After migrating to Microsoft Office 365, Baker Tilly Canada realized it needed virtual tenants to give member accounting firms administrative independence and IT control. Baker Tilly Canada is an umbrella company representing 19 accounting firms across the country.
Client: Baker Tilly Canada
Situation: Company migrated to Office to serve its 19 member firms with a common, shareable SaaS platform.
Challenge: Providing leading edge Teams learning and adoption service, being trusted advisor for O365 management.
Solution: Firm needed ease of O365 management, and separate virtual tenants for each CPA member company.
Results: After deploying CoreAdmin, Baker Tilly Canada:
• Created 19 virtual O365 virtual tenants representing each of the member CPA firms.
• Each virtual tenant has their own license pool to ease license management, allocation, and gain better visibility into true license costs.
• EA renewals and True Ups now easier with data on actual license use and workload consumption.
• RBAC provides assurance that one IT admin cannot do something harmful to another admin’s managed end users.
• Can identify suspicious log-ins and alert the appropriate O365 admin.
Baker Tilly Canada Cooperative is a group of 19 professional CPA accounting firms with some 1,500 users operating under one umbrella and one brand. Parent company Baker Tilly globally represents some 140 countries.
The company began migrating to Microsoft Office 365 in 2018, and until then, had an almost entirely decentralized IT infrastructure.
Baker Tilly Canada worked with a vendor to put the SaaS infrastructure in place, including a significant build-out and move to Azure. The migration was a combination and a consolidation of IT infrastructure into a single tenant on O365, with other pieces built in Azure.
The Office 365 migration raised two key issues – the company wanted to easily manage O365, and give each of the 19 member firms IT independence.
Baker Tilly looked at management products for a solution offering added granularity for service management, user management, and granularity for security. The company initially thought it could build this with the tools built inherently into O365, such as role-based access control (RBAC) rules in Exchange. It also believed it could layer a level of security on top of O365 without a third party solution.
The company soon found that the granular security management in O365 was not granular enough, and did not offer the user segmentation Baker Tilly Canada required.
“Part of our build-out was deciding whether to go multi-tenant, or single tenant. We are disparate organizations that all wanted to share a common domain name. That factor of sharing a common domain name, required us to have a single tenant environment,” said Stephen Chris, chief operating officer for the company. “We quickly realized that sub-tenanting, or sub-administration of users just was not going to exist with the native O365 Admin Center to enforce the migration. We would have much rather had CoreView in place from the early days. That would have alleviated a lot of the pain that we had in those early days with user management and tenant management.”
Chris also wanted to delegate admin rights based on roles and functions. “With the native O365 Admin Center, you have rights inside RBAC. However, when you give somebody license administrator rights, you are giving them control over the entire tenant’s licensing,” Chris said. “That was problematic because we have stringent controls for billing issues we need to deal with for licensing. We heavily utilize CoreView’s licensing pools, and licensing segmentation. That is our point of truth when it comes to where our allocations are, where billings come out of, and how we do license allocations.”
With CoreView’s help, Baker Tilly Canada operates as a multi-tenant environment, even though it is technically a single O365 tenant. “CoreView brought all of that to the table with the V-tenant capabilities. We can slice and dice administration into functional areas. We can have user managers, Teams managers, Teams administrators, or security administrators. All of those functions and feature sets are critical to the solution we have today,” Chris said.
These virtual tenants ease license management and spend. “We are segmented into 19 virtual tenants. Each one of those 19 virtual tenants has their own license pool. We manage the license pools nationally so the adding and exchanging of licenses happens in a centralized way. However, the allocation of licenses within the V-tenants is done on an office-by-office basis. They manage all their licenses, and we put orders in for additional licensing when they need it,” Chris explained. “CoreView gives our offices the ability to manage licenses, see how they are consuming their licenses, where those licenses are being allocated, and what additional licenses could or should be available to them.”
This insight is critical for EA renewals and annual True Up negotiations. “We can hand our offices, effectively, a spreadsheet that shows their current consumption, and ask them to put a yes or no as to whether we need to decrease or increase licenses. CoreView is a very handy tool showing offices what they have today, what they can drop, or what they are committing to for the next 12 months,” Chris argued.
CoreAdmin offers security peace of mind. “We use CoreView to identify suspicious log-ins, and bring them to the attention of the appropriate IT administrators. It gives you comfort that you are identifying these anomalies, and identifying the anomalies in an easy way,” Chris concluded.