WELCOME TO MILAN RELEASE NOTES
SO, WHAT’S CHANGED?
Milan – Most Advanced Release Ever: Suspicious Azure AD Sign-in Reports, Azure activities reports and Additional Auditing Activities.
Have you ever visited Milan? It is the second largest city of Italy, known as the main industrial, financial, commercial center and transportation hub of the country, as well as an important cultural center. In addition, it is renowned as one of the world capitals of fashion. Using Milan as the namesake city of our new release helps describe the immensity of the new features we’ve included!
We have been working hard to develop some exciting new capabilities that we will be rolling out over the course of this week. To kick off our new feature release, we are delighted to announce the support for new Microsoft Azure Active Directory (AD) monitoring and reporting, enabling customers to audit and report on suspicious login activity, different device access methods, DLP activities and Security and Compliance auditing, all from within a common management interface.
WHAT’S NEW IN COREVIEW?
SUSPICIOUS AZURE AD SIGN-IN REPORTS
Don’t worry! Everything is under your control! To monitor unusual or suspicious sign-in activity in your Office 365 environment, you can use our new Azure AD reports. These new capabilities will allow you to identify irregular sign-in activities, anomalous sign-in locations, and connections from possibly infected devices.
This is extremely helpful for distributed organizations with multiple sites and geographic locations.
Let’s start by looking at:
- Sign-ins from unknown sources: This report indicates users who have successfully signed in to your directory while assigned a client IP address that has been recognized by Microsoft as an anonymous proxy IP address (for example, a Tor IP address). These proxies are often used by users that want to hide their computer’s IP address, and may be used for malicious intent.
- Sign-ins from multiple geographies: This report includes successful sign-ins from a user where two sign-ins appeared to originate from different regions and the time between the sign-ins makes it impossible for the user to have traveled between those regions.
- Sign-ins from possibly infected devices: This report attempts to identify your users’ devices that that have become infected and are now part of a botnet. We correlate IP addresses of users’ sign-ins against IP addresses that we know to be in contact with botnet servers.
AZURE ACTIVITY REPORTS
This exciting new feature will assist with the auditing of privileged actions that occur within Azure AD. Privileged actions include elevation changes (for example, role creation or password resets), changing policy configurations (for example password policies), or changes to the directory configuration.
CoreView will now enable customers to access Office 365 usage, permissions and settings information, which is taken straight from Azure AD. This is great when you want to monitor provisioning errors, password reset activity or group usage activity.
ADDITIONAL AUDITING ACTIVITIES
New features in CoreView will also assist with IT auditing. The following list represents some of the advanced compliance auditing capabilities that will enable administrators to easily audit employee actions:
- Datacenter Operations
- DLP issues
- Security and Compliance Center
- Usage for PowerBI, Sway, and Yammer
We are now able to track more than 500 activities on your Office 365 tenants!
You can now choose a new type of Advanced Management option. In this new mode CoreView will store the admin password on an Azure KeyVault and change it continuously to ensure maximum security.
- Automatic provisioning of users and groups
- Removal of CoreView service users during import
- Scheduled management actions
- Import of additional data on all workloads
And we will provide all these new capabilities while keeping the best possible security measures available on Microsoft Azure.
OFFICE 365 GROUPS REPORTS AND MANAGEMENT
Keeping track of active, utilized Office 365 Groups and managing them from the standard Office 365 Admin Portal is a complex and time consuming task. To assist admins with these activities, we have created a set of dedicated reports and management actions to streamline the monitoring and administration of Groups.
Coming soon: In a next release, you will be able to send an Email to the Owners of an identified inactive group from CoreView directly. This will help with the cleanup process workflow to remove inactive Groups.
FIXED ISSUES AND OTHER IMPROVEMENTS
- Custom Management Actions: we have added capability to define custom actions based on PowerShell scripts that you can prepare on your own and submit to us. They will then become part of your available actions.
- Advanced filters added for Text Fields like Contains, IsEmpty, StartsWith and others
- Excel Export fixed and improved
- Shared Baseline Compliance Reports
- Alerts extended to all Audited Activities
- License Pool table exportable in Excel to simplify internal Office 365 costs recharging
- Users with MFA enabled now tracked in Users Password Settings report
Get ready for the next release!
New features are continually becoming available!
THINGS TO WATCH FOR
Stay tuned for a next release full of exciting features like:
- Advanced users provisioning, not limited to licenses
- Advanced Custom Actions, including calls to external APIs
- New Azure AD reports like SSPR, Groups Activities and many more
- New Audit Activities including Skype for Business and SharePoint on-premises