M365 Monitoring

For about a year now, our programming team had a project on the ‘wish’ list regarding our Managed Microsoft 365 offering. How could we determine a baseline that included backups, MFA setup, and a host of our standard configurations across all our M365 customers? Then with that baseline, write a monitoring tool that would tell us when any account is outside our standards, has deviated from the baseline, has unexpected or non-standard changes to a user’s account, and other important flags.

Why would this be helpful? Imagine we could see non-standard changes in real-time; see accounts that were not enforced with MFA; get in front of risky behaviors or configurations. This would be amazing for our clients and a very pro-active way to stay ahead of security. Basically, we could sleep at night!

One of the primary concerns we’ve wrestled with is inconsistent configurations. We’ve been doing this a while, so we have a clear vision of what works and what doesn’t and the most secure way to setup a new Microsoft tenant. How do we make sure all the steps were followed, correctly? For clients we co-manage, how do we know when inconsistent configurations are present or changes are made that we know to be a risk?

A Microsoft tenant is your specific Microsoft account with your domain(s). This is where all the rules and policies are setup and enforced for existing and new accounts. It’s also a place where we can make policy changes to address new risks or issues we’ve run into, keeping you safe.

Another big item is the ability to Backup and if needed, Restore configurations. Maybe changes were made and rolled out to all users, but need to be rolled back. Maybe a bad actor has entered the environment and started making changes, and we need to knock them out and restore the environment, either in the Microsoft 365 licenses or even in the Azure Active Directory realm (managing your computers outside a traditional network with a server).

Although reporting is important, we’re already buried in a ridiculous amount of data! Honing in on critical changes with appropriate alerts and monitoring allows us to target and address the things that are most at risk. Tracking historical changes is very important, especially if there should be a breach incident and logs are needed, requested, required by third parties such as Cyber Insurance carriers.

We have a growing number of clients taking advantage of InTune. With the Premium level licenses in place, InTune allows us to deploy new equipment much more efficiently in a fraction of the time, with amazing accuracy. There are some very specific configurations that are needed, and some maintenance, all of which have resulted in clients with 15 minutes to roll out a new computer rather than the typical 4 hours we have historically quoted and spent! Imagine replacing 15 or more computers—that’s quite a savings. For our techs, it’s a game changer, greatly reducing the potential that a special step for that specific client was missed. These are configured by client, so they can be customized to meet the need.

For those of you who are interested in, or need to comply with NIST or CMMC, there are some specific requirements. Using this new tool, we can configure and monitor to stay in compliance with these regulations.

The ability to enforce agreed policies across the Microsoft 365 licenses, sift through the amazing amount of alerts and data, provide backup and restoration of configurations, and identify compliance drift or a possible bad actor are game-changing. Security is so important, and we know you count on us to stay on top of it. In the remaining months of 2023, we will roll this out to all our Microsoft tenants and it will become an integral and mandatory part of our managed solutions. Stay tuned for more information and where you are on the schedule! – CMW