for every IT action in the organization. The Microsoft Teams PowerShell modules do provide organizations the ability to craft their own solution. However, without a PowerShell expert in-house with knowledge of the Teams modules and their limitations, this is the equivalent of trying to put together an IKEA set without instructions.
MITCH: I understand that CoreView offers solutions that let customers “bake-in” governance right during the deployment stage of rolling out Teams. Can you tell us about these solutions?
The Microsoft Teams PowerShell modules do provide organizations the ability to craft their own solution. However, without a PowerShell expert in-house with knowledge of the Teams modules and their limitations, this is the equivalent of trying to put together an IKEA set without instructions.
DOUG: The CoreView platform has a number of ways to help IT departments with their Microsoft 365 deployments, including Teams. We have features like Role-Based Access Control (RBAC) and Virtual Tenants [see video below] built into the platform along with rich reporting for Teams and all of the M365 products and services.
MITCH: I imagine that CoreView’s RBAC capabilities can help take a lot of the burden off of the shoulders of those responsible for IT at organizations.
DOUG: Yes, RBAC is definitely at the heart of the CoreView platform, together with the feature we call Virtual Tenants. In a single Microsoft 365 Tenant, you don’t want to give people global control over administrative tasks, but with native Microsoft tools, that’s the only way it’s possible. Virtual Tenants allow you do divide your M365 tenant up by geography, business unit, department, or any other criteria. You can then allow people to administer only those identities in that Virtual Tenant, and they have no global native permissions on the M365 tenant itself.
Additionally, our RBAC is extremely granular in what you can allow a Virtual Tenant admin to do. Giving someone the ability to create a mailbox should not also allow them to change mail routing tables, but with native permissions, that’s what happens. Virtual Tenants and RBAC extend to Microsoft Teams so you can very easily allow department leads to have more control over Teams configurations than the people who report to them.
MITCH: Do you provide customers with any resources for learning how to implement and use your solutions?
DOUG: Definitely! We have two different methods to help drive adoption and education. The first is our CoreAdoption platform. Think of this as like a CRM for your Microsoft 365 environment. You can identify people or departments who aren’t utilizing products like Teams and set up an email campaign to remind them that it’s the preferred platform. Additionally, our CoreLearning modules include how-to videos for people to learn about how to use Teams as well as the entire Office 365 suite.
MITCH: Can your solutions also be used to optimize how customers use Teams? For example, I imagine that for many companies, one of the challenges of shifting workers to Teams is the variety of devices and disparity of platforms employees will use for remote work. That sort of thing can be a real headache for the organization’s IT department.
DOUG: Yes, that’s the idea behind CoreAdoption. With our reports, you can identify who isn’t fully utilizing Teams and then take actions to remind them. We get very granular in our reporting, so if your goal is to drive more use of chat in Teams, you can see who isn’t using chat and create your campaign around driving chat.
MITCH: What about Teams rollouts at large enterprises that have multiple departments and span different regions? It must be hard to monitor compliance in such distributed environments. How does CoreView help facilitate compliance?
DOUG: This is another area where Virtual Tenants helps because you can delegate the monitoring of Teams usage to someone in the Virtual Tenant without giving them access to the global M365 tenant. Additionally, all of our reports can be filtered by any attribute in Active Directory. So, even if you don’t have Virtual Tenants defined, you can still run a Teams usage report for everyone in Italy, for example.
With our reports, you can identify who isn't fully utilizing Teams and then take actions to remind them. We get very granular in our reporting so if your goal is to drive more use of chat in Teams, you can see who isn't using chat and create your campaign around driving chat.
MITCH: Security monitoring of Microsoft 365 and Microsoft Teams is critical when it comes to governance and compliance matters. Data analysis, reporting, automation — all of these are important facilitators in this regard. How does CoreView stack up in these areas?
DOUG: Besides reporting on Office 365 products usage, we add all of the audit data from Microsoft 365, so you can see who did what and when. This level of detail using multiple data sources within the M365 tenant is very difficult, if not impossible, to achieve using Microsoft native tools and PowerShell.
With this data in hand, you can then perform custom actions (think PowerShell automation) on any or all of the items in the report. Custom actions can be as easy as disabling an account because of suspicious logins to assigning a new license to a user or group of users. Any of the M365 PowerShell cmdlets (SharePoint, Teams, AzureAD, Exchange) can be turned into custom actions.
Additionally, we also have a workflow engine that allows you to automate tasks. You can create simple workflows to properly provision new users as well as complex workflows that take different actions depending on inputs received
MITCH: Anything else you’d like to add before we wrap things up?
DOUG: As you brought up earlier, COVID-19 has changed the way IT operates in a number of ways. Having to learn Teams and new PowerShell modules relatively quickly means that items like security and proper governance might be missed or overlooked. With CoreView solutions, we’re trying to remove that barrier and get organizations up and running properly as fast as possible.
MITCH: Doug, thanks very much for giving us some of your valuable time.
DOUG: Thank you, Mitch, I hope we can connect again in the future.
Featured image: Shutterstock
Every Exchange Server admin at some point needs a disaster-recovery tool. Here’s a comparison of…
ADT has built a business on protecting people. But one ADT home security tech did…
Microsoft makes it possible to add apps that you may already use as standalone programs…
Technology makes lives much easier. Until it doesn’t. Here’s a look at some advances in…