Feb 8 2019
Why Enterprise Organizations Need Office 365 Management Tools
by Nathan O’Bryan — Microsoft MVP
Hello, I’m Nathan and I’d like to talk to you about Office 365 administration and share what I’ve learned about how enterprise organizations manage their Microsoft cloud environments.
The point of this paper is to describe CoreView, a unified management solution for Office 365. They have asked me to put together this product review and assessment paper and share my opinions on how it would meet the main business requirements for enterprise customers. I want this paper to serve as a technical functionality overview. I’ll be giving you my evaluation of how the CoreView solution works. I’ll also address my opinion of the needs for enterprise organizations.
I am a Microsoft Certified Solutions Master for Messaging, and a Microsoft MVP for Office Servers and Services. I have spent the last 25 years working in IT; starting off as a Banyan Vines administrator for the United States Marine Corps. Since then I have worked for companies like GE Capital, Kaiser Permanente, and a couple of mid-sized consulting firms. For the past eight years I’ve worked as a consultant for Office 365 deployments.
CoreView sponsored this paper. I expect that they will be using this paper as marketing material with the hopes that it will convince you to buy their product. I want to make it clear that the good people at CoreView have given me the freedom to author this paper in the way that I best see fit. I wrote every word in this paper myself, and it reflects my honest opinion of their product features that I reviewed for this assessment.
This is the second version of this paper. I wrote the original in the spring of 2017 when the product was called 4ward365. I updated this second version about a year later in the spring of 2018. Since I wrote the original version of this whitepaper, CoreView has improved greatly. They’ve also included some new functionality that I wanted to highlight.
Do I need an Office 365 Management Solution?
“Why do enterprise organizations need an Office 365 management solution?”
The target audience for this white paper is IT administrators. Those working for enterprise scale organizations supporting Office 365. Smaller organizations may not need the features from an Office 365 management solution. They may be able to get along fine with the basic admin center portal that comes standard with Office 365.
I’m assuming you understand Office 365 has a management portal included in the service. This paper is not for the executive who is deciding if you need an add-on management solution. I recommend you forward this paper to your administrators and ask them to review it. My target audience for this paper are the people who spend hours every week trying to manage tenants.
This paper is not trying to convince anyone they need an Office 365 management solution, but I will talk about some of the reasons why you might want to buy an Office 365 management solution. Office 365 management portals do not provide a consistent experience. In fact, as I’m writing this in spring 2018, there are 13 admin centers in the “new” Office 365 admin center.
A whole different group of people built the Exchange Admin Center from the people who built the Skype for Business admin center. These management portals are not related in any way. These different portals are designed by different people to do different things. That is not a terrible thing. Office 365 isn’t one thing. Office 365 collects many different solutions that solve a bunch of different problems. To monitor and manage the different workloads in Office 365 requires skills in many different areas.
How about license management? Managing thousands of licenses assigned to thousands of different users is difficult. With the native Office 365 management tools that is going to be a full-time job for one or more IT staff. There is no native way to ensure that each department controls their own licenses. This can be a huge problem with enterprise organizations that have separate business units who want to manage their own portion of the tenant.
License management also needs to address the question of inactive licenses. Is your organization paying for unused licenses? Is your organization paying for unused higher tier licenses? The native Microsoft management portal is never going to address those questions.
The question of “do I need an Office 365 management solution” really comes down to ROI. Will that management solution save more money than it costs? There might be a lot of ways to measure that cost versus savings formula. I’m not an accountant, nor a financial advisor. Through the course of this paper, I’ll do my best to point out factors that fit into that equation.
The cost versus savings equation shows up in two different areas. First, can it allow my administrators to get work done faster? Second, can it help me monitor and manage my investment? I’ll be keeping both factors in mind as I look at CoreView. I’ll look at how the capabilities it provides match up to specific business needs.
Here’s is a list of the most important Office 365 management features. Keep an eye out for how each of these works in my review of the CoreView solution.
- Tenant Partitioning
- License Management
- Log File Auditing and Forensic Analysis
- Configurable Automated Alerts (monitoring security issues)
- Admin Rights Delegation (using RBAC)
- Customizable Reporting
- Service Availability Monitoring
- Targeted Adoption Campaigns with On-Line Training Videos
- Streamlined Administration Tasks
- Aggregated User Activity (in a single view)
The team at CoreView was kind enough to first give me a tour of their solution. They set me up with a demo tenant, and then they gave me access to their product to use against my own Office 365 tenant. I have used that access to perform my assessment and write this review.
The demo tenant has a lot more data in it than my small, personal tenant. This setup let me see how CoreView works with several different configurations.
Product Installation and Setup
This section is going to be short. My grandmother could setup CoreView to manage an existing Office 365 tenant.
The folks at CoreView set me up with a trial tenant for their management solution. I received an invitation email that contained a setup link. I clicked the link and entered my Global Admin credentials for my Office 365 tenant. CoreView then used my credentials to setup their access with a couple read-only admin accounts. They do not store the Global Admin credentials and the information for those read-only accounts is stored in the Microsoft key-vault on Azure.
After that, I received another email stating that CoreView was importing my data to their secured SaaS environment on Microsoft Azure.
That’s it for the setup. It only took me 5 minutes.
The CoreView interface
I hate that feeling of staring at a new user interface hoping I will know how to use it. Even the best designed UI in the world has a learning curve. If your tool does a lot of stuff, that stuff needs to show up on screen somewhere. CoreView does a lot of stuff, so maybe it can be a bit intimidating looking at all this and hoping you’ll know where to go.
As it turns out, it’s not that bad. CoreView has a well-designed UI and is easy to navigate.
The CoreView solution is divided into four main functional sections: Administration, License Management, Change Management, and Security Compliance. I’m going to use those four functional divisions for this review. I’ll be talking about features under those four headings below.
Let’s move into a closer look at each of the four main functional areas of the CoreView solution.
These screenshots are from a demo tenant called “DEMO4Ward365APAC Company.” For my testing purposes, I used one tenant. If I had 2, 3 or 47 different Office 365 tenants I could easily toggle between them from here. This is extremely powerful if you are a managed service provider or an organization that has different business units running inside their own separate tenants.
I’m not going to spend a huge amount of time on this point, but I do want to make sure you caught that. CoreView can easily manage multiple Office 365 tenants from a single portal with a single login. There’s no need to switch between accounts when you toggle between tenants. You cannot do that with the Office 365 management portal(s).
In my work as a consultant I often need to manage different Office 365 tenants. This is often a difficult exercise that includes launching multiple browsers. If your organization has many tenants this feature alone justifies CoreView.
Next, across the top is the filter icon. You can use this to filter the results of the entire portal to a specific sub-set of users.
The final icon of the person allows you to access a bunch of account and portal management functions.
I’m not going to take up space here going into each of those sub-menus. They all focus on managing your accounts and CoreView service.
The rest of the CoreView controls are down the left-hand side of the interface. These controls change based on the selection from the top menu. I will dive into each of those sections as we look at the functionality that CoreView provides.
CoreView management is much easier and more straightforward than standard Office 365 management. It was truly built with IT administrators in mind.
I’ve done a lot of Office 365 management over the years, and I can say I’m not a huge fan of the Office 365 admin portal. There have been several iterations of the Office 365 portal since the launch of the product. None of them have been great.
The Office 365 admin portal is there to serve every Office 365 customer. The Office 365 portals come from many different teams within Microsoft. Each design team has their own unique priorities. The management portal for CoreView presents a simple three step process. Select Action, Select Item, View Basket is all you need to do.
Select Action is the first step in this CoreView management tool process. Here is where you choose what you want to do. The available actions are mostly for Exchange Online management tasks. There is not much here for managing Skype for Business or SharePoint online tasks yet. Those capabilities are coming in a future release I’ve been informed.
CoreView does enable you to perform bulk-actions on selected accounts. This helps save time when you are doing multiple updates across your user community to reset options like “Clutter”. From any reporting view inside CoreView, you can filter the list of users and then select which accounts you want to update. Even from inside the pre-built reports provided within CoreView under the Analyze tab you can take action on the accounts you select. This type of action-enabled reporting is a key admin bonus for busy IT folks.
In the screen shot below, you can see the large number of user management tasks available within the product. These can be assigned to specific IT administrators or Help Desk personnel by using the integrated RBAC functionality in CoreView.
No need to provide Global Admin rights any longer to remote admins, which is a great security control measure. Changing user properties, for instance, is simply done from the wizard above. All tasks are simple and straightforward using this wizard.
The screenshot below shows how a specific Permissions Rule was assigned for the Help Desk group to enable them with minimal functionality to perform account updates.
This management functionality is not a replacement for all management tasks within Office 365. It is a very easy to use interface for the most common management tasks. The Manage tab in CoreView is not going to completely replace the other more advanced management tools in Office 365. However, it does provide a simplified interface for daily management tasks.
CoreView is also very flexible and allows for the addition of custom actions with the integration of custom PowerShell scripts that can be added to the UI menus. These custom actions can be enabled within the application UI within the Manage section of the application and then assigned using the same RBAC menus that are shown in the screen shot above. The screenshot below shows the new custom action I created to handle Mailbox Provisioning for a new sales employee.
The monitoring features in CoreView helps understand availability of your Office 365 tenant. It’s important to note that CoreView is not a monitoring tool. It is not designed nor intended to work like on-premises monitoring software suites.
Monitoring your on-premises services gives you the ability to react to a loss of service. A predictive failure on a hard drive can warn you to schedule a replacement. Cloud services like Office 365 make that sort of monitoring useless for you the customer. Even if you did know about a service outage for your Office 365 tenant, you can’t fix the problem. The point of cloud services is that the service provider does that work for you. So why track Office 365 at all?
As I see it, there are two reasons. The first is to be able to provide information about current outages to your user base. The second is to collect availability information independent of Microsoft’s statistics.
No IT service is going to be immune to outages, and cloud services are no exception. Outages are bad, but outages where your users know more than you do are worse. Monitoring your Office 365 tenant cannot give you any control over outages. Monitoring Office 365 can give you information before your end-user’s call. That has some real value!
The other reason to monitor Office 365 is to document service availability. Microsoft makes a big deal about Office 365’s financially backed 99.9% up-time guarantee. Unless you collect up-time data yourself, you must use Microsoft’s data to show that they owe you money.
I’m not saying that Microsoft would hide outage data. Yet, you can be sure they are going to present the data in the best possible light for themselves. An independent view of the service availability metrics can help demonstrate that you had a service outage. CoreView monitoring provides information related to outages in your Office 365 tenant. In the screenshot below you can see what the outage report looks like.
This screenshot below is using demo data and does not reflect real Office 365 outages. I used this one to give you an idea what the interface looks like with some outage data included.
License Management Capabilities
The license management features provide some of the greatest benefits from CoreView.
In my personal Office 365 tenant I have 25 E3 licenses, 5 E5 licenses, and 1 EMS E5 license. That’s about $700 a month worth of Office 365 licenses.
My company is basically a one-man shop, so most of those licenses go unused. Because I’m a Microsoft MVP I get a bunch of free Office 365 licenses, so I’m not terribly worried about that wasted expense. However, for an enterprise company paying for huge numbers of Office 365 licenses, CoreView gives you detailed information about the usage of your Office 365 licenses. CoreView will also show you if you are spending money on Office 365 licenses that are not being used.
Inactive licenses are a huge, and a completely avoidable, expense in many organizations. CoreView solves that problem with very little administrative effort. And their reports can be scheduled to run on a specific day/time to send this information to the interested parties.
I think at this point most of the people reading this white paper can stop. If your organization has an Office 365 tenant, then go signup for a CoreView trial and set it up. If you see you’re paying more for inactive license than the cost for CoreView, the decision is a no-brainer.
License management within Office 365 is a common pain point for administrators. Microsoft has many different license SKUs within Office 365. An enterprise organization is going to buy many different license SKUs. The problem of controlling who can use what licenses is a huge pain point for many organizations.
Say your accounting department buys 45 Office 365 E3 licenses. They have 43 people to whom they are going to assign those licenses right away. The plan is to hire two people for open accounting positions. In a sizeable organization, the chances that those two E3 licenses are going to be there in the near future are slim. In my experience those licenses will be gone by the time accounting is ready to use them.
CoreView uses licenses pools to makes license management much easier by enabling ownership of blocks of licenses to a department or business unit. CoreView allows you to partition your Office 365 tenant in any way you see fit. Those license pools ensure that the accounting department can use those licenses in the future because they are the only ones assigned to control their distribution.
The above screenshot shows the interface for creating a license pool. You name your license pool, choose who has access to that pool, and what licenses are available in that pool. It’s that easy to give a department complete control over their own licenses.
The license reporting section gives you a dozen different reports. They cover your Office 365 licensing in deep detail. These reports give you all information you need. There are reports with a high-level overview, and reports that dive into deep detail.
These licensing pools also allow organizations to setup “chargeback” accounting. This provides a pricing table to assign costs to each different type of license. This means an IT department has ability to account for the usage of Office 365 licenses and identify monthly who owns them.
Change Management Capabilities
The Change Management section of CoreView helps you drive targeted adoption campaigns and train your users to take better advantage of Office 365. The job of the IT administrator is changing in a world of cloud-based IT services. Gone are the days when we would need to learn a new application once every five or six years.
Admins need to learn new applications, features, and functionality all the time. We are then responsible for helping the user base of our organizations do the same. This is no small feat.
Say your organization is rolling out One Drive for Business. Only a small number of the users in your organization are using OD4B. Management asks you to identify users who are not using OD4B and get them to take advantage of this new tool.
The drive section in CoreView is there to help you build a targeted adoption campaign and include links to training videos available in their library. It helps you identify the users who are not taking full advantage of a new feature. Then you can educate them on how that functionality will improve their productivity and link them to specific training that would benefit their job role.
Creating an adoption campaign to identify users who need training is easy to do. The screenshot above is from a campaign I created. It’s designed to notify users that there is training for them to learn about this new tool.
You can see that I have limited this campaign to users within a specific license pool. There are many options within the tool to help you filter user lists and target specific groups of users.
In this screenshot, you can see a template email I have created. This email can go out to all the users who match our parameters.
But wait, there’s more! CoreView includes over 2,700 videos you can include in your training campaign messages. Whatever your training needs, it’s likely there is already a video setup and ready for you to send out.
CoreView gives administrators the ability to create and manage high-quality adoption campaigns. These campaigns can reach end-users about the features and functionality of Office 365. CoreView does all the hard work in the background and continually tracks who opens the campaign e-mails, clicks on the training videos, and changes their behavior to start using those specific features inside Office 365. This provides detailed reporting for the adoption trends inside an organization.
Security Auditing Capabilities
Security Compliance has become a business-critical function of all enterprise IT departments. Having the tools on-hand that allow a CIO to report accurately on security and compliance concerns is of utmost importance.
Going through the Analyze section, I see about one hundred thirty-five different reports. These reports cover everything I’ve ever needed from Office 365. Even quite a bit of information I never knew I needed. I don’t have the space to describe all these reports here. Suffice to say CoreView has you covered for reporting. They even include Azure AD reporting, so you can watch suspicious sign-in activity. If there is other information you need, it’s easy to change the existing reports to get the information you need.
One report that I found very useful is Exchange connections by type.
On this report, you can see what clients are being used to connect to Exchange Online. During a recent engagement, I had to do this manually. The customer needed to understand what client types were being used to log in. Having this tool available on that project would have saved them a lot of billable hours of my time.
The main components of Office 365 are Exchange, Skype for Business, and SharePoint. These three applications each have different auditing capabilities. Each has different procedures to setup and maintain audit data. The auditing features in these applications are all robust and mature. It would be difficult to improve the audit data collected by these applications.
The native auditing in Office 365 fails in that you need an expert in each system. By contrast, the auditing features of CoreView are easy to use. CoreView auditing is much better centralized than the tools within Office 365 by providing a single interface to review information from multiple log files.
The below screenshot shows audit data for OneDrive file access events.
The interface is easy to use and perform different sorting to give you exactly the information you are looking for. If you’re a PowerShell expert, this is all information you can get with PowerShell. I’m going to go ahead and assume that most of us are not there yet.
Down the list on the left you’ll see the new Azure AD Reports section. CoreView has pre-built a bunch of reports to provide the information that customers want.
Another notable feature of CoreView is the automated alert notification. Is there a specific event that you need to audit? Is there something you must know about immediately when it occurs in your environment? Setup an alert notification using the wizard provided within CoreView and you will be notified in real-time when that event occurs!
In the screenshot above you can see the simple process for setting up alert notifications. It’s as simple as making selections from an easy-to-use wizard.
It’s a simple wizard driven interface that allows you to click on exactly the events you want to know about. You can setup notifications to tell you if a specific mailbox has had a permission change. It can even send alerts for Azure AD events such as policy changes within the directory.
Many Office 365 customers are also moving IT resources into Azure. Each Office 365 tenant is dependent on an Azure AD instance. Azure offers a lot more functionality than that. CoreView has recently added new functionality around auditing Azure AD. This allows you a much deeper view into the changes within your Office 365 tenants.
New features in CoreView will also assist with other Auditing functions. The following list represents some of the advanced security compliance and auditing categories:
- Datacenter Operations and Privileged Actions
- DLP Issues
- Suspicious Sign-in Activity
- Usage for PowerBI, Sway, and Yammer
Other Office 365 Management Solutions
There are several other Office 365 management solutions out there. While drafting this paper, I debated how many of them I wanted to list here. It’s a balance between making this paper readable versus including all solutions.
After some consideration, I decided I’m not going to list any of the competing Office 365 solutions here. The main reason for that is because none of them directly compares to CoreView. Don’t get me wrong. They are all good at what they do. They all provide excellent solutions for Office 365 management problems that I see. Yet, I am unable to find any other solution that does everything CoreView does. CoreView also combines it in a single management interface.
There are solutions that are very good at Office 365 monitoring. There are solutions that are very good at control over portions of their Office 365 tenant via RBAC. There are some solutions that will audit changes to your Office 365 tenant. There are solutions that will assist you with tenant license management.
But there are no other complete Office 365 management solutions. No one else gives you all that functionality in one pane of glass. For that reason, I see CoreView as the clear best choice for a unified Office 365 management solution.
The Wrap Up
To sum up what I’m trying to say about Office 365 management solutions, I’ve listed a few simple bullet points below. This gives you my opinion of the available Office 365 management solutions on the market.
- The native Office 365 management interfaces are sometimes cumbersome and disjointed.
- Enterprise organizations need advanced management functions. Optimized license management and other functions are not included in the Office 365 admin center.
- There are many other Office 365 management solutions that provide partial solutions. None of them solve all the problems from a single interface except CoreView.
- CoreView includes excellent “extras”. Enabling targeted adoption campaigns and providing an entire on-line library of pre-produced educational videos for end-user training.
- CoreView has capabilities that enable Azure AD monitoring and reporting. This raises the bar yet farther than any other solution.
- As far as I can tell, CoreView is the only complete Office 365 management solution on the market.
If you need more than the native Office 365 management tools, CoreView is the best solution out there and they have an excellent support structure.