Reading time:
5 min

5 Microsoft 365 Security Tasks Easily Automated with Workflows

automated office 365 security tasks
Twitter
LinkedIn
Facebook

How many manual tasks must a Microsoft 365 admin slog through, boring them to tears and resulting in errors they get blamed for, before crying ‘Uncle!’?

This pain stops by figuring out how to do a task perfectly, then automating it through a workflow so it is repeatable — perfectly and safely. Then do the same for all your repeatable tasks. By automating admin tasks through workflow, which include updates to the on-premises Active Directory environment, IT administrators save hours of manual effort each week – time better spent for more productive and satisfying endeavors.

Even better, everyone can use the same workflow and do the task with no errors. No more going to the onboarding expert, or scratching your head when that person leaves the company! Now common M365 admin tasks can be easily delegated – even to non-IT pros.

Get to Work on Workflow

Microsoft 365 doesn’t come with administrative workflows built-in. Fortunately, CoreView provides a workflow solution so easily created, customizable IT admin process steps can be run automatically from the CoreView workflow engine – often in one click. These automations can reach towering levels of complexity, as many different steps are chained together and performed in the appropriate and exact sequence.

Workflow is critical for one CoreView customer. “We view CoreView as experts in the field that can guide us to the most pertinent parts of the M365 ecosystem and integrate best practices into workflows,” said Tobin M. Cataldo, Executive Director – Jefferson County Library Cooperative.

Nowhere is all this more needed than securing M365. Here are five ways workflows keep your tenant safe.

Simple and Superior Security

Dealing with security alerts, as well as creating security policies and insuring compliance require the creation and performance of complex repetitive tasks. That is, without workflow. Workflows make protecting the environment orders of magnitude easier. For instance, CoreView may detect that someone downloaded 1,000 files from OneDrive when they shouldn’t have. With a workflow, an admin can automatically disable their account.

  1. Dealing with Risky Users — Security Orchestration, Automation and Response (SOAR)

Microsoft 365 includes risk reports showing which events IT should look into, and in many cases, which users may have been compromised. Here is an example of a four-step workflow to use in such a case:

  1. Wipe user session
  2. Disable user
  3. Quarantine device
  4. Notify IT Security
  1. Event-Based Password Management

The new way to handle passwords is to not require regular expiration and resets – but only change passwords when there is a risk alert. While risk or event-based password changes are a great idea, execution isn’t so easy. “What CoreView has, which is completely unique in the industry, is we know that you’re on that risk report, and we can schedule the changes: Since you’re on it, I’m going to wipe your user session. In other words, log you out of all your applications. I’ll reset your password, notify the help desk, and notify IT security that Joe User was on a high-risk report for impossible travel, and please check A, B, and C before you re-initialize his account,’” explained CoreView Solution Architect Matt Smith.

  1. Event-Based Password MFA Management

Like passwords, MFA can be dealt with based on risk events. “IT should enable risk-based multi-factor authentication activation. If you’re at risk, IT will make you authenticate. CoreView takes this a step further, which is part of our workflow. IT can wipe user sessions. Because a user token is good for eight hours by default, should IT allow the user to keep pounding on it for eight hours? No, IT should log them out right now, because they showed up on a high-risk report. And admins can block the account and notify IT security and the help desk because you showed up on an impossible travel report or on a malware on a device report, something like that,” Smith explained.

  1. Keeping M365 Safe from Sketchy Mobile Devices with Workflow

Mobile devices are a prevalent M365 endpoint, so security here is paramount. In fact, managing, tracking and fixing Apple iOS and other device issues can be automated through CoreView workflows.

Case in point is a recent iOS MailDemon vulnerability. To handle this, CoreView admins were given a workflow to identify vulnerable iPhones with an older OS, or still using the iOS Mail App, and update iOS or move users off the iOS Mail App.

Knowing that these iOS MailDemon attacks are in the wild with millions of non-updated iPhones and countless folks using the iOS Mail App, CoreView co-founder David Mascarella rushed out a KPI to identify and delineate the issue, and an automated workflow that solves the problem tout de suite. “I created a policy that identifies the devices affected by this vulnerability. If we select the policy that dives into the data, the system will automatically target the users that are affected. We do that by targeting all users with mobile devices, with the operating system equal to iOS, with the versions that do not include 13.5,” Mascarella explained.

The KPI and workflow then suggests management actions an operator can perform in order to disassociate these mobile devices from the tenant, and also run a workflow to quickly solve the problem.

  1. Just-in-Time Privileges Through Temporary Admin Sign-ins

One key way to safeguard the M365 tenant from wayward admins and dangerous mistakes is through Just-in-Time admin rights. Theses right can be assigned, given out, and taken back – all through simple, repeatable workflows.

Gorge on the Full M365 Workflow Skinny

Learn how to master M365 workflow with our white paper — Office 365 Workflow Done Right – Automation for Admin Efficiency, Human Error Reduction, and Unrivaled Security.

See how CoreView can help you with this

Learn more about securing and optimizing your M365 and other SaaS applications.