Reading time:
22 min

Office 365 Health Check Sample

Executive Summary

CoreView Office 365 Health Check is a comprehensive Office 365 deep scan, analysis and assessment of the entire Microsoft SaaS environment This assessment provides a complete overview of Office 365 license cost optimization, implementation vulnerabilities and overall usage activities for workloads inside your environment. This Office 365 Health Check report includes a detailed overview of the findings as well as recommendations to make immediate improvements. Examples include opportunities for cost savings, license usage optimization, and security improvements that can all be achieved through improved SaaS management strategies. This assessment was performed on DemoCompany production tenant with 24,653 users’ mailboxes and 72,380 users.

To clearly define the scope of this assessment, and provide an easier review of available information, the insights have been organized into the following four categories:

• License Cost Saving Opportunity

• License Usage Optimization

• Security and Compliance

• Action Plan

License Cost Optimization Opportunity

The most significant impact on cost reduction generally comes from identifying unassigned or inactive licenses and subsequently reducing such costs through carefully curated license management or license redeployment.

Based on your current configuration and licensing, the projected total annual savings after optimizing license management would be $2,122,012. This estimate assumes you paid standard Microsoft list prices for your software.

The gathered data uncovered significant cost saving opportunities, including the re-harvesting and reassignment of inactive licenses. Detailed information regarding these potential cost savings is provided later in this document.

License Usage Optimization

CoreView Office 365 Health Check gathers and analyzes usage metrics for all Office 365 workloads. The following usage statistics are based on data gathered in the last 30 days and they indicate the percentage of active and inactive users by workload for that period. This can be extremely useful information for accurately identifying how your organization uses licensed products. Most customers use these metrics for driving new levels of productivity, improving collaboration within and across teams, as well as improving their return of the Microsoft Office 365 investment by addressing underutilized workloads.

Optimizing license usage should be a top priority. The Office 365 Health Check applies specific algorithms which model user activity metrics by license category to identify “inactive” workloads included in your active licenses. This is a very common scenario. In fact, our analysis of over 2 million managed users shows that less than the 50% of purchased services are used. This means that companies are exploiting less than the 50% of the investment in Microsoft Office 365.

Your specific results are as follows:

The goal is to not only show the current workloads usage baseline, but detail the value you are not getting from your Microsoft investment. Considering an average value per each of inactive service like Exchange, SharePoint, Skype and Teams of $36 per user per year, and $100 per each Office ProPlus inactive service, the value you can drive improving the inactive service adoption is about $2,337,660.

The gathered data uncovered significant addressable value you can obtain by driving inactive services. Detailed information regarding these potential improvements is provided later in this document.

Security Compliance Summary

The Office 365 Health Check assessment identified possible vulnerabilities and security compliance risks in your implementation of Office 365. It is normal to find significant security issues with large implementations. Therefore, we highly recommend resolving these immediately, due to the harmful nature and speed of nefarious actions in today’s world.

Detailed information regarding these issues is provided in the appropriate sections later in this document. However, a high-level summary of the results is as follows:

Action Plan

Your personalized action plan is included near the end, providing a clear pathway towards a highly optimized Office 365 environment. It outlines action items your organization can and should act on, presented in order of importance from cost savings, to security, to performance, to insight.

By first reviewing your prioritized task list, which outlines recommendations and impact, you will be able to quickly move through the most critical items. Starting with cost savings and the optimization of your environment, you can then work through the task list with a plan for securing your environment and eliminating potential vulnerabilities. Whether these optimizations are small and incremental, or large and immediate, your action plan provides guidance with easily attributable results.

Additionally, we have found that as these values and insights are introduced, our customers learn quite a bit about their own environment and uncover new approaches and insights they weren’t previously aware of. The Action Plan is flexible, and we encourage you to add to it and personalize to your liking.

License Cost Optimization Opportunity

The CoreView Office 365 Health Check assessment gathered specific data to uncover possible cost savings opportunities for optimizing license management and proactively monitoring inactive accounts so they can be repurposed to new users.

The cost savings from effective license management often pay for other improvements you need or want to make, such as eliminating vulnerabilities or building an internal campaign to drive the awareness and usage of underused applications such as Microsoft Teams.

A major appeal of cloud services is that you only pay for what you use. In the case of Office 365, however, you pay for what you have licensed. If you are paying for thousands of licenses that are not being actively used, you are over-paying. By closely managing, re-harvesting, and dynamically re-assigning licenses, your users will have what they need at a substantially lower price. Your costs become truly optimized by only paying for the licenses you need and utilize.

CoreView’s CoreAdmin is designed to monitor and manage your tenant with the goal of optimizing the number of licenses you have, and how they are distributed. We ensure your business and your users have the uninterrupted functionality they need, with the lowest number of needed licenses. By reducing the number of license subscriptions for active accounts, you will be able to optimize your license model now and for the future.

To help with understanding the optimized licensing model, we have divided unused license statistics into two different categories:

• Unassigned licenses are Office 365 licenses which have been purchased, but not yet assigned to a user account. They are licenses that are available to the company to assign to new employees or contractors.

• Inactive licenses are Office 365 licenses that have been previously assigned but that have not shown any usage activity in 30 days. For example, a user may have been active previously, but has not logged into Exchange during the past 30 days.

The table below shows the aggregate findings:

The projected total yearly savings for optimized license management is $2,122,012. This estimate is based on the standard Microsoft list prices.

Unassigned License Analysis

This first category provides license management cost analysis that has been identified during the assessment and is related to unassigned licenses that can be reclaimed. They are either not yet assigned. The projected total annual savings for this category of licenses is $1,838,856.

Inactive License Analysis

This second category provides license management cost analysis that has been identified during the assessment and is related to inactive licenses that can be reclaimed and repurposed. They are assigned but have never been used, or the user account is no longer active at the company. The projected total annual savings for this category of licenses is $283,156.

An example of an inactive user is:

Next Steps For License Management

You should take control of your license management, and optimize your licenses by using CoreAdmin. With CoreAdmin, you gain the control you need to continually optimize your licenses over time. The immediate savings almost always more than pay for the cost of CoreAdmin and frees up funding to drive productivity initiatives, take on security challenges, and examine benefits from workloads you already pay for, such as Microsoft Teams or OneDrive.

CoreAdmin gives you deep-dive capabilities to discover and analyze excessive licensing over time by applying different algorithms. Furthermore, a primary root cause of inappropriate licensing assignment is the typical provisioning and de-provisioning process used in most organizations.

With CoreAdmin you can delegate license management by country, department, company or whatever you prefer by assigning to each group a limited type and number of licenses, then leverage the local knowledge of your operators to improve the license management.

With the CoreView Workflow, you can automate and improve your provisioning and de-provisioning processes to enhance your license management capabilities.

License Usage Optimization

This section of the Health Check report provides Office 365 workload activity and usage information, including Exchange, Skype for Business, OneDrive, Teams, Yammer, and SharePoint. Different from the previous section where we identified unused licenses inactive workloads, in this section we analyze those licenses that have at least an active workload and that are the right target for a drive adoption strategy.

Many organizations lack insight into who is using or will ever use specific Office 365 workloads. Consequently, most organizations are not exploiting the full benefit available by leveraging all the services included in the assigned licenses. To simplify the process of license distribution, many organizations purchase license packages, such as the E1, E3, or E5 plans, and then try to distribute them using a best-guess approach. Ultimately, this licensing approach always includes services that are assigned but not always used.

During the licensing assessment, monitoring of user activity for all associated license packages provides key metrics to identify if licenses are correctly adopted. This information provides a good overview of improvements if those licenses are fully adopted to increase users’ productivity.

Driving users to adopt services is the best strategy to maximize return on investment for Office 365 and improve end-user productivity. The Office 365 Health Check report has created the following charts, which show current service usage of the mains workloads in your tenant. The charts include the number of users who have used a specific service, along with users who aren’t using services they have a license for. The charts are rendered to show these two metrics as percentages, so you can see at a glance which services are underused.

If you invested in Microsoft Office 365, you know it is the best productivity suite your users can leverage to improve their productivity. With CoreView, you can deeply monitor the workload usage and drive inactive workloads to maximize the return on your investment and your users’ productivity.

Now, considering an average value per each of inactive service like Exchange, SharePoint, Skype and Teams of $36 per user per year, and $100 per each Office ProPlus inactive service, the value you can drive improving the inactive service adoption is about $2,337,660.

Next Steps For License Usage Optimization

You can use CoreAdoption to identify gaps between how you want various workloads to be used in your organization and how they are currently being used. You can then use the built-in adoption campaigns to change user behavior, and even create your own campaigns.

Campaigns are automatically targeted to those users who are underusing specific services and features, and to users who are using the services inappropriately. Furthermore, you can include metrics that set the goals and track the progress of your campaigns. Then, after a given period, you can measure how effectively campaigns have changed user behavior. To use the example of Skype and Teams, you can directly correlate campaign consumption for a decrease in Skype meetings with a simultaneous increase in Teams meetings.

Security and Compliance

This section of the Health Check report outlines security compliance findings that were identified across various Office 365 workloads. These categories reflect some of the security and compliance policy issues identified in typical organizations. They represent just a sample of the more complete security and compliance policies that you can monitor and manage with CoreSecurity.

Password Policy

Whether you have a hybrid or a cloud-only Office 365 environment, you will have cloud users. In this case, Office 365 is the authentication provider for these users, so you must implement the right password policy to protect your users’ identities and account security.

The table below shows the number of users that have their password expiration date set to never expire, and those that have strong password requirements disabled. These 5,962 accounts may be a threat for external cyber-attacks, especially those accounts that have been assigned to administrator roles. Even more important is managing the 1,837 users who have disabled the strong password requirement policy.

Next Steps For Password Policy Compliance

By using CoreSecurity, you can monitor and enforce appropriate policies to ensure your company’s password issues are remedied.

Multi-factor Authentication

Multi-Factor Authentication (MFA) is one of the most important security practices you can employ. Microsoft Office 365 has a robust and proven MFA solution built-in. Forward-thinking organizations are implementing MFA to improve user identity security. MFA has become so recognized that the National Institute of Standards and Technology (NIST) guidelines on password security now specifically recommend the implementation of MFA. Also, the United States Department of Homeland security now recommends that all Office 365 users implement MFA.

The Office 365 Health Check report shows that 0 users in your organization have MFA activated, and 102,179 have MFA disabled. 77 of the users with MFA disabled have administrative roles, which presents a substantial security risk.

Next Steps For MFA Compliance

By using CoreView’s CoreSecurity, it is simple for you and your administrators to monitor, set, and enforce an appropriate MFA authentication policy.

Mailbox Security

Key rules applied to mailbox security relate to access rights. CoreView Office 365 Health Check flags user accounts that have been provided with access rights to more than 5 other user mailboxes. These are not for Room, Shared, or Team mailboxes, but rather actual User Mailbox accounts. For this report, the Office 365 Health Check identified 854 users who had this type of advanced access rights to other user’s mailboxes. These cases should be investigated to ensure they are being used for acceptable business purposes.

Often, mailbox security can be compromised by spam and malicious malware. The initial Office 365 Health Check assessment found 183 instances of malware sent from your organization.

Next Steps For Mailbox Security

You can use CoreSecurity to stay informed of unusual patterns or targeting, which may be attempts to compromise mailboxes in your organization. You can also use CoreSecurity to provide details on potentially compromised accounts and the malware which may have been sent from your organization, enabling your organization to take action to support investigations and remedy issues.

Litigation Holds

If you have an Exchange enterprise service included in your P2, E3 or E5 plans, then you are entitled to activate email legal holds.

Placing a mailbox on Litigation Hold preserves all mailbox content, including deleted items and original versions of modified items. When you place a mailbox on Litigation Hold, the user’s archive mailbox (if it’s enabled) is also placed on hold. Deleted and modified items are preserved for a specified period, or until you remove the mailbox from Litigation Hold.

If you are entitled to activate the email legal hold, we recommend doing so. It will not add any additional cost for your organization and will enable you to run legal investigations at will.

Office 365 Health Check identified 11,793 mailboxes with the Exchange enterprise service. 439 users have Legal Hold service activated, and 11,354 users have Legal Hold services not activated.

Next Steps For Litigation Holds

With CoreSecurity you can easily monitor, set, and enforce Legal Hold for all the entitled users, which will maximize your returns on investment (ROI) from Office 365, and simplify your processes if emails are required for disclosure in legal discovery cases.

Administrative Roles

The concept of ‘least privilege’ involves the practice of restricting access rights for users, accounts, and computing processes to only those resources required to perform routine, legitimate activities. This is not a new concept; in fact, adoption of “least privilege” was advanced by the publication of the “Department of Defense Trusted Computer System Evaluation Criteria” in 1985, following the recommendations of a task force dedicated to safeguarding classified data.

Microsoft Office 365 Admin roles have limited flexibility. Microsoft offers some roles that limit administration rights on a specific workload, but these are not available across all workloads. For example, you can configure an operator as an Exchange administrator and another operator as a SharePoint administrator. The major issue with many Office 365 deployments is that administrators have global access to all the company users as well as access to all configuration capabilities for the assigned workload. Unfortunately, this permission model doesn’t match with most enterprise organizations’ requirements. For example, if you have a local support team in a specific country, you should limit their administrative control to users within their area of work. Or, if you have a tiered support structure, you should limit administrative rights for support staff based on their responsibilities.

The Office 365 Health Check detected the following number of members participating in administrative roles in your Office 365 tenant: There are 178 total admins, 7 of whom also have a Company admin role.

Next Steps For Administrative Roles

By using CoreSecurity, your organization can implement a granular Role-Based Access Control (RBAC) policy. This will enable your organization to assign administrative privileges to operators which appropriately matches their responsibilities.

Users With Auto-forwards To External Addresses

To the average end user, setting up automatic email forwarding rules is a harmless exercise. But for those whose job it is to prevent data breaches and ensure compliance, email forwarding rules can quickly turn into a nightmare scenario. The indiscriminate forwarding of emails outside of your organizational control is a common vector for information theft, as well as GDPR and similar data protection regulations violations.

Office 365 Health Check identified 9 mailboxes that have auto-forwarding to external “” addresses, plus 452 other mailboxes that were pointing to other external mail domains. These should be reset to internal e-mail addresses or have the auto-forwarding removed completely.

Next Steps For Auto-forwarding

You can use CoreSecurity and CoreAdmin to identify users who are actively auto-forwarding their e-mails outside your organization and then take action to remedy the situation.

Onedrive And Sharepoint Sharing You can use CoreSecurity and CoreAdmin to identify users who are actively auto-forwarding their e-mails outside your organization and then take action to remedy the situation.

With SharePoint and OneDrive, users have multiple choices when they need to share documents externally:

• Shareable: Anyone with the link

• Internal: Only people in your organization

• Direct: Specific people

Shareable, also known as Anonymous Sharing, is the most insecure way to share a document since you cannot track how the link will circulate and be shared outside of your organization, and who will have access to your data.

The Office 365 Health Check detected, in the last 30 days, 23,602 OneDrive sharing activities, 10,708 SharePoint sharing activities, 0 anonymous links were created, and then 0 anonymous links have been used. Next Steps For

External Data Sharing

You can use CoreSecurity to alert administrators when new anonymous links are created or used. You can then immediately address any problems

Action Plan

The CoreView Office 365 Health Check highlighted license cost saving opportunities, services usage optimization opportunities, and security vulnerabilities you should eliminate.

Below is an action plan you can execute by leveraging CoreSuite to maximize your Office 365 investment and secure your environment.

License Cost Optimization Opportunity

CoreAdmin is the solution that helps you dive deep into license cost savings and optimization opportunities by providing references to each inactive or unassigned license.

With CoreAdmin, you can monitor your licenses landscape to identify inactive licenses within a defined period, know exactly which users have been assigned these inactive licenses, then reclaim them and reallocate the licenses to new users. You can also delegate this process by department, country or any other group of users.

Inactive licenses can have several causes, chief among them a poor provisioning or de-provisioning process. If you do not get a grip on these issues, the problem will get bigger day after day. Unassigned licenses are another issue, and represent a waste of IT budget, much needed resources that could be used for strategic purposes.

The answer is to adopt license management as a practice to regularly gather all the usage metrics data needed to identify inactive and unassigned licenses.

When an enterprise has global administrators managing sometimes many thousands of licenses, much can fall through the cracks. One solution is to designate local, group or departmental administrators to keep an eye on licenses. This role-based access control (RBAC) approach implementing local operators, combined process and workflow automation, close and careful license management, all produce deep savings and total license optimization.

Now you can reclaim and reuse you unused and unassigned licenses.

Service Usage Optimization

Realizing the full value of Microsoft Office 365 requires a change management project. These adoption campaigns engage users, and prompt and train them to use all inactive services – improving their productivity and maximizing your Office 365 investment.

This kind of change represents a continuous improvement process. Change management includes specific steps: building awareness, spreading the message, training, celebration of successes, and reinforcement.

Knowing your services usage baseline is the starting point. With that information, you can define your specific adoption goals, and drive toward reaching them. Having this information only at a company or macro level is not nearly enough to develop an effective strategy.

Instead, change management demands real knowledge of individual users so you can target each with a customized adoption approach that engages them in the most effective way. The problem most Office 365 administrators and managers have is not having detailed usage data for each end user. Collecting this data and getting reports is the first issue to tackle in building a successful change management/Office 365 application adoption project.

The second step is identifying the best messages to engage users. People love a solution that helps them solve problems and work better. Identity the best scenarios, based on what workers actually do (or do not do) to create user engagement and drive productivity.

You can use CoreAdoption to identify gaps between how you want various workloads to be used, and how they are currently used. Then use the built-in campaigns to change user behavior, or create your own custom campaigns.

Workload usage details can be analyzed in different levels — right down to the individual user. Metrics are crucial. Metrics drive your goals, measure progress in changing user behavior, and can then be updated to drive further success. A great example is moving users off Skype and maximizing the investment in Microsoft Teams. Today, Teams is the Microsoft Office 365’s services hub, leveraging all key Microsoft services to deliver the best productivity and collaboration environment for your users.

Your campaign can correlate campaign consumption to a decrease in Skype meetings with a simultaneous increase in Teams meetings. That is a success!

Below are examples of out-of-the-box campaigns included in CoreAdoption.

1 Welcome to Teams

Target: New users/no activity
Goal: Aim to get them started

2 Being Productive with Teams

Target: Minimal activity in Chat or Calls
Goal: Aim to get them using channels and meetings

3 Upgrading from Skype for Business to Teams

Target: Active in Teams, but still setting up meetings in Skype
Goal: Aim to get them doing more Teams meetings and less Skype meetings

Training is a critical element of a successful change management strategy. Standard training approaches such as classrooms and traditional online training are not effective. Studies show that we forget 70% of what we learn in only 24 hours. After two weeks, we remember less than 10%.

User wants training on demand. They want to training on what they need — when they need it.

CoreView’s CoreLearning is an innovative Just in Time Learning (JITL) solution. It includes over 2,000 video clips from 30 seconds to three minutes covering how-to tricks and instruction for Microsoft Office 365, Microsoft Windows, and Dynamics CRM. The videos are integrated with the Microsoft tools so users never leave the productivity environment to learn skills. They learn as they work, saving time, improving comprehension, and immediately boosting productivity.

The last pillar of the change management process is success celebration. Unlike other solutions, CoreAdoption recognizes success based on what the user is actually doing on the system — not on what videos they watch. It gives each user a Dexterity Score, an individual report card that is core to defining and celebrating the user’s success. These Dexterity Scores rank users, ultimately crowning the best end users as “Champions”.

Security And Compliance

Gartner argues that “Nearly all successful attacks on cloud services are the result of customer misconfiguration, mismanagement and mistakes.” Monitoring and enforcing policies is the responsibility of Office 365 IT professionals, and is a must-do best practice to reduce your breach perimeter.

CoreSecurity offers visibility into all the issues identified in the CoreView Office 365 Health Check. For instance, it shows all misconfigurations, so IT can immediately correct the problems, and improve the tenant security level. CoreSecurity also helps IT pros establish needed, and nearly unlimited policies.

To reduce mismanagement issues, CoreAdmin implements segregation of your tenants in many critical ways. You can separate your tenant into sub-tenants or virtual tenants. This way you can have local administrators that keep an eye on a smaller, more defined set of users. Specific policies can apply to just these user sets. Moreover, because fewer admins have global rights, end users in these sub-tenants are protected from global admin mistakes or malfeasance.

When you add CoreView workflows and automated processes, these end users get better, more customized admin service, greater security, and are protected from making compliance mistakes and causing regulatory violations.

Automation is key to safety and efficiency. Manual tasks are not just time consuming, but far too prone to human error. Configuration mistakes are avoided by leveraging CoreAdmin to set and standardize configurations with a policy driven process. Meanwhile, CoreView Workflow automates your processes, making them consistent, saving operators time, and automatically enforcing your policies.

About CoreView

CoreView is the only intelligent SaaS management platform for Office 365 that combines actionable visibility with granular management capabilities. The single-pane interface saves organizations millions in operating costs, mitigates risk, drives adoption and empowers employees.

CoreView is committed to helping enterprises maximize SaaS investments.

It is easy to overlook the untapped potential of enterprise software or be bogged down in license provisioning and maintenance. It is our mission to help you streamline and automate the day-to-day activities, so you can fully leverage your investment, enhancing security, reporting and change management.

This Office 365 Health Check report showcases the benefits of using the full-featured CoreSuite to optimize the management of Office 365 and help drive usage adoption. CoreSuite is the only all-in-one management solution for Office 365 that can help reduce costs, improve security and compliance, and maximize your Office 365 investment by driving services adoption.

If you are interested in finding out more about our CoreSuite solution and how it can help you maximize the investment in your Office 365 deployment, please visit us at or contact us at


See how CoreView can help you with this

Learn more about securing and optimizing your M365 and other SaaS applications.