Have you noticed what’s been happening in IT over the last few years? There’s been a seismic shift in the way IT services are being delivered.
Businesses were already moving to the cloud, but the COVID pandemic kicked that movement into major overdrive. In businesses around the world, it suddenly became a top priority to shift employees out of traditional offices and into distributed, mostly home-based work environments. 2020 will be the year that we all remember, not only for the COVID-19 pandemic but also as being a pivotal year that changed the way many of us work, permanently.
Now that the dust has settled, and businesses are settling into the cloud environment, a lot of companies are finding that they want increased visibility into—and control over—their SaaS platforms.
CoreView has a great “secret recipe” for helping companies achieve their SaaS goals on the Microsoft 365 platform. The three main ingredients of that recipe are Visibility, Management, and Automation. Not so secret anymore, is it?
Microsoft 365 is an amazing collaboration platform, with more functionalities being added all the time. However, each of the workloads typically have their own admin center, and there isn’t one centralized tool you can use to get across-the-board visibility. Microsoft reporting has a slow interface, is limited to a subset of data, and limits the number of records you can see.
You can leverage PowerShell to get the information you need—but only if the right people in your organization have the needed PowerShell skills and the time to create and maintain those scripts. And that’s often not the case.
What you really need is a visibility solution that is:
Actionable: Enables you to take quick action on anything of concern
That brings us to the first way that CoreView can help you. CoreView brings all the data from all the workloads into a single pane of glass—a single application you can use to see everything. That single pane of glass makes it much easier to visualize, report on, and search all data, across all the workloads. “One pane to rule them all,” to indulge in a corny Lord of the Rings reference. Sorry about that.
CoreView doesn’t stop there, though. We also enrich the data by offering 200+ out-of-the-box reports, as well as the ability to create your own custom reports for a much quicker insight into all that data. And our reports are not just ordinary reports, either—they’re actionable. That means that you can act on anything you see in those reports directly from the report itself.
Here’s just one example. We hear from our customers that reporting on licenses and their usage is challenging and time-consuming. A typical in-house license manager takes about 10-15 hours a month to produce licensing reports. Within CoreView we have built-in reports that can easily cut that labor down to just a few minutes, and on top of that, it provides more detailed information.
In a CoreView license optimization report, you can analyze not only what licenses are assigned to users, but also what those users are making use of within that license. It gives you the opportunity to identify licenses that aren’t being fully utilized and then based on that information, you can ensure that licenses are not oversized for the role that the user is performing. It can also help you drive the adoption of the collaboration tools you’ve invested in.
CoreView not only summarizes and organizes data but also helps you evaluate it. We can create key performance indicators (KPIs) that enable you to focus on areas that are important to you.
CoreView ups your visibility so you can make better, quicker decisions. We provide you with a single pane of glass, meaning that you don’t have to hop between multiple admin centers, run lots of PowerShell scripts, or have a giant Excel spreadsheet to collect this information. You can enrich it with your own data too.
Because we’re gathering and collating that data all into one place, reporting is faster, and it doesn’t require knowledge of PowerShell to gather and present this data in a usable format. Complicated PowerShell scripts can be turned into easy one-click operations. Because we give you access to the data more quickly and offer KPI data for analyzing important indicators, you’re able to make faster and better decisions with the information that you have ready at hand.
The second ingredient is Management. Think about how complex IT management has become in the last few years, not only thanks to COVID, remote working, digital transformation, but also underlying technology changes.
The days of having all your workers in a single building, all of them using carefully configured company-owned PCs, are gone forever. Today’s IT reality includes a mix of employees, contractors, and outside partners, most of whom are working remotely, using a wide variety of different personal devices. And since all that is no longer happening behind the corporate firewall or on the corporate network, the perimeter defense has disappeared. That means security professionals in your organization must work harder than ever to stave off the next security disaster.
With more and more workers telecommuting, the amount of network traffic has also grown and continues to do so. Microsoft Teams meetings are now the norm, and each meeting generates gigabytes of data traffic. More traffic means more robust networking systems are required—and more can go wrong with them.
Applications are increasing in complexity and number as well. Did you know that the average company’s IT department manages over 100 applications? It’s true. Every day brings more and more applications that employees need to do their jobs, often with APIs connecting them.
All that points to one big conclusion: There’s a lot of work heaped on the shoulders of your central IT teams. So, anything you can do to help them delegate some of it will be helpful.
In a lot of companies, almost every IT action goes through a single, central IT department. Whether it’s creating new user accounts, changing passwords, granting, or removing access to resources, users have only one point of contact. End users typically create helpdesk tickets and then wait for the central IT department to take action. If your organization is like that, you probably have some war stories about how such a system can go wrong when things get busy.
And yet many companies hold onto that model, even when it doesn’t serve them well, because they think it’s too complicated or insecure to delegate routine functions outside of the central IT group. Central IT is often afraid to give authority to local IT groups because they fear it will create security vulnerabilities and introduce errors and inconsistencies that won’t be easily visible.
That may be the case in some scenarios, but what if there were a way to keep the security and visibility benefits of a single system while shifting some of the IT workload down-line, where tasks could be handled in individual branches, departments, or offices? Spoiler alert: There is a way, and CoreView provides it.
CoreView can help relieve your central IT team’s burden, as well as increase overall employee satisfaction with your IT services, by making it safer and easier to delegate IT administrative functions down to administrative personnel at the branch or department level. A central office can securely delegate to the various local helpdesks to do a lot of the routine administrative work themselves. CoreView can use a combination of virtual tenants and custom roles to lock down what an operator can see and do, so you can assign specific tasks to people without giving them more privileges than they need. What’s more, we can do it quickly, based on a checklist of tasks that are candidates for delegation.
Can’t you already do that with Microsoft 365? Sort of…but not really. Natively within Microsoft 365, each of your administrators have visibility of the entire tenant and all objects within it. There are defined admin roles that allow administrators a specific capability, such as Exchange management, but these roles can be quite broad, and they may give an administrator more permissions than they need to perform their role.
Within CoreView, we allow you to split your tenant into virtual tenants, meaning that each administrator can be restricted to reporting on and managing just a subset of users and objects. Delegated admins can see a limited set of objects within the tenant and perform a limited set of actions against them. You can also have custom roles where we can get very granular in terms of what individuals are able to do. Here’s an example of configuring an admin’s permissions in CoreView.
In addition, it also can result in big cost savings. We have found that a company with 10,000 employees can save about 950 hours (about 1 and a half months) of administration time a year, at a projected savings of $45,600 a year, just by properly using role-based access control to set Office 365 admin permissions.
Here’s an example of how having virtual tenants can benefit an organization. Let’s say that a company has a group of licenses available for all admins to assign to users, but a certain branch tends to take more than their share of them. With CoreView you can create license pools where you logically separate licenses within the tenant into discrete pools and control how many licenses an administrator is able to assign to their users.
CoreView improves Microsoft 365 management by creating virtual tenants, giving you more delegation granularity, and reducing the authority scope of individual administrators as appropriate. CoreView enables you to delegate day-to-day tasks safely and efficiently to other people in your organization, so your central IT teams can focus on the more important tasks.
Secret ingredient number three is Automation. In other words, what does your Microsoft 365 admin team currently do manually that could be done automatically, or at least with fewer steps required?
One of the most common tasks companies like to automate is deprovisioning users. But when it comes to protecting your environment, automating the deprovisioning process is even more useful, for two reasons.
First, a failure to deprovision an account when someone leaves the company can create huge, expensive security disasters. In one well-publicized instance, a former Cisco engineer still had access to some cloud accounts 5 months after they had left, they gained access to the environment and wreaked havoc, nearly $3 million worth of damage.
Second, deprovisioning is trickier to do correctly than provisioning because it’s not just a matter of removing a fixed set of permissions and accounts. The admin doing the job must go through the template in reverse. They need to see not only what a soon-to-be-former employee had access to when they started, but also what was added along the way.
CoreView has that context. It can show you what that person has now, and what files they’ve accessed. Then it can eliminate all their privileges in full—automatically.
It’s not just deprovisioning and provisioning. There are lots of areas where you can apply workflows, triggered by any number of situations. For example, you might want to automatically remove guest accounts after a certain period of inactivity, to prevent unused accounts from being a security risk. You could set up a condition where CoreView checks on the 1st of each month for guest accounts that haven’t been used in the last 30 days, gets management approval (by sending an email to the appropriate manager), and deletes the accounts only after receiving approval.
Some other uses for workflow automation might include doing regularly scheduled checks to ensure that multi-factor authentication is enabled for all admin accounts. You might also run a regular check to see if any of your users are still using legacy protocols like IMAP and POP to access Microsoft 365, and automatically disable those if required.
These are just a few illustrations of how important and useful workflows can be. Automated workflows run 24/7/365. They never forget to do something, and they do it the right way every time.
Some more technically oriented admins among you might be saying “But you can do all of that with PowerShell!” And that’s mostly true. But is PowerShell the best tool for the job? Nope.
For one thing, PowerShell is not all that common a tool; it’s not something that every IT graduate is assumed to know, like Java or HTML. How many people in your organization are actually qualified to create the kinds of PowerShell scripts you would need to automate your processes? Probably not enough. And any type of PowerShell work other than simply running a script is not likely a duty that can be delegated down.
Relying on PowerShell also means maintaining it, keeping up on the latest PowerShell versions and command lets, and keeping control of those within your organization. There may also be scalability concerns with those PowerShell scripts as your organization changes.
In CoreView, people without coding knowledge can maintain workflow. The PowerShell scripts needed to perform the tasks are already created in the back end. Admins can use a remarkably simple interface to create workflows—which means the tasks can easily be delegated down to people who don’t have PowerShell skills. If you have existing PowerShell scripts or need to perform an action that’s not already in CoreView, you can create Custom Actions using PowerShell and they can be added to workflows.
By introducing automation, you reduce the burden on your Microsoft 365 admin team by automating processes and delegating them away to other people. CoreView can simplify processes, delegate them down to other people in the organization, reduce human error, and ensure consistency.
CoreView’s three key “secret ingredients” are not really a secret: Visibility, Management, and Automation. Now you’ve seen how they combine to make the perfect recipe for solving your SaaS management challenges.
Want to learn more about CoreView and how it can help you administer your Microsoft 365 system? Here are some resources:
Interested in seeing the product? Schedule your demo here.