Securing Microsoft 365: Interview with CoreView’s Doug Hazelman

Businesses everywhere have embraced Microsoft 365 as a collaboration and workflow solution for their employees. But managing and securing a large Microsoft 365 tenant isn’t a piece of cake. CoreView, which provides SaaS management and Office 365 management software for large organizations, can help improve your IT efficiency and maximize SaaS ROI with its award-winning solutions. The following is an interview I had recently with Doug Hazelman, senior vice president and chief evangelist for CoreView.

MITCH: Thanks, Doug, for agreeing to let me interview you about CoreSuite and how it simplifies how organizations manage Microsoft 365. Doug, more and more businesses have been embracing Microsoft 365 as a collaboration and workflow solution for their employees. Why do you think it’s so popular?

Doug Hazelman

Doug: Microsoft is basically the IBM of our generation. Enterprises have long used Microsoft products on-premises, from Active Directory and Exchange to Word and Excel. Microsoft was rarely the first to market with products (think Novell, WordPerfect, and Lotus Notes), but Microsoft always found a way to perfect their technology either through in-house development or through acquisitions. Microsoft realized early enough that businesses were moving to the cloud, so once they created Azure, it was a logical next step for them to move their productivity software (that over 80% of businesses were already using) to the cloud and create Office 365, which became Microsoft 365. Moving Exchange from on-prem to the cloud made a lot of sense for many businesses because they would no longer have to maintain the expensive infrastructure to run Exchange. Once email was in the cloud, it was a natural transition to move to Office 365. Microsoft didn’t need to reinvent their products. They just had to transition them to the cloud, and businesses followed.

MITCH: Not every large organization has been satisfied, however, with their Microsoft 365 experience, especially in terms of managing it effectively and ensuring it’s secure from online threats. Where do you see Microsoft’s opportunities?

Doug: From a security standpoint, Microsoft provides (and continually updates) their security posture and features. Microsoft has its own best practices and organizations like the Center for Internet Security (CIS) also have guidelines for securing Office (Microsoft) 365. So, there are proven best practices for security, but they’re only good if those best practices are followed. Because of legacy applications and administration practices, these guidelines aren’t always followed.

Managing-and-securing-Microsoft-365-Shutterstock
Shutterstock

The broader issue for large organizations is the complexity involved in managing a large Microsoft 365 tenant. Reporting in Microsoft 365 isn’t straightforward, especially when each service has its own administration interface and reporting. Large organizations often have difficulty in reporting exactly what’s going on within their tenant. Microsoft just has too many places you need to look to get the information you need. The additional lack of administrative boundaries (like OUs and domains) can make it difficult for large organizations to give control where it’s needed…to the business units, departments, or geographies. Microsoft’s administrative units are an attempt to create admin boundaries, but they’re currently very limited, and I rarely hear anyone talking about them (they were rolled out almost a year ago and haven’t been updated since).

The broader issue for large organizations is the complexity involved in managing a large Microsoft 365 tenant. Reporting in Microsoft 365 isn’t straightforward, especially when each service has its own administration interface and reporting.

MITCH: CoreSuite really seems to fill the gap as far as managing and securing Microsoft 365 is concerned. Let’s take a look at some of the areas where your product excels, starting with security. Microsoft 365 global admin accounts have almost unlimited power for configuring and managing features and data across Microsoft online services. However, that level of privilege seems like a potential security hole to me because if one global admin account gets cracked, your whole environment is up the creek. How do Virtual Tenants, a key feature of CoreSuite, help reduce this danger?

Doug: While moving Exchange to the cloud made a lot of sense, moving directory and identity services to the cloud is not as straightforward. Active Directory has been around for 20 years, and there’s a lot of experience and dependencies on Active Directory. Azure Active Directory is great, but it’s very different from AD. For one thing, in Azure AD, there’s a single tenant, and you don’t have the transitive trusts and administrative boundaries that on-prem AD forests provide through domains and organization units. So, while a single Microsoft 365 tenant is the best way to go for collaboration, it breaks the administrative model that so many businesses had set up in on-prem AD. Microsoft has created administrative units, but it’s not a well-known feature, and their static structure limits them greatly.

CoreView layers in what we call Virtual Tenants, which allows you to segment your Microsoft 365 tenant for administrative purposes, reporting, or licensing. Virtual Tenants are based on a query (any attribute in Azure AD), group membership, or domain, so they’re very dynamic in nature and, once set up, don’t require continued maintenance. Once Virtual Tenants are set up, you can then create custom permission sets to give the least amount of privilege to Virtual Tenant “admins” so they can complete their tasks. This enables you to move to a decentralized administration model, relieving the pressure on central IT. Using this method, you require only two or three “global admins” in your tenant. Everyone else is just a normal user…they simply use CoreView for any administrative tasks.

MITCH: Virtual Tenants can also be useful for managed services providers (MSPs) who offer Microsoft 365 for their customers, correct?

Doug: Yes, they can be used by MSPs if the MSP wants to create a Virtual Tenant and permissions to allow their customer to do some basic administration, and our current MSP customers are doing this. Cross-tenant Virtual Tenants are also possible but have some limitations. We’ll be adding some additional MSP-centric features into the product in the future.

MITCH: What about license management? This is always a big headache for businesses as the last thing they need is for an audit to reveal they’re non-compliant in this area leading to possible fines and legal problems. How does CoreSuite make it easier for organizations to manage their Microsoft 365 licenses and ensure they’re getting the best bang for their buck as far as licensing is concerned?

Doug: License management and optimization are one of the key features of CoreView to help customers maximize their return on investment for Microsoft 365. Because our platform pulls information from all of the Microsoft 365 services, we can give customers a complete view of what their employees are using (or not using). With just a few clicks, you can see if you have licenses that are assigned but haven’t been used for 30, 60, or 90 days. Reclaiming those licenses to give to new users is much better than buying more licenses that you don’t actually need.

Another key aspect of license management is what we call License Pools. License Pools are similar to Virtual Tenants, but they’re separate and allow you to create “pools” of licenses by department, location, country, or several other attributes. If you have 10,000 licenses in your Microsoft 365 tenant, you can create license pools and assign those 10,000 licenses across the pools so one pool has 100 licenses while another might have 2,000. This ensures that departments are only using the license they’ve been assigned, and they can’t “steal” licenses from other departments. The reporting on License Pool usage can also be used to “chargeback” departments for the licenses they’re using.

MITCH: Microsoft Teams has soared in popularity as a result of the ongoing COVID-19 pandemic that has affected businesses of all sizes around the world. Microsoft keeps adding new features to Teams, however, and organizations would benefit if they could discover how their employees are using the product so they can adjust their Teams training accordingly. Does CoreSuite provide any reporting concerning which Teams features are used and how frequently?

Shutterstock

Doug: Yes, Teams tracking is a very popular feature in the CoreView platform. We provide reports on Teams user activity (calls, chats, meetings, etc.) as well as a host of other Teams information. With all of this information, you can make sure that users are using Teams, and if they’re not, we also provide a method for you to “drive” adoption of teams through targeted email campaigns. Looking at Teams use by department can also give you an indication if a department or individuals might be using another collaboration application not approved by IT.

There’s also been a big shift over the past year to use Teams for telephony, especially with remote work. Our Teams Advanced Add-On provides a wealth of information on call quality, PSTN usage, auto attendants, and call queues. Since Teams call plans are a separate billing feature, it’s important to keep track of usage to make sure you’re getting the most for your money.

MITCH: There’s been a huge upsurge of phishing attacks against organizations during the pandemic, perhaps because corporate cybersecurity has been difficult to control with so many employees working from home. How can CoreSuite simplify the job of tracking permissions and privileges so these can be adjusted if necessary to strengthen security?

Doug: It starts with reporting and seeing who has a privileged account. Many companies don’t even know how many accounts with administrative privileges they have in their tenant. Once that’s set, it’s a matter of monitoring the audit logs to make sure users are doing what they’re supposed to be doing. CoreView keeps audit log data for all users for one year (more time can be purchased), which allows security teams to perform forensic analysis in case something does get through. By having all the Microsoft 365 audit logs in a single place, it makes it easy to drill down on a particular user to see all of their activity. Surfacing information like suspicious logins and logins from impossible locations also allow security teams to set up workflows to quarantine accounts if they get alerts from the audit logs.

Additionally, CoreView can help you make sure that your Microsoft 365 tenant is secure following best practices (like the CIS controls mentioned previously). There are a number of companies and solutions that detect malware once it’s inside your company. CoreView helps you to make sure your tenant is locked down to make it harder for threat actors to get in.

MITCH: While many enterprises have moved their IT to the cloud in its entirety, there are still a large number of organizations of different sizes that employ a hybrid model that includes both Microsoft 365 and an on-premises Active Directory environment. Does CoreSuite include anything that helps reduce such hybrid management to a single pane of glass?

Doug: Yes, we have our Hybrid Agent for companies that still have on-prem AD infrastructure. While the Azure AD Sync does a good job of keeping the directories synchronized between on-prem and cloud, it’s not as easy when it comes to administration. When updating an object, it may need to be updated on-prem or on-cloud, and Microsoft doesn’t give great guidance on what attributes have to be updated where. Our Hybrid Agent takes the guesswork out and can update a user either on-prem or on-cloud. The goal of the Hybrid Agent is to “bridge the gap” until all users are cloud-only. For most enterprises, this is a very long process because of so many processes and procedures based on on-prem Active Directory. CoreView can help ease that transition.

MITCH: With companies having less direct control over employees who now work from home, the problem of Shadow IT is raising its ugly head again. How does CoreSuite’s Multi-SaaS Add-On help admins discover other SaaS apps being used on their network so they can decide which can be authorized and which should be eliminated?

Doug: Our Multi-SaaS add-on is a discovery tool that uses multiple different methods to see what other SaaS applications are being used within an organization. Multi-SaaS can even investigate billing systems to determine how much the other SaaS applications are costing an organization. Once it’s known what other SaaS applications/platforms are being used (and by whom), you can then determine if that’s the best use of resources or transition them to a comparable service on Microsoft 365.

MITCH: What other add-ons for CoreSuite are available?

Doug: The CoreView platform consists of CoreSuite, which includes full administration, monitoring, and workflow for all Microsoft 365 services. Additional add-ons are the Teams Advanced Add-On (adds more information on call plans/PSTN), Multi-SaaS Add-On (discovery and reporting of other SaaS products), and our Hybrid Agent.

MITCH: We’ve covered quite a bit of ground in this interview. Is there anything we’ve missed about CoreSuite that you’d like to highlight for our readers?

Doug: One important thing is automation and workflows. CoreSuite includes a workflow engine that can automate pretty much any Microsoft 365 administration task. If you want to give someone in the accounting department the ability to create new users, you can create a workflow for them that sets up the user in Azure (or On-Prem) AD, assigns a license, creates a mailbox, adds them to groups, sets up their OneDrive, etc. All the accounting admin needs to do is provide the user’s name and manager. The workflow can take care of the rest and even include approvals. The same process can also be used to remove or de-provision users that are important because you don’t want to miss any steps. When combined with our Multi-SaaS Add-On, workflows can also be used to make changes in other SaaS platforms.

MITCH: Doug thanks very much for giving us some of your valuable time!

Doug: Thank you, Mitch.

Featured image: Shutterstock

Leave a Comment

Your email address will not be published.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top