Office 365 is not a one size fits all solution. Licenses go from the relatively simple E1 all the way up to top shelf E5. Each license has its own management and security issues.
We spoke with CoreView Solution Architect Matt Smith about how to safeguard remote users using different O365 license types.
Taking Full Advantage of O365 License Levels
CoreView: How does CoreView data collection, reporting and enrichment relate to O365 license levels such as a top-end E5?
Smith: CoreView has more data and more value as the level of the Microsoft license increases. CoreView reports on all the O365 workloads for the entire Microsoft platform. We report on all of that information and take action on all that information.
If you only have Exchange, that is just a small sliver of the overall Office 365 workload, and CoreView is narrowed down to providing Exchange reports and actions on those Exchange reports.
As organizations leverage the enterprise suite, from E-1 and G-1, moving up to G-3 and E-3 and E-5 and G-5, Microsoft exposes more and more security controls, more and more data. CoreView takes that configuration and tells IT what is working and what is not from a security perspective.
For example, if an end user just logs in with their username and password, CoreView shows if that login was successful or not. If the person uses multifactor authentication, there is more data. For instance, you may have a mobile device. When you try to log in after a certain period of time, the mobile device says, put in this code to grant access into Office 365.
In that case, CoreView has more data because it is not just username and password, but also what device was used.
CoreView also shows if multifactor authentication is enabled. If not, IT can enable that within the CoreView platform, and report on whether multifactor authentication is working or not. CoreView has more data as that sign-in experience expands.
Then you layer on features that come from E-5 and G-5 security controls, such as conditional access. For example, an end user has multifactor authentication, an iPhone, and username and password. However, say that user is trying to sign-in from Zimbabwe, which they have never done before. Using conditional access policies, IT may have blocked access from that country. CoreView reports surface data for things like suspicious login, which is a risk event. CoreView shows the conditional access policies, and whether they fired or not.
The ability to show what is working and what’s not from an access control standpoint, is something that Microsoft doesn’t do, that Splunk doesn’t do, that the cloud access security brokers (CASB) or the edge devices, don’t do.
People spend an awful lot of money on cloud access security brokers, to discover things like login attempts from China when the organization does not have any people in China.
CoreView through O365 data enrichment says, ‘I see that login attempt, by the way, here’s the account that they were targeting, Joe User. By the way, Joe user has an E-5 license. Joe User also has multifactor authentication, but it is not configured. And by the way, the conditional access policies we put at the edge worked, it blocked the access because he’s an admin and shouldn’t have been logging in from that region.’
In all this complexity, the foundation principle is to make things as simple as possible, and give people access to the things they need.
Secure Remote Workers with CoreView’s Help
Learn more about making remote workers happy and productive with a CoreView demo.
Get your O365 user workload usage and security profile FREE with our new CoreDiscovery solution. You can get your free software now at the CoreDiscovery sign up page: https://www.coreview.com/core-discovery-sign-up/