So why are we talking about Microsoft Office 365 hybrid environment today? Well, that's because 95% of Fortune 500 companies still use active directory to manage accounts and resources on-premises. Those same companies are also in the Microsoft cloud.

The likelihood that you have an on-premise active directory and a Microsoft 365 presence also are probably pretty high. An on-prem active directory may be your source of truth for identity management as is the case for a lot of organizations today.

So, managing both environments in a Microsoft 365 hybrid footing is a challenge.

Microsoft provides tools to manage on-prem and cloud separately. Third-party solutions offer options to manage on-prem or cloud. And CoreView manages the hybrid environment as a whole.

For those of you who aren't familiar with CoreView, we help you get your Microsoft 365 ecosystem under control.

  1. Full value. So, getting more out of your M365 investment by optimizing licensing
  2. Driving adoption across the enterprise with full oversight. Identifying and managing security and compliance gaps with real-time visibility
  3. Full speed turning hours or days of work into just a few clicks

Today, we're going to cover three different things primarily.

  1. How to automate user management, both across the cloud
  2. How to eliminate having to log into multiple admin centers and consoles to manage your users and objects
  3. How you can reduce the burdens and headaches that come from managing Microsoft 365

How to Automate User Management Across On-Premise and Cloud Environments

First, find a 3rd party tool that can delegate high-level admin tasks across your support team to simplify and securely manage your Microsoft 365 ecosystem.

For example, an on-premise agent installed on a Windows server in your environment allows you to manage your ecosystem holistically, rather than managing on-prem and managing on the cloud from a single browser window.

With CoreView’s hybrid connector, you can simplify the management of your Microsoft 365. Using a single interface to manage your users, groups, and mailboxes on the cloud, and on-prem as well as one place to track all your audit logs.

By putting automated processes in place to handle routine and not-so-routine tasks. Actionable reports that allow you to hone in on a specific data set of objects and take efficient action.

It replaces third-party on pre-only solutions and provides improved productivity through that single console, single audit report concept and reduced complex reduced complexity.

What are some of the use cases, for CoreView’s Hybrid Connect?

Instant user provisioning

The legacy approach to user provisioning is pretty convoluted in, in a lot of organizations, right?

CoreView Hybrid Infographic
  1. Create that on-premise user in active directory
  2. Wait for active directory to connect to sync that user up to the cloud
  3. Or kick it off manually
  4. Or run some sort of PowerShell script
  5. Go to various admin centers
  6. Go to the Microsoft 365 admin center to assign licenses
  7. On-prem Exchange admin center to add that account to on-prem distribution groups
  8. Or the exchange online admin center to add it to an online distribution group
  9. We may have to go to the Microsoft Teams admin center and set the teams policy
  10. Set up an MFA
  11. Bounce over to Azure and do that there
  12. Notify the user or close a ticket via ServiceNow, etc.

And a lot of those, a lot of those processes are manual processes for a lot of organizations. With CoreView, we can create a single workflow to perform all the required actions. And they can be executed by any delegated CoreView operator.

Let’s have a quick look at what that might look like.

Using the CoreView platform, if we go to our workflows, using a premade onboarding workflow that combines all the actions we may want to kick off in a, in a single action.

CoreView Hybrid Infographic

Here’s how it is done:

  1. Select what looks like three or four of these users from this, this CSV file I have created
  2. Snap them right into that onboarding workflow
  3. Map our execution input fields and hit submit

Behind the scenes, we can see, that we have all those users, and users are being created. We can hit the execution details on one of those.

And we see that we're, we're going through a few steps, right?

  1. Bypassed the account creation approval (but we can have that as a step where a manager has to say yes, go ahead and create, that account)
  2. Created, a random password for this account and then we created the account
  3. Now in Azure AD, we can see that we have created those accounts
  4. On-prem active directory server that account was indeed created simultaneously on-prem and in the cloud

Instant Offboarding Process for Microsoft Office 365 Users

Similar to onboarding, we have the offboarding processes, organizations have to go through.

And a lot of organizations do onboarding quite well, but they may not do offboarding quite as well. Right? So, there are some key things that Microsoft says are best practices and if we miss any of these, then we leave security gaps behind.

The offboarding legacy process involves going to multiple admin centers and doing multiple manual tasks. And if any of those are missed, that's a bad thing to have to happen, but we can cover all of those same steps in a single workflow with CoreView as well.

The CoreView Way to Safely Offboard Users in Microsoft Office 365:

  1. Admin approval and then we can block sign-in status
  2. Revoke user sessions, convert the mailbox, add mailbox permissions, and set auto-reply
  3. Forward email and remove all licenses
  4. Add OneDrive owners

All of these steps perform from a single workflow for a repeatable, reliable process to make sure that we've properly offboarded, those users. And we're leaving behind no, no gaps and no, you know, no mess to be cleaned up.

Group membership, management, unlocking accounts

The Microsoft Office 365 Password Reset

In the legacy situation

  1. You need to know where that password needs to be reset (aka whether it is on-prem or cloud)
  2. Change that password where appropriate
  3. And a lot of times, this requires elevated admin privileges - domain admin, global admin, user admin, etc.

It can oftentimes require escalation, beyond the help desk level to somebody higher up the food chain to a system administrator, or maybe a systems engineer in some cases.

From the CoreView perspective, it's very simple. Grant permission to the help desk agent, to select that CFO's account that needs the password reset and, and just kick it off.

Kick off that password reset right, from the platform. Again, that's a pretty simple process.

  1. Hit this analyze tab here in the platform
  2. Sign myself to the help desk role
    • We see a lot of the reports down the left-hand side have disappeared, but if we go to the user's report and we search for Bruce, Wayne will say, Bruce Wayne, is our CFO here that needs his password
  3. Select Bruce to manage the password key in the password change

Boom. And we're done no need to escalate beyond the help desk.

The help desk doesn't have any additional privileges we don't want them to have, but have enough privileges to get their job done.

Unlocking Microsoft Office 365 Passwords On-prem or in the Cloud

Another very similar case to resetting passwords/ And again, it's another case that could a CFO is offsite at a conference and, and finds her account is locked out and she has a critical email. She needs to get out immediately.

So, she contacts the help desk, the help desk generates a support request, escalates it, the escalation lands, and a system admins queue.

And hopefully, they see it in time to take timely action.

But again, through CoreView, we don't have to worry about that. We. Click a Del Vance here, our CFO, and very quickly UN unblock or, block sign-in status as, the need may be.

Unblocking a Microsoft Office 365 Account

This is a more out-of-the-box situation we might be talking about here. Where the CEO has traveled to a country that, that we block.

We have a conditional access policy set up that says, ‘Hey folks that travel outside of the US to certain countries or that we might not want logins coming from those countries.’

But the CEO has found a need to go to one of those countries and she contacts the help desk with an urgent need saying,

‘Hey, I have to get into teams right now to review and approve a critical.’

Again, we land in a situation where the help desk very well needs to generate a ticket and escalate that to a higher level costing critical time and possibly, money.

With CoreView you can set up a workflow to initiate a blocked country bypass.

  1. Send an approval email to the security team
  2. If they approve, the request, they can click that blue check mark
  3. The CEO's account is added to a blocked country's exception list that we've pre-configured in Azure ad behind the scenes
  4. Give that CEO one hour delay to accomplish whatever work he or she needs to get accomplished
  5. Then we revoke the user sessions and remove the members from that block country's exemption exemptions list
  6. Send the security team notifications saying, ‘Hey, this has all been handled’

These are just a few of the use cases in which we can leverage CoreView to be a force multiplier in your organization.

  1. Expedite support requests.
  2. Empower your IT department across the spectrum

Frequently Asked Questions Around Microsoft Office 365 Hybrid Environments

Can you manage both synchronized and on-prem users within CoreView?

CoreView can manage both types of objects.

Thanks to the fact that we can open connections directly on different, multiple active directory servers plus the Azure active directories.

So, we are even able to understand if the properties need to be managed on the cloud instead then on-premises.

Because you know that sometimes there are some properties that if the user, for example, is synchronized, you cannot change on the cloud.

So, for the end operator, it's completely transparent. The engine automatically will understand and change the properties where they should be changed.

How are the workflows initiated?

Well, there are different ways to initiate a workflow.

You can click on a workflow running in an on-demand way. So as soon as you needed to run a workflow, you can open the managed section.

Selective workflows need to run and then just execute.

You can think about running a workflow each time you run a scheduler reports where contents are displayed in the report that you filter it, or also you can think about, triggering a particular scenario.

So those are the ways that you can run the workflow. The platform is flexible. So just think about your scenario and we can implement a very easy solution, to trigger, the workflow.

CoreView offers perfect reporting within the platform. What does that mean?

CoreView has 220 different standard reports available.

And what we can do is we can create exactly the type of report we're looking for.

So, if I go to my user's report, I see that I have by default, this is a four-column report. But if I scroll across the top here, we see that there are several additional fields that I've added.

So, we can include or exclude any of these 500 or 25, 525 or so. attributes and data points.

Once we have that we can export it to various file formats, save it, and schedule it to run regularly.

If there are any hits in this report, we can tie that to a workflow, to fully automate management activity.

Take for instance this particular report, which is admins with no MFA report. It's that user report but filtered down on users that have admin roles with MFA disabled.

I can schedule this report to run every week or every day, every hour.

And if it comes back with hits, I can kick off, a workflow to enforce MFA on all of these users.

How is the loop closed with the manager after a user is provisioned?

Thanks to the workflow you can schedule, some specific tasks that can send emails to whenever you want in any workflow.

So you can immediately at the end of the user provisioning, in this case, send all the details to the manager saying that this is the user you can share, even the password in case even additional details about when the new resources are going to start.

So it's flexible, the possibility of how you can notify the manager and add a case, giving the possibility to the manager, to assess the K platform, even to take some additional actions.

How does CoreView impact our continuous compliance efforts?

So, this is one of the main features offered by cur view. Why? Because you should know that compliance checks should be performed more times per day or week.

CoreView can provide you with the chance to create, for instance, a KPI Section where you can put all your compliance rulers regarding the status of the object.

You should check this daily to see immediately what happens regarding the objects you are monitoring.

Furthermore, you can also trigger using the alert section, some compliance status and make an automation to get again, the compliance status for something which is out of the scope of the compliance rules.

You selected the specific object. And the last button, not least you can also send reports against some specific criteria.

And in any case, there is some record of the reports which shows some specific compliance status. You can ask some operator to run the automated task to get again, the compliance status, against what you discovered through the report.

But there are a number of options to keep your tenant under control.

Can you talk about partial imports and, and having the data updated in real-time?

One of the biggest challenges is having the data synchronized between Microsoft and our platform.

We are using different strategies to make it happen.

And one is, what we call partial import which is an imported is running every minute and is checking.

Graph API is to get changes that happen on the tenant side so that we can immediately think about what is happening on the tenant side with our databases and expose the fresh data in all the reports that you see.

Ready to Conquer Microsoft 365?

Request a Demo