December 9, 2021
min read
Kas Nowicka
Kas has spent the last decade working with Microsoft’s cloud solutions and sharing governance, adoption, and productivity best practices with the MVP community.

Since the first computer system was built decades ago, corporations struggled to determine how to deploy them. A centralized approach concentrates on processing and management in a few locations and with a couple of individuals. A decentralized model spreads system resources out to a number of places. Business drivers are now pushing organizations to a decentralized approach, but many organizations lack the tools needed to make the change efficiently.

Recently, the business landscape changed dramatically. When the pandemic hit, corporations needed to provide employees working at home with the same capabilities that they had when they were in the office. M365 is a cornerstone in today’s corporate world, so they had to create a decentralized model to outfit their staff with it.

Decentralization’s Benefits

Decentralizing management of enterprise software licensing offers an organization many potential benefits. First, the move relieves IT teams of mundane management responsibilities. Rather than focus on items, such as who uses the license, they can examine more value-add opportunities, like reducing costs by repurposing existing licenses or changing casual users’ licenses from the most expensive full-function version of the suite to a slimmed-down solution that meets their needs.

Companies gain in other ways. With the change to decentralization, subordinates get a chance to decide and act independently, which develops new skills. In this way, the organization maximizes the return on its internal talent. For the employee, there is a greater motivation to come to work and a boost in morale since they get more independence and act and make decisions independently.

Privilege Creep Sets In

As this new model becomes more common, organizations have begun to look for ways to monitor the growing spread of licenses and their associated privileges within the organization. However, in a decentralization structure, coordination can be difficult because authority is delegated to multiple parties.

Employees have a wide range of responsibilities, titles, and authority. In most cases, businesses adopt a rigid license administration approach where all users have the same capabilities. It makes sense to let the tech staff have a wide range of options to dabble with when they use the software, but most other users typically require safety guardrails to ensure they use business applications appropriately. After all, they are not computer experts and may inadvertently tinker with a system setting and open up a new security hole.

For business users to manage the applications, the IT team has to give local administrators system administration privileges, which is carte blanche actions. Once given, they are rarely revoked, so over time, organizations end up with many of their users holding administrator rights. This “privilege creep” reopens the security loophole associated with excessive administrative rights and makes organizations – that often believe they are well-protected – more vulnerable to threats.

RBAC to the Rescue

Organizations need to decentralize IT administration but not create administrative headaches.

What they require is Role-Based Access Control (RBAC). Here, the Principle of Least Privilege (PoLP) is implemented. This information security concept provides users with the minimum level of access – or permissions – needed to perform their job functions. It is widely considered to be a cybersecurity best practice and is a fundamental step in protecting unwelcome access by outsiders and insiders to high-value data and assets. By implementing least privilege access controls, organizations curb privilege creep and ensure that users have access to the proper information.

CoreView provides companies with such management capabilities. With it, department administrators create custom roles to assign to each operator and only the rights they need for their function. CoreView's Virtual Tenants approach allows them to create dynamic segments and assign very specific admin capabilities layer by layer. Consequently, they offload administration headaches without compromising security or losing control.

The solution provides flexibility. A company can create and assign license pools. These users can be grouped by department, job title, location, or any other criteria that makes sense to the company. Once the user groups are configured, IT can grant a specific set of admin permissions to administrators who will ONLY be able to view and manage that specific subset of users. They do not see any other groups. The capabilities benefit different groups:

  • In-house IT use it to extend license management to departments safely
  • Partners and solution providers can bundle it into their service offerings
  • Managed Service Providers use it for their clients or extend it as a value add to their services.

A change is occurring in how corporations’ computer systems function. The pandemic spurred a push to move more processing from a central to a decentralized model. Microsoft 365 is a centerpiece in this transition. Many businesses have struggled to make the change safely and securely. CoreView solves that problem schedule your demo today.

Get a personalized demo today

Created by M365 experts, for M365 experts.