Categories ArticlesOffice 365

Ease the frustration of managing Office 365 in your enterprise

Office 365 has brought many efficiencies for businesses by enabling users to be productive anywhere, anytime, and on any device. With its ubiquitous office productivity applications, business-class email, cloud storage, and assorted tools for managing your customer relationships and presence online, moving to Office 365 has been a no-brainer for most companies and organizations.

Unfortunately, administering and managing Office 365 can often be a frustrating experience, to say the least. From making sure your deployment is secure to keeping track of licenses, from provisioning new users to solving configuration problems, the native management tools included with Office 365 have limitations and shortcoming that only grow worse as your deployment expands. What’s needed — and what Microsoft has failed to provide — is a truly integrated, policy-driven platform for end-to-end management of Office 365. That is where CoreView enters the picture, and it’s the focus of this article and another which will follow here shortly. I recently sat down for a talk with Michael Morrison, the CEO of CoreView, an Office 365 management, security, and adoption provider. Michael has worked in global business analytics organizations over the past 25 years and led several companies through critical stages of transformation, predictable revenue growth, and successful exits. Most recently, he was president and CEO of publicly-traded Datawatch Corp.

MITCH: Thanks, Michael, for speaking to us about CoreView’s line of solutions for Office 365 management. I understand that CoreView began as a Microsoft partner solving customer problems. Where did the original idea for your solutions come from?

Michael Morrison, CEO of CoreView

MICHAEL: Our two co-founders, David Mascarella and Ivan Fioravanti, began working together in the early 2000s when they started an ISV to focus on implementing and supporting Microsoft solutions. Their firm became very successful and was named Microsoft partner of the year in Italy several times. As Microsoft and the market, in general, started to move to the cloud, our co-founders recognized some of the challenges with reporting on Office 365 and developed the first SaaS management platform to address this reporting challenge.

MITCH: What other issues did the founders see with managing Office 365 environments, especially for enterprises?

MICHAEL: After tackling visibility and reporting, the founders saw customer needs grow, especially with regard to governance. For instance, Office 365 Role-Based Access Control (RBAC) was very weak, so they built more granular RBAC capabilities. They moved from there to security, and more recently with application and service adoption. All the new features and solutions are driven by customer feedback, and the desire to improve the user experience with and maximize the value of their investment in, Office 365.

MITCH: What is CoreView all about today? What Office 365 problems/challenges does CoreView solve?

MICHAEL: Microsoft Office 365 is an amazing suite of applications and services. That is why there are about 200 million business users today. The downside is most of Microsoft’s development effort has been put into items for the end-user — great features, terrific interface, excellent inter-application integration, and amazing worker productivity. As Gartner argues, management and administration do not get nearly as much attention when it comes to SaaS, and native administrative capabilities do not always meet enterprise requirements. Gartner spotted these administrative shortcomings and coined the term SaaS Management Platform (SMP), referring to solutions like CoreView that go deep in managing SaaS, and greatly simplify the job of administration.

There are some critical Office 365 challenges that CoreView addresses, many falling under the area of governance: visibility, RBAC (role-based access control), license management, adoption, provisioning and deprovisioning, and misconfiguration — which is solved through Policy Management.

Our founders realized that if you do not address these Office 365 challenges, you face millions of dollars in unneeded licensing fees, suffer security vulnerabilities, and fail to maximize your investment in Office 365 productivity tools. Our founders also realized that with a solution like CoreView, Office 365 users can optimize and “right-size” their license spend, mitigate risk by identifying security vulnerabilities and maximize their investment in Office 365 through adoption campaigns and just-in-time learning.

MITCH: What is in the CoreView product line? What is CoreSuite?

MICHAEL: CoreSuite consists of what I refer to as “three pillars of value” — management, security, and adoption. To support these pillars CoreSuite includes solutions called CoreAdmin, CoreSecurity, and CoreAdoption.

CoreAdmin automates and simplifies administration chores, and goes deep adding features not found in Office 365 built-in management tools. CoreAdmin replaces and supplants the native Office 365 Admin Center, offering deeper visibility and control. CoreAdmin also comes with 200+ out-of-the-box reports that provide unparalleled visibility into an organization’s Office 365 deployment.

For example, Microsoft gives some Office 365 deployment information via its API and PowerShell. However, an IT admin has to collect, aggregate, and then apply this data to better manage Office 365. Using these native Office 365 tools takes tremendous manual effort, and how you gather data differs greatly from application to application. After all this effort, IT still lacks comprehensive and actionable reports.

An IT admin has to collect, aggregate, and then apply this data to better manage Office 365. Using these native Office 365 tools takes tremendous manual effort, and how you gather data differs greatly from application to application.

Think about running a PowerShell script on a big tenant. To collect even a subset of configuration information for a single service, it can take more than 24 hours for a scan to run. I have seen it take 72 hours to collect data from a single PowerShell script!

CoreSecurity is specially built for Office 365 and Azure protection. CoreSecurity helps organizations identify breaches early, remediates them, and investigates the source of breaches that slip through using in-depth forensics. It finds users with insecure passwords, those spreading malware, identifies suspicious log-ins, improves email security, and produces detailed security and compliance reports.

CoreAdoption is all about getting maximum advantage from your Office 365 investment. It tracks application and service usage, spots areas where end-users need improvement, then drives customized adoption campaigns and measures the success of those campaigns. This is critical for a service like Microsoft Teams, which all Office 365 end-users should be using. In addition, we also provide CoreLearning, a library of 2,100+ “just-in-time” learning videos, ranging from 30 seconds to 3 minutes, that are embedded in Office 365 and help users better engage with Office 365 services, when the user needs it, without leaving the Office 365 application.

MITCH: Let’s talk more about administration. Isn’t the Microsoft Office 365 Admin Center enough for enterprises? Don’t they have admin centers to handle all the applications and services?

MICHAEL: As your question suggests, there isn’t just one Office 365 admin center. Instead, there are a dozen or so distinctly different admin centers — each aimed at different applications and services, each with a different approach — often a very different approach.

That is the problem. It is too much for one administrator to know and master all these areas and it is cumbersome to jump in and out of different admin centers to manage all of Office 365. Native Office 365 administration has too much complexity, too much scripting, a lack of automation, too little workflow and policy management, and no singular view and control center.

Native Office 365 administration has too much complexity, too much scripting, a lack of automation, too little workflow and policy management, and no singular view and control center.

Many admin tasks, even fairly simple ones, require manual processes and PowerShell scripting. This scripting is time-consuming, prone to human error, and it takes a long for time for the script to gather the data. Moreover, there is not always an easy and clear way to report the data.

MITCH: How does CoreView make the life of an Office 365 administrator easier?

MICHAEL: With the Native Office 365 Admin Centers, you have to be a specialist, in say Exchange or SharePoint, to do a good job with administration. Each interface is different, and how you gather data to build reports can be different. Almost all processes are PowerShell driven, manually intensive and error-prone.

With CoreAdmin, one administrator can manage all the different services, and dive deep without scripting, manual processes, and specialized expertise.

MITCH: Can you show us what CoreView’s single-pane-of-glass administration looks like?

MICHAEL: Absolutely. The screenshot below shows our dashboard with services used, active users, and license allocation. From this analysis screen, you can toggle over to managing, audits, and reports, as well as adoption and learning:

CoreView dashboard with services used, active users, and license allocation

The Management Wizard, meanwhile, clearly exposes key functions such as handling mailbox security:

CoreView Management Wizard

As you can see, CoreView gives a single view and control point for the entire Office 365 environment, making it easy to delegate admin tasks, automate alerts, and facilitate adoption. With our administration and reporting, you manage licenses in Azure with single sign-on, one dashboard, and can analyze and distribute well over 200 out-of-the-box reports.

Our permissions and delegation let you assign license pools and create remote admins to efficiently manage thousands of users across multiple regions.

CoreView accounting and chargebacks filter chargeback costs by department, region or a custom license subpool. This way you can plan budgets with actual usage data — not with a guesstimate.

Lastly, we support hybrid and cloud so you manage Office 365 across multiple deployment structures, whether cloud, on-premises, or both.

MITCH: In native Office 365 administration, all admins have global credentials even if they have limited rights over functions. This means they have access to all end users. How does CoreView’s role-based access control (RBAC) differ from the native Microsoft Admin Centers, and provide least privilege? Are administrators with global rights really that dangerous?

MICHAEL: A global administrator with bad intentions is a serious threat to your Office 365 environment — that person has the keys to the entire kingdom!

In contrast, “least privilege” restricts access rights for users, accounts, and processes to just those resources absolutely required to perform routine, legitimate administrative activities.

The Office 365 Admin Center is a least-common-denominator style tool, not built to handle the demands of distributed enterprise deployments. Large organizations are, in essence, a group of separate, geographically dispersed entities, each with its own needs — not served well by a one size fits all, centralized, globally-based administrative structure. Instead, enterprises need local or regional administrators to handle day-to-day administration tasks that are carefully suited to the local user base.

Unfortunately, the native Office 365 Admin Center focuses only on providing global admin rights, giving admins who tend to work locally too much power and privileges they do not need. This centralized management model gives global credentials even to regional, local, or business unit administrators. There is simply no facility in these tools for setting up regional and other geographic-based rights. Nor can you easily set up rights based on business unit, country, or for remote or satellite offices.

Any IT pro worth their salt recoils at granting a local or departmental IT administrator global rights. This challenge is even more problematic in the public sector and in highly regulated industries such as financial services and health care.

A proper approach to Office 365 permissions and privileges is partitioning permissions based on roles through RBAC, resulting in far fewer, but truly trusted global administrators. These remaining global admins are augmented by a set of local, or business unit focused admins with no global access, leading to far better protection for your Office 365 environment.

A proper approach to Office 365 permissions and privileges is partitioning permissions based on roles through RBAC, resulting in far fewer, but truly trusted global administrators.

RBAC increases IT productivity by empowering more local administrators — saving time and money. In fact, the National Institute of Standards and Technology in its “Economic Analysis of Role-Based Access Control” study found that a 10,000-person company saves some $24,000 in IT labor and another $300,000 a year from reduced worker downtime every year through RBAC.

MITCH: Can you explain the concept of multi-tenant or virtual tenant, and how this applies to Office 365 environments, role-based access, security, and administrator efficiency?

MICHAEL: Using a simple, intuitive interface, CoreView lets IT segment the Office 365 tenant in myriad ways — for example, by department, business unit, or location. This is what we call a “virtual tenant.” After these groups are set up, IT can dive deeper, using CoreView’s deep RBAC capabilities to define specific permissions for administrators who then can only perform certain tasks — and only against a specific subset of users.

In essence, IT can take the entire organization served by Office 365 and break it into logical groups, or sub-tenants, perhaps based on Active Directory attributes. Once the organization is logically divided, regional admins can be assigned to the sub or virtual tenants.

MITCH: What about workflow automation? What is the value proposition there for CoreView?

MICHAEL: Right. We think of it as workflow and process automation. Process automation is a best practice that reduces human error, and delegates and automates complex tasks to lower-skilled operators. Automating those processes improves key operations, generates opportunities to save money through efficient license management while reducing overall security risks.

While you can automate hundreds of different processes, provisioning and deprovisioning are critical processes to prioritize. Consider a standard employee turnover rate of 11 percent. That means you should be deprovisioning at least 10 percent of your users, and provisioning 11 percent of new users, every year.

Provisioning and deprovisioning can be a simple process, but incorrect execution has a massive negative impact. Assigned licenses are not properly released, former employees can still access sensitive company data, and you can lose company information you need to access in the future — such as Exchange or OneDrive data.

With CoreView, Workflow Templates automate provisioning and deprovisioning operations, which ensures your users always have correct licenses and access to the right applications and infrastructure.

We can automate user provisioning steps through our new workflow capabilities. In fact, a client can configure the automated processing for the complete user provisioning cycle. Several customers told us this workflow automation reduces the weekly tasks for user provisioning and deprovisioning from up to 20 hours to under 10 minutes. This saves a typical organization about 1,000 hours a year in manual IT admin activities while improving quality of service and reducing human errors.

MITCH: Creating and handling policies is another issue administrators face. How does CoreView handle policy management, and how does this help to avoid and remediate Office 365 misconfigurations?

MICHAEL: Gartner and Forrester both indicate that 80 percent of SaaS breaches stem from misconfiguration, inappropriate user behaviors, or incorrectly elevated user permissions.

For enterprises, correctly defining configurations and appropriate user behaviors are essential best practices. However, misconfiguration still happens due to operator workarounds or operator error. That is why it is so important to monitor and enforce your configuration best practices including policies and baselines and thus fully secure your SaaS environment.

CoreView, and in particular, the CoreAdmin solution, helps set up administrators who are specific to a location, functional set of users, or other attributes. This means admins know who their users are, and have a manageable set of end-users to handle.

CoreView, and in particular, the CoreAdmin solution, helps set up administrators who are specific to a location, functional set of users, or other attributes. This means admins know who their users are, and have a manageable set of end-users to handle.

With CoreView, policy management moves from a manual and error-prone process to one that is intuitive, easy and automated.

Free Health Check

Request your free Health Check today from CoreView to know everything about your Office 365 environment. By simply filling out an online form you can receive a free 20-page report detailing how to:

  • Save 30 percent or more on license costs.
  • Double application utilization, double end-user productivity, and double Office 365 ROI.
  • Stop users from spreading malware.
  • Fix insecure passwords.
  • Move vulnerable users to MFA.
  • Make your admins' lives easier.

The Office 365 Health Check Action Plan saves money, boosts end-user productivity, secures Office 365, and automates common admin tasks -- taking Office 365 management to the next level.

Part 2 of this interview with Michael Morrison — which can be found here — deals with how CoreView handles such Office 365 issues as security and compliance, managing licenses, adoption, change management, and more.

Featured image: Shutterstock

Mitch Tulloch

Mitch Tulloch is a widely recognized expert on Windows Server and cloud technologies who has written more than a thousand articles and has authored or been series editor for over 50 books for Microsoft Press. He is a twelve-time recipient of the Microsoft Most Valuable Professional (MVP) award in the technical category of Cloud and Datacenter Management.

Share
Published by
Mitch Tulloch

Recent Posts

IFA 2019: All the top smartphone announcements and unveilings

IFA 2019, this year’s version of the annual consumer electronics trade show, did not disappoint. Is one of these smartphones…

59 mins ago

Outlook connectivity: Troubleshooting and solving common issues

IT professionals all dread getting this fevered message from employees and clients: “I’m having Outlook connectivity issues!” Here’s what you…

5 hours ago

Using tags with Azure runbook automation to control your costs

Here’s a script designed to start and stop virtual machines based on tags associated at the resource group level. It…

8 hours ago

Software-defined perimeter solutions: Why this is the future of security

Traditional VPNs are showing their age in the modern cloud-powered workplace. That’s why software-defined perimeter solutions are in your future.

3 days ago

Why you need to check your virtualization host’s NUMA configuration

Should you disallow NUMA spanning in your Hyper-V architecture? There are two sides to this story, and you’ll get both…

3 days ago

Getting started with Visual Studio Code and integrating with Azure DevOps

Coding may not be the No. 1 job duty for cloud admins, but it is often a part of the…

3 days ago