So why are we talking about Microsoft Office 365 hybrid environment today? Well, that's because 95% of Fortune 500 companies still use active directory to manage accounts and resources on-premises. Those same companies are also in the Microsoft cloud.
The likelihood that you have an on-premise active directory and a Microsoft 365 presence also are probably pretty high. An on-prem active directory may be your source of truth for identity management as is the case for a lot of organizations today.
So, managing both environments in a Microsoft 365 hybrid footing is a challenge.
Microsoft provides tools to manage on-prem and cloud separately. Third-party solutions offer options to manage on-prem or cloud. And CoreView manages the hybrid environment as a whole.
For those of you who aren't familiar with CoreView, we help you get your Microsoft 365 ecosystem under control.
Today, we're going to cover three different things primarily.
First, find a 3rd party tool that can delegate high-level admin tasks across your support team to simplify and securely manage your Microsoft 365 ecosystem.
For example, an on-premise agent installed on a Windows server in your environment allows you to manage your ecosystem holistically, rather than managing on-prem and managing on the cloud from a single browser window.
With CoreView’s hybrid connector, you can simplify the management of your Microsoft 365. Using a single interface to manage your users, groups, and mailboxes on the cloud, and on-prem as well as one place to track all your audit logs.
By putting automated processes in place to handle routine and not-so-routine tasks. Actionable reports that allow you to hone in on a specific data set of objects and take efficient action.
It replaces third-party on pre-only solutions and provides improved productivity through that single console, single audit report concept and reduced complex reduced complexity.
The legacy approach to user provisioning is pretty convoluted in, in a lot of organizations, right?
And a lot of those, a lot of those processes are manual processes for a lot of organizations. With CoreView, we can create a single workflow to perform all the required actions. And they can be executed by any delegated CoreView operator.
Let’s have a quick look at what that might look like.
Using the CoreView platform, if we go to our workflows, using a premade onboarding workflow that combines all the actions we may want to kick off in a, in a single action.
Here’s how it is done:
Behind the scenes, we can see, that we have all those users, and users are being created. We can hit the execution details on one of those.
And we see that we're, we're going through a few steps, right?
Similar to onboarding, we have the offboarding processes, organizations have to go through.
And a lot of organizations do onboarding quite well, but they may not do offboarding quite as well. Right? So, there are some key things that Microsoft says are best practices and if we miss any of these, then we leave security gaps behind.
The offboarding legacy process involves going to multiple admin centers and doing multiple manual tasks. And if any of those are missed, that's a bad thing to have to happen, but we can cover all of those same steps in a single workflow with CoreView as well.
The CoreView Way to Safely Offboard Users in Microsoft Office 365:
All of these steps perform from a single workflow for a repeatable, reliable process to make sure that we've properly offboarded, those users. And we're leaving behind no, no gaps and no, you know, no mess to be cleaned up.
The Microsoft Office 365 Password Reset
In the legacy situation
It can oftentimes require escalation, beyond the help desk level to somebody higher up the food chain to a system administrator, or maybe a systems engineer in some cases.
From the CoreView perspective, it's very simple. Grant permission to the help desk agent, to select that CFO's account that needs the password reset and, and just kick it off.
Kick off that password reset right, from the platform. Again, that's a pretty simple process.
Boom. And we're done no need to escalate beyond the help desk.
The help desk doesn't have any additional privileges we don't want them to have, but have enough privileges to get their job done.
Unlocking Microsoft Office 365 Passwords On-prem or in the Cloud
Another very similar case to resetting passwords/ And again, it's another case that could a CFO is offsite at a conference and, and finds her account is locked out and she has a critical email. She needs to get out immediately.
So, she contacts the help desk, the help desk generates a support request, escalates it, the escalation lands, and a system admins queue.
And hopefully, they see it in time to take timely action.
But again, through CoreView, we don't have to worry about that. We. Click a Del Vance here, our CFO, and very quickly UN unblock or, block sign-in status as, the need may be.
Unblocking a Microsoft Office 365 Account
This is a more out-of-the-box situation we might be talking about here. Where the CEO has traveled to a country that, that we block.
We have a conditional access policy set up that says, ‘Hey folks that travel outside of the US to certain countries or that we might not want logins coming from those countries.’
But the CEO has found a need to go to one of those countries and she contacts the help desk with an urgent need saying,
‘Hey, I have to get into teams right now to review and approve a critical.’
Again, we land in a situation where the help desk very well needs to generate a ticket and escalate that to a higher level costing critical time and possibly, money.
With CoreView you can set up a workflow to initiate a blocked country bypass.
These are just a few of the use cases in which we can leverage CoreView to be a force multiplier in your organization.
CoreView can manage both types of objects.
Thanks to the fact that we can open connections directly on different, multiple active directory servers plus the Azure active directories.
So, we are even able to understand if the properties need to be managed on the cloud instead then on-premises.
Because you know that sometimes there are some properties that if the user, for example, is synchronized, you cannot change on the cloud.
So, for the end operator, it's completely transparent. The engine automatically will understand and change the properties where they should be changed.
Well, there are different ways to initiate a workflow.
You can click on a workflow running in an on-demand way. So as soon as you needed to run a workflow, you can open the managed section.
Selective workflows need to run and then just execute.
You can think about running a workflow each time you run a scheduler reports where contents are displayed in the report that you filter it, or also you can think about, triggering a particular scenario.
So those are the ways that you can run the workflow. The platform is flexible. So just think about your scenario and we can implement a very easy solution, to trigger, the workflow.
CoreView has 220 different standard reports available.
And what we can do is we can create exactly the type of report we're looking for.
So, if I go to my user's report, I see that I have by default, this is a four-column report. But if I scroll across the top here, we see that there are several additional fields that I've added.
So, we can include or exclude any of these 500 or 25, 525 or so. attributes and data points.
Once we have that we can export it to various file formats, save it, and schedule it to run regularly.
If there are any hits in this report, we can tie that to a workflow, to fully automate management activity.
Take for instance this particular report, which is admins with no MFA report. It's that user report but filtered down on users that have admin roles with MFA disabled.
I can schedule this report to run every week or every day, every hour.
And if it comes back with hits, I can kick off, a workflow to enforce MFA on all of these users.
Thanks to the workflow you can schedule, some specific tasks that can send emails to whenever you want in any workflow.
So you can immediately at the end of the user provisioning, in this case, send all the details to the manager saying that this is the user you can share, even the password in case even additional details about when the new resources are going to start.
So it's flexible, the possibility of how you can notify the manager and add a case, giving the possibility to the manager, to assess the K platform, even to take some additional actions.
So, this is one of the main features offered by cur view. Why? Because you should know that compliance checks should be performed more times per day or week.
CoreView can provide you with the chance to create, for instance, a KPI Section where you can put all your compliance rulers regarding the status of the object.
You should check this daily to see immediately what happens regarding the objects you are monitoring.
Furthermore, you can also trigger using the alert section, some compliance status and make an automation to get again, the compliance status for something which is out of the scope of the compliance rules.
You selected the specific object. And the last button, not least you can also send reports against some specific criteria.
And in any case, there is some record of the reports which shows some specific compliance status. You can ask some operator to run the automated task to get again, the compliance status, against what you discovered through the report.
But there are a number of options to keep your tenant under control.
One of the biggest challenges is having the data synchronized between Microsoft and our platform.
We are using different strategies to make it happen.
And one is, what we call partial import which is an imported is running every minute and is checking.
Graph API is to get changes that happen on the tenant side so that we can immediately think about what is happening on the tenant side with our databases and expose the fresh data in all the reports that you see.