As part of a governor-led directive, the State of Iowa needed to improve efficiency, eliminate duplication, and reduce public spending. Integral to this initiative was the plan to reduce the number of state agencies from 37 down to 16 and centralize core services such as IT across all agencies.
The IT team’s task was a daunting one. Against the backdrop of a mixed Microsoft and Google environment, 10,000+ users, 9 separate Microsoft 365 tenants, dual email systems and significant “shadow IT”, they needed to consolidate and standardize without sacrificing flexibility for individual agencies.
Consolidation and standardization created several operational and security challenges around visibility, complex tenant management and the need to build stronger tenant resilience.
“I describe CoreView as being like Microsoft 365 on steroids. I don’t have to sit there and open up multiple management consoles to get the job done.”
To address these challenges, the State of Iowa adopted CoreView as a centralized, “single pane of glass” for managing its Microsoft 365 environment.
Unified visibility and administration: Using CoreView the team can view and manage Microsoft 365 from a single point and avoid hopping between multiple admin centers. Reports that might take 2+ hours to build using CoPilot searches and PowerShell can now be completed with a few clicks in under 10 minutes.
Operational guardrails for migration and access: During user migrations, members of the team often require admin rights to user accounts and OneDrive. Once migrations are complete, those elevated privileges must be removed promptly to minimize risk. Iowa uses CoreView’s automated reporting to regularly identify when admin rights should be revoked, ensuring temporary access does not become permanent exposure.
Proactive monitoring of app registrations: App registrations are critical to many applications and workflows, but if they expire, they stop working. The team use CoreView to run a weekly report and identify app registrations due to expire in the upcoming 30 days. This proactive approach makes it easy to reach out to the owner and identify whether the app is still needed or whether the registration can be removed.
Foundation for building tenant resilience: Looking to the future, Iowa is evaluating how CoreView can help to align Microsoft 365 tenant configurations with the CIS Microsoft 365 Security benchmarks, while still ensuring the flexible configuration controls that respect individual departmental needs.
By implementing CoreView, the State of Iowa has significantly improved how it manages and secures its complex Microsoft 365 environment.
Dramatic efficiency gains: Routine and ad-hoc admin tasks that previously took hours now take minutes enabling admins to respond more quickly to requests from enterprise experts, security teams, and agency stakeholders, freeing time for higher-value projects.
Stronger security and governance: Privileges are systematically audited and cleaned up, limiting unnecessary persistent admin access. App registration lifecycles are proactively managed, preventing unexpected failures and maintaining control over integrated applications.
Doug Maxfield, Microsoft 365 administrator with the Department of Management (DOM) for the State of Iowa commented: “CoreView provides a single view across multiple tenants helping the department act as the “overarching IT provider” while still accommodating agency-specific requirements."
The government of the State of Iowa provides public amenities and regulates affairs on behalf of over 3 million citizens across a wide range of services from family and health to safety and transportation. In 2023, the governor introduced legislation to reduce the number of cabinet-level departments from 37 to 16 by consolidating agencies with similar functions and centralizing programs that served similar needs.
CoreView is the leading SaaS platform for Microsoft 365 Tenant Resilience. Trusted by enterprises worldwide, CoreView secures the configuration, identity, and access layers of Microsoft 365-hardening tenants against attack, reducing privilege and blast radius, detecting configuration tampering, and restoring security posture after incidents. By protecting Microsoft 365 & Entra at the tenant level, CoreView ensures organizations can prevent compromise, withstand intrusion, and recover with confidence from cyber threats and operational disruption.
