Joel Oleson, profile picture
Uploaded byJoel Oleson
PPTX, PDF710 views

Securely Harden Microsoft 365 with Secure Score

The document outlines a comprehensive strategy for implementing a Zero Trust security model using Microsoft security tools, emphasizing the need for explicit verification and least privileged access in today's cyber environment. It details 12 key tasks for security teams to secure Microsoft 365 and Azure, including enabling multi-factor authentication, protecting against threats, and managing devices. Additionally, the document introduces the CoreView platform to enhance security and management of Microsoft 365 environments.

Embed presentation

Downloaded 43 times
Director Perficient
Agenda • Zero Trust Model • Understanding Microsoft Security Tools • Harden Microsoft 365 & introduction to Secure Score • Identity • Devices • Data • Workloads • Networks • Even more with Partners • CoreView Simplified Administration
Zero Trust – Security Strategy There is no impermeable perimeter. It’s not a matter of if, but when… ASSUME BREACH! The Zero Trust framework is the pragmatic model for today’s hostile reality that includes a mindset, operating model, and architecture tuned to the threat. • Explicit Verification of User & Device • Least Privileged Access • Automation & Intelligence Credit: Forrester – Zero Trust Framework "Every service request made by a user or machine is properly authenticated, authorized, and encrypted end-to-end."
Microsoft 365: A Path to Zero Trust and Secure Cloud Services Microsoft has identified 12 key tasks to help security teams implement the most important security capabilities as quickly as possible with remote work in mind. 1) Enable Azure multi-factor authentication (MFA) 2) Protect against threats in Office 365 3) Configure Office 365 advanced threat protection 4) Configure Azure advanced threat protection 5) Turn on Microsoft Advanced Threat Protection 6) Configure intune mobile app protection for phones and tablets 7. Configure MFA and conditional access for guests, including intune mobile app protection 8. Enroll PCs into Device Management and require compliant PCs 9. Optimize your network for cloud connectivity 10. Train Users 11. Get started with Microsoft cloud app security 12. Monitor for threats and take action
Data Files & Content Identity Accounts, Access, Authentication and Beyond Workloads SAAS, PAAS, and IAAS Clouds & Datacenters Networks From the Client to the Edge to the Service Devices Laptops, Desktops Phones everything in between Insights & Automation Visibility & Analytics Zero Trust Zero Trust Based on the Forrester – Zero Trust Framework
What’s your secure score? >Demo Secure Score
MS Security Defender Decoder Ring Old name New name -> Microsoft Secure Score securescore.Microsoft.com Microsoft Threat Protection Microsoft Defender Security Center security.microsoft.com Microsoft Defender Advanced Threat Protection Microsoft Defender for Endpoint securitycenter.microsoft.com Office 365 Advanced Threat Protection Microsoft Defender for Office 365 protection.microsoft.com Azure Advanced Threat Protection Microsoft Defender for Identity Azure Security Center Standard Edition Azure Defender for Servers Azure Security Center for IoT Azure Defender for IoT Advanced Threat Protection for SQL Azure Defender for SQL Azure Sentinel *New! -> Compliance Center compliance.Microsoft.com
7 Keys to Hardening Microsoft 365
Data Files & Content Identity Accounts, Access, Authentication and Beyond Workloads SAAS, PAAS, and IAAS Clouds & Datacenters Networks From the Client to the Edge to the Service Devices Laptops, Desktops Phones everything in between Insights & Automation Visibility & Analytics Zero Trust Zero Trust Based on the Forrester – Zero Trust Framework
Identity  Secure access with MFA  Strong Passwords  Block legacy Auth Password recommendations for Admins • Maintain an 8-character minimum length requirement (longer isn't necessarily better) • Don't require character composition requirements. For example, *&(^%$ • Don't require mandatory periodic password resets for user accounts • Ban common passwords, to keep the most vulnerable passwords out of your system • Enforce registration for multi-factor authentication • Enable risk-based multi-factor authentication challenges Recommendations for Users • Avoid same or similar to one you use elsewhere • Don't use a single word or common phrase • Make passwords hard to guess avoid names, birthdays of family, favorite bands, and phrases you like
Tiered Config: Identity, Devices & Protection https://docs.microsoft.com/en-us/microsoft-365/solutions/productivity-illustrations
Data Files & Content Identity Accounts, Access, Authentication and Beyond Workloads SAAS, PAAS, and IAAS Clouds & Datacenters Networks From the Client to the Edge to the Service Devices Laptops, Desktops Phones everything in between Insights & Automation Visibility & Analytics Zero Trust Zero Trust Based on the Forrester – Zero Trust Framework
Microsoft Information Protection: Protect your sensitive information—anytime, anywhere https://azure.microsoft.com/en-us/services/information-protection/
Demo Data Loss Prevention for Microsoft Teams
7 Keys to Hardening Microsoft 365
Data Files & Content Identity Accounts, Access, Authentication and Beyond Workloads SAAS, PAAS, and IAAS Clouds & Datacenters Networks From the Client to the Edge to the Service Devices Laptops, Desktops Phones everything in between Insights & Automation Visibility & Analytics Zero Trust Zero Trust Based on the Forrester – Zero Trust Framework
Demo EndPoint Management Device Protection
Data Files & Content Identity Accounts, Access, Authentication and Beyond Workloads Exchange, Teams, SharePoint, OneDrive Networks From the Client to the Edge to the Service Devices Laptops, Desktops Phones everything in between Insights & Automation Visibility & Analytics Zero Trust Zero Trust Based on the Forrester – Zero Trust Framework
Capability Description Archive Any content stored in any Teams related workload needs to be preserved immutably Compliance Content search Any content stored in any workload can be search through rich filtering capabilities and be exported to a specific container for compliance and litigation support​. eDiscovery – Messaging/Files Rich in-place eDiscovery capabilities including case management, preservation, search, analysis and export to help our customers simplify the eDiscovery process to quickly identify relevant data while decreasing cost and risk. Legal hold When any team or individual is put on In-Place Hold or litigation hold, the hold is placed on both the primary and the archive messages (No edits or deletes). Auditing and reporting All Team activities and business events must be captured and available for customer search and export. Conditional Access and Intune MAM Ensure that access to Microsoft Teams is restricted to devices that are compliant with IT Admin or Corporate Organization set policies and security rules both for the Teams Apps and the services it uses under the hood. Includes MAC Support for Conditional Access as well. Moderator support The ability to have a moderator (owner of team) of a Team delete data from any user in the team that is inappropriate and mute users in a team/channel. Windows Information Protection Windows Information Protection (WIP), previously known as enterprise data protection (EDP), helps to protect against this potential data leakage without otherwise interfering with the employee experience. WIP also helps to protect enterprise apps like MS Teams. Allowed List of Apps An Admin can control the list of 3P apps (bots, connectors, tabs) that can be used by end users within a tenant. Retention / Preservation Help organizations reduce the liabilities associated with messaging. The Customer can configure their tenant to retain data for a fixed period of time or retain it with unlimited storage for different Teams workloads. eDiscovery – Calling/Meetings Rich in-place eDiscovery capabilities including case management, preservation, search, analysis and export to help our customers simplify the eDiscovery process to quickly identify relevant data while decreasing cost and risk. Data loss prevention (DLP) Identify any sensitive data stored being transferred within or outside of Customer Organization in Teams to intercept and prevent leakage​ for Files and Chat/Channel Messages. Advanced Threat Protection Support for safe files and safe links in Microsoft Teams to protect your organization from malicious attacks with the power of Office 365 Advanced threat protection Business Information Barriers Prevent exchanges or communication that could lead to conflicts of interest. (a.k.a. Ethical walls) Conversation/Chat Supervision Supervision policies in Office 365 allow you to capture employee communications for examination by designated reviewers. You can define specific policies that capture internal and external email, Microsoft Teams, or 3rd-party communications in your organization. AvailableTodaySecurity & Compliance Capabilities
Protect Against Messenger Threats In Office 365 All Office 365 / Microsoft 365 plans include a variety of threat protection features. • Anti-malware protection • Anti-phishing protection • Anti-spam protection • Safe links • Safe attachments • Threat Trackers • Threat Explorers • Attack Simulators • Real Time Attack detection Office 365 Message Encryption (OME) is an online service that's built on Microsoft Azure Rights Management BitLocker and Distributed Key Manager (DKM) for Encryption Protect against threats in Office 365 Office 365 includes a variety of threat protection features. Here's a quick-start guide you can use as a checklist to make sure your threat protection features are set up for your organization.
Demo Security Management for Microsoft Teams Cloud App Security
Data Files & Content Identity Accounts, Access, Authentication and Beyond Workloads SAAS, PAAS, and IAAS Clouds & Datacenters Networks From the Client to the Edge to the Service Devices Laptops, Desktops Phones everything in between Insights & Automation Visibility & Analytics Zero Trust Zero Trust Based on the Forrester – Zero Trust Framework
Security Capabilities & Licensing Utilizing our enterprise plans, Microsoft recommends you complete the tasks listed in the following table that apply to your service plan. If, instead of purchasing a Microsoft 365 enterprise plan, you are combining subscriptions, note the following: • Microsoft 365 E3 includes Enterprise Mobility + Security (EMS) E3 and Azure AD P1 • Microsoft 365 E5 includes EMS E5 and Azure AD P2 Microsoft’s 12 Steps for Zero Trust All Office 365 Enterprise Plans Microsoft 365 E3 Microsoft 365 E5 1. Enable Azure Multi-factor Authentication (MFA)    2. Protect Against Workload Threats In Office 365    3. Configure Defender for Office 365 (Advanced Threat Protection)  4. Configure Defender for Azure (Advanced Threat Protection) (ATP)  5. Enable Notifications for Microsoft Defender Security Center  6. Configure EndPoint with Intune Mobile App Protection For Phones And Tablets   7. Configure MFA And Conditional Access For Guests, Including Intune Mobile App Protection   8. Enroll Pcs Into Device Management And Require Compliant Pcs   9. Optimize Your Network For Cloud Connectivity    10. Train Users    11. Get Started With Microsoft Cloud App Security    12. Monitor For Threats And Take Action   
Harden Microsoft 365 and Azure Networks and Infrastructure (Azure Defender) Azure Resource Protection (Azure Defender for Servers) Extended Detection Response (IoT, Multi-cloud, SQL) Secure Hybrid Workloads Workloads (Microsoft Defender for Office 365) Threat Protection Safe links, Safe Documents, Safe Attachments Anti-spam, Anti-malware & Anti-phishing Apps (Cloud App Security) API & App Log collection Reverse proxy, Control & Visibility Identify and combat cyberthreats Devices (Microsoft Defender for Endpoint) Endpoint behavioral sensors Cloud security analytics Threat intelligence Data (Microsoft Information Protection) Identify & Classify Apply & Monitor Policies Encrypt Sensitive Data Identity (Azure Active Directory, Microsoft Defender for Identity) Secure access with MFA Strong Passwords Block legacy Auth Microsoft 365 Defender (includes Exchange Online Protection and ATP 1 & 2), Azure Active Directory, Microsoft Defender for Endpoint (includes InTune & Secure Score for Devices), Microsoft Information Protection, Microsoft Defender for Identity, and Cloud App Security, Azure Defender, Azure Sentinel Microsoft Defender Portal (Microsoft 365 Defender) Advanced Hunting Incident Correlation Rule Based Detection
Resources: Microsoft 365 includes several ways to monitor status and take appropriate actions. Your best starting point is the Microsoft 365 Security Center, where you can view your organization's Microsoft Secure Score, and any alerts or entities that require your attention. Get Started: • Get Started With The Microsoft 365 Security Center • Monitor And View Reports • See The Security Portals In Microsoft 365 Get Started With Cloud App Security Now: • QuickStart: Get started with Cloud App Security • Get instantaneous behavioral analytics and anomaly detection • Learn more about Microsoft Cloud App Security • Review new features and capabilities • See basic setup instructions
Microsoft Security + Partner Solutions
Are you getting everything you need from Microsoft in Security & Administration? • No, I’m evaluating Security tools • No, I’m evaluating Admin/Management tools • I’m overwhelmed. Too much! Wish I had a tool to simplify all this • Yes
SaaS, Mastered CoreView
SaaS, Mastered CoreView is a SaaS management platform that protects, manages, and optimizes Microsoft 365 and other SaaS environments by augmenting and extending Microsoft Admin Center Protect Manage Optimize
SaaS, Mastered
SaaS, Mastered • Limits Admin scope and delegates appropriate functions for M365 least privilege access • Enriches and retains audit data, enhancing e-discovery • Enforces identity and access configurations based on security recommendations • Automates workflows, including deprovisioning of access • Classifies and tags sensitive info Protect Manage Optimize
SaaS, Mastered Protect • Allows delegation of appropriate M365 Admin functions • Automates workflows, including Hybrid agent to synchronize on-prem AD and Exchange with Azure AD and Exchange Online • Controls M365 and other SaaS with actionable analytics Manage Optimize
SaaS, Mastered Protect Manage • Manages M365 licenses and SaaS usage/payments intelligently • Responsibly manages license costs with knowledge of Microsoft and SaaS services actually being used • Drives adoption of desired applications with knowledge of what is actually being used, and then perform targeted email campaigns to encourage adoption and drive users to context-sensitive How-To video instruction Optimize
How CoreView Helps with Secure Score
CoreView Secure Score Dashboard
SaaS, Mastered Office 365 Health Check It’s Easy to Get Started: • Login to Microsoft and consent to CoreView utilizing Microsoft API to review your tenant • (While there, we suggest reviewing who else has access!) • CoreView will review your O365 account data against recommendations • No passwords required • No requirement to remove MFA Complementary checkup on your security settings compared to general recommendations https://www.coreview.com/office-365-health-check-report/
Thank you! Least privilege access to M365 and other SaaS Enhanced e-discovery with enriched data Security policies Automated workflows Document classification Protect Delegated administration for segregation of duties Automated workflows Actionable analytics Manage License management and chargebacks License consumption optimization Workload adoption and proficiency Optimize
Next Steps! • Find more on CoreView.com bit.ly/hardeninginfographic • Download slides at slideshare.net/joeloleson • Join us for the next webinar in this series in January! • Join CoreView tomorrow for “8 Ways People are Your Biggest Threats to Office 365 Security” bit.ly/coreviewwebinar Joel Oleson Joel@joel365.com Linkedin.com/in/joeloleson

More Related Content

PDF
Cloud App Security Customer Presentation.pdf
byErikHof4
 
PPTX
Office 365 Security Best Practices
byCommunity IT Innovators
 
PPTX
Microsoft 365 and Microsoft Cloud App Security
byAlbert Hoitingh
 
PPTX
3 Modern Security - Secure identities to reach zero trust with AAD
byAndrew Bettany
 
PPTX
Microsoft Teams Governance and Security Best Practices - Joel Oleson
byJoel Oleson
 
PDF
Microsoft Modern-Work-Plan-Comparison-Enterprise.pdf
bySachin Paul
 
PPTX
Defend Against Threats with SIEM Plus XDR Workshop - Microsoft Defender for E...
bymartijnhoffie
 
PPTX
Overview of Microsoft Teams and Data Loss Prevention(DLP)
byRadhakrishnan Govindan
 
Cloud App Security Customer Presentation.pdf
byErikHof4
 
Office 365 Security Best Practices
byCommunity IT Innovators
 
Microsoft 365 and Microsoft Cloud App Security
byAlbert Hoitingh
 
3 Modern Security - Secure identities to reach zero trust with AAD
byAndrew Bettany
 
Microsoft Teams Governance and Security Best Practices - Joel Oleson
byJoel Oleson
 
Microsoft Modern-Work-Plan-Comparison-Enterprise.pdf
bySachin Paul
 
Defend Against Threats with SIEM Plus XDR Workshop - Microsoft Defender for E...
bymartijnhoffie
 
Overview of Microsoft Teams and Data Loss Prevention(DLP)
byRadhakrishnan Govindan
 

What's hot

PDF
Microsoft Office 365 Security and Compliance
byDavid J Rosenthal
 
PDF
Microsoft Azure Sentinel
byBGA Cyber Security
 
PPTX
Azure security and Compliance
byKarina Matos
 
PDF
Microsoft 365 Enterprise Security with E5 Overview
byDavid J Rosenthal
 
PPTX
Azure Security Overview
byAllen Brokken
 
PDF
Zero Trust Model Presentation
byGowdhaman Jothilingam
 
PDF
Container Security Using Microsoft Defender
byRahul Khengare
 
PPTX
Deep dive into Microsoft Purview Data Loss Prevention
byDrew Madelung
 
PDF
introduction to Azure Sentinel
byRobert Crane
 
PPTX
Data Loss Prevention
byReza Kopaee
 
PPTX
SEIM-Microsoft Sentinel.pptx
byAmrMousa51
 
PPTX
Microsoft Defender for Endpoint
byCheah Eng Soon
 
PPTX
Zero Trust
byBoaz Shunami
 
DOCX
Symantec Data Loss Prevention - Technical Proposal (General)
byIftikhar Ali Iqbal
 
PPTX
microsoft-cybersecurity-reference-architectures (1).pptx
byGenericName6
 
PPTX
Top 10 use cases for Microsoft Purview.pptx
byAlistair Pugin
 
PPTX
Cybersecurity
byA. Shamel
 
PDF
Stopping zero day threats
byZscaler
 
PPTX
Azure Security and Management
byAllen Brokken
 
PDF
Microsoft Defender and Azure Sentinel
byDavid J Rosenthal
 
Microsoft Office 365 Security and Compliance
byDavid J Rosenthal
 
Microsoft Azure Sentinel
byBGA Cyber Security
 
Azure security and Compliance
byKarina Matos
 
Microsoft 365 Enterprise Security with E5 Overview
byDavid J Rosenthal
 
Azure Security Overview
byAllen Brokken
 
Zero Trust Model Presentation
byGowdhaman Jothilingam
 
Container Security Using Microsoft Defender
byRahul Khengare
 
Deep dive into Microsoft Purview Data Loss Prevention
byDrew Madelung
 
introduction to Azure Sentinel
byRobert Crane
 
Data Loss Prevention
byReza Kopaee
 
SEIM-Microsoft Sentinel.pptx
byAmrMousa51
 
Microsoft Defender for Endpoint
byCheah Eng Soon
 
Zero Trust
byBoaz Shunami
 
Symantec Data Loss Prevention - Technical Proposal (General)
byIftikhar Ali Iqbal
 
microsoft-cybersecurity-reference-architectures (1).pptx
byGenericName6
 
Top 10 use cases for Microsoft Purview.pptx
byAlistair Pugin
 
Cybersecurity
byA. Shamel
 
Stopping zero day threats
byZscaler
 
Azure Security and Management
byAllen Brokken
 
Microsoft Defender and Azure Sentinel
byDavid J Rosenthal
 

Similar to Securely Harden Microsoft 365 with Secure Score

PDF
October 2022 CIAOPS Need to Know Webinar
byRobert Crane
 
PDF
A Secure Journey to Cloud with Microsoft 365
byDavid J Rosenthal
 
PDF
Being more secure using Microsoft 365 Business
byRobert Crane
 
PDF
Security as a Service with Microsoft Presented by Razor Technology
byDavid J Rosenthal
 
PPTX
In t trustm365ems_v3
byInTTrust S.A.
 
PPTX
Microsoft Security Advice ISSA Slides.pptx
byMike Brannon
 
PDF
May 2020 Microsoft 365 Need to Know Webinar
byRobert Crane
 
PPTX
Securing your Organization with Microsoft 365
byRavikumar Sathyamurthy
 
PDF
Microsoft Security adoptionguide for the enterprise
byssuserd58af7
 
PPTX
History of Content Security: Take 2 - ShareCloudSummit Houston
byAdam Levithan
 
PPTX
AB-900, the replacement of MS-900 course
byMichelAguilera4
 
PPTX
Stay Productive, Collaborative, and Secure with Microsoft 365
byChris Bortlik
 
PPTX
Modern Workplace with Microsoft 365
byRavikumar Sathyamurthy
 
PDF
modernworkplacewithmicrosoft365-180213045346.pdf
byskvvs2023
 
PPTX
CLOUD ZERO TRUST MODEL
byFayyaz Ahmed MASc, MSc, MS IT, MCS, CE, CET ✔
 
PDF
Implementing Zero Trust: Best Practices for Microsoft Cloud Environments
byMichael Noel
 
PPTX
ciso-workshop-1-cybersecurity-briefing.pptx
bypravinsp141
 
PDF
Microsoft 365 Security Overview
byRobert Crane
 
PDF
Microsoft 365 Security and Compliance
byDavid J Rosenthal
 
PDF
December 2019 Microsoft 365 Need to Know Webinar
byRobert Crane
 
October 2022 CIAOPS Need to Know Webinar
byRobert Crane
 
A Secure Journey to Cloud with Microsoft 365
byDavid J Rosenthal
 
Being more secure using Microsoft 365 Business
byRobert Crane
 
Security as a Service with Microsoft Presented by Razor Technology
byDavid J Rosenthal
 
In t trustm365ems_v3
byInTTrust S.A.
 
Microsoft Security Advice ISSA Slides.pptx
byMike Brannon
 
May 2020 Microsoft 365 Need to Know Webinar
byRobert Crane
 
Securing your Organization with Microsoft 365
byRavikumar Sathyamurthy
 
Microsoft Security adoptionguide for the enterprise
byssuserd58af7
 
History of Content Security: Take 2 - ShareCloudSummit Houston
byAdam Levithan
 
AB-900, the replacement of MS-900 course
byMichelAguilera4
 
Stay Productive, Collaborative, and Secure with Microsoft 365
byChris Bortlik
 
Modern Workplace with Microsoft 365
byRavikumar Sathyamurthy
 
modernworkplacewithmicrosoft365-180213045346.pdf
byskvvs2023
 
CLOUD ZERO TRUST MODEL
byFayyaz Ahmed MASc, MSc, MS IT, MCS, CE, CET ✔
 
Implementing Zero Trust: Best Practices for Microsoft Cloud Environments
byMichael Noel
 
ciso-workshop-1-cybersecurity-briefing.pptx
bypravinsp141
 
Microsoft 365 Security Overview
byRobert Crane
 
Microsoft 365 Security and Compliance
byDavid J Rosenthal
 
December 2019 Microsoft 365 Need to Know Webinar
byRobert Crane
 

More from Joel Oleson

PPTX
Introduction to Microsoft Viva and the Employee Experience Platform with Joel...
byJoel Oleson
 
PPTX
Vivafy your SharePoint intranet in Microsoft Teams with Viva Connections
byJoel Oleson
 
PPTX
Viva Enhanced Teams as a Platform
byJoel Oleson
 
PPTX
Microsoft Teams Webinars - PowerPoint Live Presentation Mode and More
byJoel Oleson
 
PDF
Intelligent Content Enrichment using Microsoft SharePoint Syntex and Viva Top...
byJoel Oleson
 
PPTX
SharePoint Syntex 5 Practical Uses
byJoel Oleson
 
PDF
Slice up your Microsoft 365 Tenant with Administrative Units
byJoel Oleson
 
PDF
Microsoft 365 Tenant Administration: Understanding Microsoft 365 Administrati...
byJoel Oleson
 
PPTX
Microsoft Teams as a Platform - Microsoft 365 Application Platform Maturity M...
byJoel Oleson
 
PPTX
Microsoft Teams Governance Quickstart - The Experts Conference
byJoel Oleson
 
PDF
Security Hardening Microsoft 365 Tools and Techniques
byJoel Oleson
 
PPTX
TeamsFest - Microsoft Teams as an Event Platform: Case Study for Large Scale ...
byJoel Oleson
 
PPTX
Microsoft Teams Governance and Automation
byJoel Oleson
 
PPTX
Travel Trivia - World Travelers - Hosted by Joel Oleson
byJoel Oleson
 
PPTX
Decisions: SharePoint 2010 Workflows to SharePoint Online to Power Automate D...
byJoel Oleson
 
PPTX
Microsoft Teams Live Events - Producing Large Scale Events Case Study
byJoel Oleson
 
PPTX
Microsoft Groups Demystified: 5 Keys to Successful Group Management
byJoel Oleson
 
PPTX
7 Innovative Ways Project Cortex Delivers Business Value
byJoel Oleson
 
PPTX
M365VM - Project Cortex: AI Powered Knowledge Network for the Enterprise
byJoel Oleson
 
PPTX
M365VM - Preparing for Project Cortex with Joel Oleson
byJoel Oleson
 
Introduction to Microsoft Viva and the Employee Experience Platform with Joel...
byJoel Oleson
 
Vivafy your SharePoint intranet in Microsoft Teams with Viva Connections
byJoel Oleson
 
Viva Enhanced Teams as a Platform
byJoel Oleson
 
Microsoft Teams Webinars - PowerPoint Live Presentation Mode and More
byJoel Oleson
 
Intelligent Content Enrichment using Microsoft SharePoint Syntex and Viva Top...
byJoel Oleson
 
SharePoint Syntex 5 Practical Uses
byJoel Oleson
 
Slice up your Microsoft 365 Tenant with Administrative Units
byJoel Oleson
 
Microsoft 365 Tenant Administration: Understanding Microsoft 365 Administrati...
byJoel Oleson
 
Microsoft Teams as a Platform - Microsoft 365 Application Platform Maturity M...
byJoel Oleson
 
Microsoft Teams Governance Quickstart - The Experts Conference
byJoel Oleson
 
Security Hardening Microsoft 365 Tools and Techniques
byJoel Oleson
 
TeamsFest - Microsoft Teams as an Event Platform: Case Study for Large Scale ...
byJoel Oleson
 
Microsoft Teams Governance and Automation
byJoel Oleson
 
Travel Trivia - World Travelers - Hosted by Joel Oleson
byJoel Oleson
 
Decisions: SharePoint 2010 Workflows to SharePoint Online to Power Automate D...
byJoel Oleson
 
Microsoft Teams Live Events - Producing Large Scale Events Case Study
byJoel Oleson
 
Microsoft Groups Demystified: 5 Keys to Successful Group Management
byJoel Oleson
 
7 Innovative Ways Project Cortex Delivers Business Value
byJoel Oleson
 
M365VM - Project Cortex: AI Powered Knowledge Network for the Enterprise
byJoel Oleson
 
M365VM - Preparing for Project Cortex with Joel Oleson
byJoel Oleson
 

Recently uploaded

PDF
Bettersize | BeSEC Series Product Brochure
byBettersize Instruments
 
PDF
TrustArc Webinar - From Zero to Privacy Hero: Launching Your Program Right an...
byTrustArc
 
PDF
Designing a Blog Using Wordpress
bymarkzubi50
 
PDF
Taxonomy Alignment for SDG Tagging - ASHA Case Study
byEnterprise Knowledge
 
PPTX
The Lex Wire Precedent: A Technical Standard for Machine-Mediated Authority ...
byJeff Howell
 
PDF
Agentic-Document-Extraction-2026-Presentation.pdf
byTamanna
 
PDF
Pneumatic Pressure Pump PPP01 for Calibration & Testing
bySERRAX TECHNOLOGIES LLP
 
PPTX
TechSprint (SJBIT) 2025-26 Hackathon Winners & Awards Ceremony
bysuhasspgdg
 
PPTX
Introduction to Artificial Intelligence (AI).pptx
byammar414783
 
PDF
Transcript: What Thema can do: Leveraging metadata to support the discoverabi...
byBookNet Canada
 
PDF
Dev Dives: Build and deploy agentic automations - the unified way
byUiPathCommunity
 
PPTX
TechSprint WinterHack — Top 10 Teams Pitching Session we are excited for pit...
bybajpaitusharoffon678
 
PDF
Chapter 4 Network Security in computer security
byGetnet Tigabie Askale -(GM)
 
PDF
Post-Hackathon-Learnings-Maximizing-Impact-Beyond-the-Event.pdf
byishantyadav1111
 
PDF
Title Installing Windows, Linux, MacOS.pdf
byGeraldAbadajos
 
PDF
Parental Control App for Phones_ The Complete 2026 Guide for Safer, Smarter P...
byRyan Cooper
 
PDF
Real-Time AI at Scale Masterclass: Feature Store at Scale
byScyllaDB
 
PDF
Supercharge Your Copilot-Driven Collaboration with Microsoft 365 Agents SDK
byAntti Koskela
 
PDF
What Is the Azure AI Foundry and Why Does It Matter for Enterprises?
byjohncarterjn
 
PDF
"Painless Major Upgrade: A Strategy for Updating Large Codebases", Andrii Yat...
byFwdays
 
Bettersize | BeSEC Series Product Brochure
byBettersize Instruments
 
TrustArc Webinar - From Zero to Privacy Hero: Launching Your Program Right an...
byTrustArc
 
Designing a Blog Using Wordpress
bymarkzubi50
 
Taxonomy Alignment for SDG Tagging - ASHA Case Study
byEnterprise Knowledge
 
The Lex Wire Precedent: A Technical Standard for Machine-Mediated Authority ...
byJeff Howell
 
Agentic-Document-Extraction-2026-Presentation.pdf
byTamanna
 
Pneumatic Pressure Pump PPP01 for Calibration & Testing
bySERRAX TECHNOLOGIES LLP
 
TechSprint (SJBIT) 2025-26 Hackathon Winners & Awards Ceremony
bysuhasspgdg
 
Introduction to Artificial Intelligence (AI).pptx
byammar414783
 
Transcript: What Thema can do: Leveraging metadata to support the discoverabi...
byBookNet Canada
 
Dev Dives: Build and deploy agentic automations - the unified way
byUiPathCommunity
 
TechSprint WinterHack — Top 10 Teams Pitching Session we are excited for pit...
bybajpaitusharoffon678
 
Chapter 4 Network Security in computer security
byGetnet Tigabie Askale -(GM)
 
Post-Hackathon-Learnings-Maximizing-Impact-Beyond-the-Event.pdf
byishantyadav1111
 
Title Installing Windows, Linux, MacOS.pdf
byGeraldAbadajos
 
Parental Control App for Phones_ The Complete 2026 Guide for Safer, Smarter P...
byRyan Cooper
 
Real-Time AI at Scale Masterclass: Feature Store at Scale
byScyllaDB
 
Supercharge Your Copilot-Driven Collaboration with Microsoft 365 Agents SDK
byAntti Koskela
 
What Is the Azure AI Foundry and Why Does It Matter for Enterprises?
byjohncarterjn
 
"Painless Major Upgrade: A Strategy for Updating Large Codebases", Andrii Yat...
byFwdays
 

Securely Harden Microsoft 365 with Secure Score

  • 1.
  • 2.
    Agenda • Zero TrustModel • Understanding Microsoft Security Tools • Harden Microsoft 365 & introduction to Secure Score • Identity • Devices • Data • Workloads • Networks • Even more with Partners • CoreView Simplified Administration
  • 3.
    Zero Trust –Security Strategy There is no impermeable perimeter. It’s not a matter of if, but when… ASSUME BREACH! The Zero Trust framework is the pragmatic model for today’s hostile reality that includes a mindset, operating model, and architecture tuned to the threat. • Explicit Verification of User & Device • Least Privileged Access • Automation & Intelligence Credit: Forrester – Zero Trust Framework "Every service request made by a user or machine is properly authenticated, authorized, and encrypted end-to-end."
  • 4.
    Microsoft 365: APath to Zero Trust and Secure Cloud Services Microsoft has identified 12 key tasks to help security teams implement the most important security capabilities as quickly as possible with remote work in mind. 1) Enable Azure multi-factor authentication (MFA) 2) Protect against threats in Office 365 3) Configure Office 365 advanced threat protection 4) Configure Azure advanced threat protection 5) Turn on Microsoft Advanced Threat Protection 6) Configure intune mobile app protection for phones and tablets 7. Configure MFA and conditional access for guests, including intune mobile app protection 8. Enroll PCs into Device Management and require compliant PCs 9. Optimize your network for cloud connectivity 10. Train Users 11. Get started with Microsoft cloud app security 12. Monitor for threats and take action
  • 6.
    Data Files & Content Identity Accounts,Access, Authentication and Beyond Workloads SAAS, PAAS, and IAAS Clouds & Datacenters Networks From the Client to the Edge to the Service Devices Laptops, Desktops Phones everything in between Insights & Automation Visibility & Analytics Zero Trust Zero Trust Based on the Forrester – Zero Trust Framework
  • 7.
  • 8.
    MS Security DefenderDecoder Ring Old name New name -> Microsoft Secure Score securescore.Microsoft.com Microsoft Threat Protection Microsoft Defender Security Center security.microsoft.com Microsoft Defender Advanced Threat Protection Microsoft Defender for Endpoint securitycenter.microsoft.com Office 365 Advanced Threat Protection Microsoft Defender for Office 365 protection.microsoft.com Azure Advanced Threat Protection Microsoft Defender for Identity Azure Security Center Standard Edition Azure Defender for Servers Azure Security Center for IoT Azure Defender for IoT Advanced Threat Protection for SQL Azure Defender for SQL Azure Sentinel *New! -> Compliance Center compliance.Microsoft.com
  • 9.
    7 Keys toHardening Microsoft 365
  • 10.
    Data Files & Content Identity Accounts,Access, Authentication and Beyond Workloads SAAS, PAAS, and IAAS Clouds & Datacenters Networks From the Client to the Edge to the Service Devices Laptops, Desktops Phones everything in between Insights & Automation Visibility & Analytics Zero Trust Zero Trust Based on the Forrester – Zero Trust Framework
  • 11.
    Identity  Secure accesswith MFA  Strong Passwords  Block legacy Auth Password recommendations for Admins • Maintain an 8-character minimum length requirement (longer isn't necessarily better) • Don't require character composition requirements. For example, *&(^%$ • Don't require mandatory periodic password resets for user accounts • Ban common passwords, to keep the most vulnerable passwords out of your system • Enforce registration for multi-factor authentication • Enable risk-based multi-factor authentication challenges Recommendations for Users • Avoid same or similar to one you use elsewhere • Don't use a single word or common phrase • Make passwords hard to guess avoid names, birthdays of family, favorite bands, and phrases you like
  • 13.
    Tiered Config: Identity,Devices & Protection https://docs.microsoft.com/en-us/microsoft-365/solutions/productivity-illustrations
  • 14.
    Data Files & Content Identity Accounts,Access, Authentication and Beyond Workloads SAAS, PAAS, and IAAS Clouds & Datacenters Networks From the Client to the Edge to the Service Devices Laptops, Desktops Phones everything in between Insights & Automation Visibility & Analytics Zero Trust Zero Trust Based on the Forrester – Zero Trust Framework
  • 15.
    Microsoft Information Protection:Protect your sensitive information—anytime, anywhere https://azure.microsoft.com/en-us/services/information-protection/
  • 16.
  • 17.
    7 Keys toHardening Microsoft 365
  • 18.
    Data Files & Content Identity Accounts,Access, Authentication and Beyond Workloads SAAS, PAAS, and IAAS Clouds & Datacenters Networks From the Client to the Edge to the Service Devices Laptops, Desktops Phones everything in between Insights & Automation Visibility & Analytics Zero Trust Zero Trust Based on the Forrester – Zero Trust Framework
  • 19.
  • 20.
    Data Files & Content Identity Accounts,Access, Authentication and Beyond Workloads Exchange, Teams, SharePoint, OneDrive Networks From the Client to the Edge to the Service Devices Laptops, Desktops Phones everything in between Insights & Automation Visibility & Analytics Zero Trust Zero Trust Based on the Forrester – Zero Trust Framework
  • 21.
    Capability Description Archive Anycontent stored in any Teams related workload needs to be preserved immutably Compliance Content search Any content stored in any workload can be search through rich filtering capabilities and be exported to a specific container for compliance and litigation support​. eDiscovery – Messaging/Files Rich in-place eDiscovery capabilities including case management, preservation, search, analysis and export to help our customers simplify the eDiscovery process to quickly identify relevant data while decreasing cost and risk. Legal hold When any team or individual is put on In-Place Hold or litigation hold, the hold is placed on both the primary and the archive messages (No edits or deletes). Auditing and reporting All Team activities and business events must be captured and available for customer search and export. Conditional Access and Intune MAM Ensure that access to Microsoft Teams is restricted to devices that are compliant with IT Admin or Corporate Organization set policies and security rules both for the Teams Apps and the services it uses under the hood. Includes MAC Support for Conditional Access as well. Moderator support The ability to have a moderator (owner of team) of a Team delete data from any user in the team that is inappropriate and mute users in a team/channel. Windows Information Protection Windows Information Protection (WIP), previously known as enterprise data protection (EDP), helps to protect against this potential data leakage without otherwise interfering with the employee experience. WIP also helps to protect enterprise apps like MS Teams. Allowed List of Apps An Admin can control the list of 3P apps (bots, connectors, tabs) that can be used by end users within a tenant. Retention / Preservation Help organizations reduce the liabilities associated with messaging. The Customer can configure their tenant to retain data for a fixed period of time or retain it with unlimited storage for different Teams workloads. eDiscovery – Calling/Meetings Rich in-place eDiscovery capabilities including case management, preservation, search, analysis and export to help our customers simplify the eDiscovery process to quickly identify relevant data while decreasing cost and risk. Data loss prevention (DLP) Identify any sensitive data stored being transferred within or outside of Customer Organization in Teams to intercept and prevent leakage​ for Files and Chat/Channel Messages. Advanced Threat Protection Support for safe files and safe links in Microsoft Teams to protect your organization from malicious attacks with the power of Office 365 Advanced threat protection Business Information Barriers Prevent exchanges or communication that could lead to conflicts of interest. (a.k.a. Ethical walls) Conversation/Chat Supervision Supervision policies in Office 365 allow you to capture employee communications for examination by designated reviewers. You can define specific policies that capture internal and external email, Microsoft Teams, or 3rd-party communications in your organization. AvailableTodaySecurity & Compliance Capabilities
  • 22.
    Protect Against MessengerThreats In Office 365 All Office 365 / Microsoft 365 plans include a variety of threat protection features. • Anti-malware protection • Anti-phishing protection • Anti-spam protection • Safe links • Safe attachments • Threat Trackers • Threat Explorers • Attack Simulators • Real Time Attack detection Office 365 Message Encryption (OME) is an online service that's built on Microsoft Azure Rights Management BitLocker and Distributed Key Manager (DKM) for Encryption Protect against threats in Office 365 Office 365 includes a variety of threat protection features. Here's a quick-start guide you can use as a checklist to make sure your threat protection features are set up for your organization.
  • 23.
  • 24.
    Data Files & Content Identity Accounts,Access, Authentication and Beyond Workloads SAAS, PAAS, and IAAS Clouds & Datacenters Networks From the Client to the Edge to the Service Devices Laptops, Desktops Phones everything in between Insights & Automation Visibility & Analytics Zero Trust Zero Trust Based on the Forrester – Zero Trust Framework
  • 27.
    Security Capabilities & Licensing Utilizingour enterprise plans, Microsoft recommends you complete the tasks listed in the following table that apply to your service plan. If, instead of purchasing a Microsoft 365 enterprise plan, you are combining subscriptions, note the following: • Microsoft 365 E3 includes Enterprise Mobility + Security (EMS) E3 and Azure AD P1 • Microsoft 365 E5 includes EMS E5 and Azure AD P2 Microsoft’s 12 Steps for Zero Trust All Office 365 Enterprise Plans Microsoft 365 E3 Microsoft 365 E5 1. Enable Azure Multi-factor Authentication (MFA)    2. Protect Against Workload Threats In Office 365    3. Configure Defender for Office 365 (Advanced Threat Protection)  4. Configure Defender for Azure (Advanced Threat Protection) (ATP)  5. Enable Notifications for Microsoft Defender Security Center  6. Configure EndPoint with Intune Mobile App Protection For Phones And Tablets   7. Configure MFA And Conditional Access For Guests, Including Intune Mobile App Protection   8. Enroll Pcs Into Device Management And Require Compliant Pcs   9. Optimize Your Network For Cloud Connectivity    10. Train Users    11. Get Started With Microsoft Cloud App Security    12. Monitor For Threats And Take Action   
  • 28.
    Harden Microsoft 365and Azure Networks and Infrastructure (Azure Defender) Azure Resource Protection (Azure Defender for Servers) Extended Detection Response (IoT, Multi-cloud, SQL) Secure Hybrid Workloads Workloads (Microsoft Defender for Office 365) Threat Protection Safe links, Safe Documents, Safe Attachments Anti-spam, Anti-malware & Anti-phishing Apps (Cloud App Security) API & App Log collection Reverse proxy, Control & Visibility Identify and combat cyberthreats Devices (Microsoft Defender for Endpoint) Endpoint behavioral sensors Cloud security analytics Threat intelligence Data (Microsoft Information Protection) Identify & Classify Apply & Monitor Policies Encrypt Sensitive Data Identity (Azure Active Directory, Microsoft Defender for Identity) Secure access with MFA Strong Passwords Block legacy Auth Microsoft 365 Defender (includes Exchange Online Protection and ATP 1 & 2), Azure Active Directory, Microsoft Defender for Endpoint (includes InTune & Secure Score for Devices), Microsoft Information Protection, Microsoft Defender for Identity, and Cloud App Security, Azure Defender, Azure Sentinel Microsoft Defender Portal (Microsoft 365 Defender) Advanced Hunting Incident Correlation Rule Based Detection
  • 29.
    Resources: Microsoft 365 includesseveral ways to monitor status and take appropriate actions. Your best starting point is the Microsoft 365 Security Center, where you can view your organization's Microsoft Secure Score, and any alerts or entities that require your attention. Get Started: • Get Started With The Microsoft 365 Security Center • Monitor And View Reports • See The Security Portals In Microsoft 365 Get Started With Cloud App Security Now: • QuickStart: Get started with Cloud App Security • Get instantaneous behavioral analytics and anomaly detection • Learn more about Microsoft Cloud App Security • Review new features and capabilities • See basic setup instructions
  • 30.
    Microsoft Security +Partner Solutions
  • 31.
    Are you gettingeverything you need from Microsoft in Security & Administration? • No, I’m evaluating Security tools • No, I’m evaluating Admin/Management tools • I’m overwhelmed. Too much! Wish I had a tool to simplify all this • Yes
  • 32.
  • 33.
    SaaS, Mastered CoreView isa SaaS management platform that protects, manages, and optimizes Microsoft 365 and other SaaS environments by augmenting and extending Microsoft Admin Center Protect Manage Optimize
  • 34.
  • 35.
    SaaS, Mastered • LimitsAdmin scope and delegates appropriate functions for M365 least privilege access • Enriches and retains audit data, enhancing e-discovery • Enforces identity and access configurations based on security recommendations • Automates workflows, including deprovisioning of access • Classifies and tags sensitive info Protect Manage Optimize
  • 36.
    SaaS, Mastered Protect • Allowsdelegation of appropriate M365 Admin functions • Automates workflows, including Hybrid agent to synchronize on-prem AD and Exchange with Azure AD and Exchange Online • Controls M365 and other SaaS with actionable analytics Manage Optimize
  • 37.
    SaaS, Mastered Protect Manage •Manages M365 licenses and SaaS usage/payments intelligently • Responsibly manages license costs with knowledge of Microsoft and SaaS services actually being used • Drives adoption of desired applications with knowledge of what is actually being used, and then perform targeted email campaigns to encourage adoption and drive users to context-sensitive How-To video instruction Optimize
  • 38.
    How CoreView Helpswith Secure Score
  • 39.
  • 40.
    SaaS, Mastered Office 365 HealthCheck It’s Easy to Get Started: • Login to Microsoft and consent to CoreView utilizing Microsoft API to review your tenant • (While there, we suggest reviewing who else has access!) • CoreView will review your O365 account data against recommendations • No passwords required • No requirement to remove MFA Complementary checkup on your security settings compared to general recommendations https://www.coreview.com/office-365-health-check-report/
  • 41.
    Thank you! Least privilegeaccess to M365 and other SaaS Enhanced e-discovery with enriched data Security policies Automated workflows Document classification Protect Delegated administration for segregation of duties Automated workflows Actionable analytics Manage License management and chargebacks License consumption optimization Workload adoption and proficiency Optimize
  • 42.
    Next Steps! • Findmore on CoreView.com bit.ly/hardeninginfographic • Download slides at slideshare.net/joeloleson • Join us for the next webinar in this series in January! • Join CoreView tomorrow for “8 Ways People are Your Biggest Threats to Office 365 Security” bit.ly/coreviewwebinar Joel Oleson Joel@joel365.com Linkedin.com/in/joeloleson

Editor's Notes

  • #23 All Office 365 plans include a variety of threat protection features. Bumping up protection for these features takes just a few minutes. Anti-malware protection Protection from malicious URLs and files Anti-phishing protection Anti-spam protection See Protect against threats in Office 365 for guidance you can use as a starting point.
  • #28 https://techcommunit Microsoft Teams is a powerful hub for teamwork, whether you’re working at the office, on the road, or from home. It enables your team to work seamlessly together, integrating chat, calling, meetings, business process, task management and file collaboration. Communities, on the other hand, connect with people across teams, and across the organization, to share knowledge and experience. In the past, Yammer and Teams were separate experiences, adding friction by requiring people to bounce back and forth between applications. Today, you can add an important Yammer community to your team.  Click “+” to add a tab, pick Yammer, and configure the community you want to display. For example, you can add a crisis response tab to your team, allowing you to follow and engage with conversations in the community without leaving your hub for teamwork. Very soon, Microsoft will be releasing the new Yammer app for Teams, which will bring the new Yammer experience, in full fidelity, into Teams. This will give Teams customers a more powerful hub for teamwork that integrates their investments in Yammer. Stay tuned for more as we near the release of the Yammer app for Teams. y.microsoft.com/t5/yammer-blog/keeping-employees-informed-and-engaged-during-difficult-times/ba-p/1216032
  • #33 Thanks for meeting today, really appreciate you taking the time. Let's talk a little bit about what CoreView is, and then get into seeing if it's a fit to help solve your problems.
  • #34 Turning to what we actually do, here’s how to think about CoreView. We’re a SaaS management platform that extends and augments Microsoft Admin Center, and other SaaS admin consoles, and we add value on top of them. We certainly make it easier to manage things. The big thing is, we add new functionality to do things you just can’t do in any other way, so you can solve really thorny, persistent problems. And that’s across 3 areas: protecting your environment, managing it much more effectively on a day-to-day basis, and optimizing customer’s investment in M365 & SaaS. Thus, it means both getting people to use the right stuff, so you get the maximum value out of what you’ve already paid for, and not paying for stuff you don’t use.
  • #35 So the first question you have is, well, how does it actually work? This picture shows you the key functional elements of the CoreView system, and how they interact with your M365 tenant. And it works not just in the Azure cloud, but also in a hybrid environment, like yours, by synchronizing on-premises AD and Exchange. As you can see, CoreView collects data from many sources. Then we process it, enrich it, store it, present it, and most importantly, allow you to act on it. That means you don't get just the hundreds of detailed reports to SEE what's going on, but also get to FIX everything that might be wrong. There is common functionality that works across each of those Protect, Manage and Optimize wheelhouses, First, with virtual tenants, you split your environment up into logical segments. With role-based access control, operators are only allowed to do a very small set of actions on users and objects that fall within their scope of responsibility, which is tied to those virtual tenants. You can control to a very fine level who can do what limited set of actions on a limited set of items. That action can be manual or automated with workflows. We collect and enrich a ton of data, that is otherwise really time-consuming – and brittle – if you do it on your own. We have the tools to show you what matters about that data. So you see the most important things. And then you can take action on them. And then knowing what users are using what, we can help you increase adoption of desired tools with adoption campaigns to only the users that need the help, not all users. So we will get into those elements, but the most important thing isn’t the underlying technology, it’s what people DO with it. Let’s look at that next.
  • #36 Starting with the goal of protecting your environment from security issues, there are 5 really popular ways that customers use CoreView. Limiting what some admins can do, so you can delegate those limited rights to selected people, is a huge one. And it is so much better than what Microsoft can do, because Microsoft groups various rights and permissions into predefined roles. That's clumsy and limited. But CoreView lets you select VERY granular rights and permissions on a per-user basis, so it's elegant, easy to use, and much more powerful. CoreView takes data from many sources and enriches it with attributes from AD – so you have a name and a device tied to an action, not just an IP address, for example. You'll see many customized recommendations to secure your environment, based on frameworks from CIS – the Center for Internet Security – and NIST. We can profile identity and access management configurations And what good is all that configuration work if the wrong people still have access, like after they leave the organization? Why not automate the deprovisioning process, to ensure former employees, contractors, etc., no longer have access? Another very powerful thing you can do is point CoreView at your content, and have it automatically classify and tag what info is in there – in office docs, emails, any repository! – so you comply with regulations and policies. Now let's turn to another area.
  • #37 Management of M365 environments has become more complex: More employees, contractors, partners – now all remote with lots of personal devices More applications and restful APIs between them No longer behind the corporate firewall on the corporate network, now that perimeters have disappeared And obviously the explosion of traffic, including video impacting the volume of traffic, and logs! CoreView enables you to separate and divide and then simplify the administration of M365 environments, as it allows you to slice & dice the Global Admin role. First by the *scope* of what can be administered, using virtual tenants. And second by using RBAC to delegate the functions you operators to have – at a very granular level. And then automate the workflows – like provisioning and deprovisioning users and processes – and synchronize those changes across hybrid environments – Azure AD as well as AD and Exchange on-prem. Finally, the reporting is just amazing. It's extensive, and unlike home-grown stuff driven by PowerShell and PowerBI, it work at scale, and it works all the time. And now, on to the third area.
  • #38 Since you're spending a lot on your M365 and SaaS tools, why not get the most out of your investment? That's what we mean by optimize. CoreView allows you manage M365 & SaaS licenses – identify what's in use and set up license pools to allocate them by department, geo, whatever. That allows you to view allocations and all expenses per license pool, which is great for chargebacks. And you’ll want to mange license costs, based on knowing what is actually being used, like which services of E3 and E5 licenses are being used versus what license is currently assigned. CoreView makes it extremely easy to get a handle on what you're using, and what you should be paying. Once you know what people are using, there's bound to be software that is not the company standard. So you can set up Adoption campaigns – which are email campaigns specifically for the users who aren’t using the desired tools. That way they will start using them. And the emails can even point to a library of How-To videos that show the users exactly how to do what they need to do in each application. They're quick snippets of useful info – without pushing them to YouTube, where searching for help might result in a long, unrelated video that then rolls into a series of distractions like cat videos!
  • #41 To start a Health Check, and see a detailed report of your settings compared against recommended settings, all you need to do is: Log into Microsoft.com with your tenant admin account and consent to CoreView being able to use the Microsoft API CoreView will then review your account data against recommendations. As I said, no need to provide CoreView any login credentials, or for you to remove any MFA requirements. When you go in to do this, this message is displayed: In order to request your Office 365 Health Check, you will need to login as Tenant Admin on Microsoft side and grant consent to CoreView. We will never ask for your password; the authentication process is performed by Microsoft. Fill out the request form below, we will immediately begin ingesting your Office 365 account data, and we will notify you when the report is ready.
  • #42 Again, thanks for your time. We are really looking forward to following up with _______ and _______, and seeing what the Health Check turns up!