Reading time:
6 min

Teams Rapid Deployment with Governance: Security and O365 Data Analysis


Part Three of a Four Part Series

Microsoft Teams is all the rage in this new world of remote work. Yet this incredible Microsoft collaboration solution opens all kinds of security issues. Proper Teams governance includes security as a top priority.

Mark Evans
Microsoft Alliance Lead and Head of Special Projects

We spoke with CoreView’s Mark Evans, Microsoft Alliance Lead and Head of Special Projects, about:

  • The biggest security risks we see when rolling out new systems like Microsoft Teams, and how to avoid them
  • How to set and enforce Teams security policies 

Evans also explained how remote work raises the Teams governance ante.

CoreView: Isn’t security a huge aspect of IT and Teams governance?

Evans: Security is an extremely important area for every company. With CoreView, you can monitor and act on security issues and events, things that happen externally, as well as behaviors that your team members do. You can set policies to enforce what they can and cannot do. You control the environment much better than you can do using the native O365 admin console.

CoreView: This sounds great, but what if I want this insight across my whole tenant?

Evans: You can use this across all the O365 workloads, not just Teams workloads. CoreView has the Full Governance Plus package for Teams, a comprehensive solution to more effectively manage and get return on the big investment you have made in Teams and Office 365.

CoreView: How does all this fit into the increase and dependence on remote work and the need to secure this more dispersed workforce?

Evans: This plays into security as a part of governance; CoreView is a fantastic platform because it helps you in the new world of remote working. Not everybody can be on a VPN, for example. If you do not have capacity for that, CoreView becomes an incredibly effective security tool just by itself by showing what is happening as people try to log into the system. If someone comes in from a particular place with a particular method, there might be conditional access policies, or multifactor authentication. CoreView shows exactly what is happening to let people in or not let people in, and blocking inappropriate users trying to enter.

That is where not just seeing what happens, but setting policies is much easier within the CoreView interface. If you have a large remote workforce, which most companies do at this point, CoreView helps with security across all the different workloads. If you are on O365 licenses that do not include EMS, CoreView offers a lot of the functionality an EMS solution might provide, but at a minor, minor fraction of the EMS cost.

Compliance and Security Monitoring

CoreView: Can you walk through compliance and security monitoring?

Evans: Security monitoring is a big area of people using CoreView. An area, that represents other modules, is improving SharePoint search as well as improving compliance with GDPR, CCPA, and other regulations by better classifying documents and understanding where they fit in your library. The search module is a real benefit for most users who have SharePoint, because SharePoint search is opaque, while using CoreView is a much more effective way to enjoy a better search experience.

Meanwhile, classifying the documents, such as what’s got PII, credit card information, whatever it might be, dramatically improves the ability to respond to GDPR and other privacy rules.

The Magic of Workflow

CoreView: Where does workflow come in, and why does it matter?

Evans: Workflow is crucial. Automation is something that works all the time, while your IT team may not be working all the time. With workflow from CoreView’s CoreFlow, IT benefits from having something that works 24/7/365. Workflows can be blocking security events that are problematic, automating processes like onboarding and offboarding people so that they do not forget to do something. The powerful CoreFlow automation engine is built into CoreView.

Data Analysis and Reporting

CoreView: Is understanding the Teams and overall O365 tenant through deep data gathering and analysis another governance element?

Evans: Yes. That is based on CoreView’s ability to ingest massive amounts of data from many different sources. Once CoreView collects all this data, IT can view it and act on it. It is incredibly detailed.

Data is pulled from various APIs, including data APIs CoreView has access to, as well as PowerShell scripts, or the Graph API. All this data is unified in one central place, so you do not have to gather and organize this yourself. It is the perfect interface to have it all in one place, all integrated, so you can view it and then act on it.

CoreView: What is the value of O365 data collection and enrichment of that data?

Evans: CoreView collects, processes and exposes massively detailed data – which is enriched and augmented beyond the native admin console and even Cloud Access Security Brokers (CASB).

Here are some examples of how CoreView gathers and leverages data:

– CoreView ties users to devices, unlike the native O365 console that only shows them as separate and unrelated lists.

– For Exchange, CoreView shows which protocol is used to access mail (MAPI, POP3, IMAP) and can infer what other types of access are concurrently in use to, say, access Teams.

– CoreView has very detailed reports on activity within Teams, e.g., number of calls made, messages sent and received, emails sent and received and how large are the attachments, files shared, Yammer posts made, Skype calls made, etc. This enables extremely targeted adoption and learning campaigns, not just broad “use more Teams” messaging.

– And it’s all tied together, integrated, so you can pull info from one place for segmentation and targeting and then directly apply it to the adoption campaigns, then measure the results of those campaigns and adapt your messaging to keep increasing utilization.

– For security, CoreView shows login attempts and which remote access policies are applied: conditional access, MFA, etc. CoreView shows which remote security gateways the access attempt encountered and crossed, to get into the Teams environment, as well as what stopped access (if anything).

More Teams Governance Info at Your Fingertips

This blog is one part of a four part series. Here are links to all Teams Governance blogs:

Learn About Teams Rapid Deployment with Governance

Learn more about Team governance with our CoreView Webinar:

Rapidly Deploy Microsoft Teams with Governance.

The webinar covers:

  • Governance does not need to slow down your rapid deployment!
  • How to “bake in” governance during your Microsoft Teams deployment
  • The biggest security risks we see when rolling out new systems like Microsoft Teams, and how to avoid them
  • How to actually get people to use more parts of Teams, since you’re already paying for it, with real proficiency 
  • Clever ways to dial up and down what users can do to manage their Teams experience, to make them happier, and take the load off your IT team

Don’t forget to sign up for your free CoreView Teams Governance solution at:

See how CoreView can help you with this

Learn more about securing and optimizing your M365 and other SaaS applications.