2020 was a difficult year for IT teams, and 2021 is going to be challenging as well. As the pandemic raged, you helped your company pivot to remote work.

Surging Microsoft 365 adoption led IT teams to “slap something together,” creating all kinds of havoc. The world is still changing as we figure out the “next normal.” What we know for sure is that you are being asked to do more with less, support more diverse teams, respond to more security threats, make fewer mistakes, and get the most out of every piece of technology you use.

How can you do more with less?

In 30-minutes you will learn:

  • How to harden your admin accounts
  • How to better understand licensing around security features of Microsoft 365, and what is required
  • How to segment your Microsoft 365 tenant to support a delegated administration model
  • How to focus on the various layers of service, data and information security for administrators
  • How to get a better handle on Shadow IT and external data sharing

The pandemic opened our eyes to many opportunities and to the bad practices that we have developed in business and internet security that pose a significant threat to our IT systems and businesses at large. As we pivoted to remote work, the demands on IT teams to handle various tasks increased. 

They had to get the most out of every piece of technology, from supporting more diverse teams, responding to security threats, maximizing every tool and technology, and making fewer mistakes while at it, thereby creating a struggle. 

The good news is that IT teams can learn to do more with less. In the following paragraphs, we will discuss effective habits that will allow for an effective security system, implement great organizational policies, and resolve licensing workflows.  

Protect Your Admin Accounts 

Your admin account is like the key to your kingdom; there is hardly anything going on in your Microsoft365 that your admin does not have access to. Fortunately, protecting your accounts is not enough. Security is a shared responsibility. And Microsoft gives us some capabilities to protect our environment.

As a common stakeholder in the protection of your accounts, some of the questions you include:

  • “How many Microsoft 365 company administrators do you have in your tenant?”
  • “Are you using a separate and dedicated account for administrative duties?”

Multi-factor authentication is a must. It is necessary to avoid conditional access, and you must eliminate SMS and phone calls as authentication methods. Also, admin accounts should only be created when necessary. 

Ordinarily, there are four rules you should follow when it comes to managing your admins. They are:

  • Keep the number of company admins between two and four
  • Use dedicated accounts 
  • Try to close as many doors as possible to become an admin on limited time for specific tasks.
  • Implement multi-factor authentication and try to reduce conditional access. 

Organizational Policy

It is important to reiterate here that security is a shared responsibility. You must put different systems and admin management centers that work directly to protect your business from breaches in place. 

Microsoft offers you a lot of capability, but you are the ruler of the capability. You must define your policy and rules on top of Microsoft's infrastructure. The big question then would be: “do you have complete control and visibility on your tenant configuration?  The majority of organizations state that they have a lot of admin centers to collect data from. But does this translate to complete control and visibility on tenant configuration? 

According to Microsoft's Zero trust initiative, 99% of breaches on cloud security issues are due to customer fault. Hence, there are certain parameters of security that customers must take care of. They include identities, devices used to access, data, application, infrastructure, and the network. 

Visibility is key to formulating your organizational policy. You can only be sure of your security if you can see and understand your environment. Fortunately, CoreView can help you to create better policy management in the following ways: 

  • Provide a single pane of glass with all your users’ configuration service
  • Single customizable dashboard
  • Alerts to be engaged in misconfiguration
  • Single click to remediate misconfiguration 
  • Exception management 
  • Automation to enforce policies.

A common challenge that this can solve is risk-based password management. 

Security Benchmarking 

The question that demands consideration when it comes to security benchmarking is how an organization's M365 configuration compares to the policies of the Center for Internet Security Benchmarks for M365

The Center for Internet Security is a non-profit focused on helping organizations implement the best security practices. The center worked with Microsoft to create a book that defines the best practices for internet security. The latest edition of the CIS Microsoft 365 Foundations was released in June 2020. 

It is, however, a rather large book that might take an IT team a long while to consume and digest. Alternatively, an organization can leverage CoreView to do its security assessment based on the CIS benchmarks, provide a compliance report, and offer recommendations for compliance. 

CoreView recently studied 1.6 million Microsoft admins and found that 90% are lacking basic security regulations. Read the full security benchmark report here.

Least Privilege Access 

To implement privileged access on Microsoft 365, you have a lot of features and capabilities. The first of which are roles that must be granular enough without there being too many predefined roles. There is also the limitation of visibility on admin units, multi/single tenant, and PIM/PAM. 

CoreView can help you by offering you what is called the virtual tenant which is a logical representation of a specific user group.  You can create your virtual tenant and then give access rights and management right on a specific virtual tenant to a specific operator.

Unlike Microsoft, where you have predefined roles with CoreView, you can define your roles by defining the single information and the single action each operator can execute. 

Schedule your demo today to see it in action.

Ready to Conquer Microsoft 365?

Request a Demo