- Platform Features
- How We Help
- Why Orchestry
In our previous article, we talked at length about the cost of a data breach and how implementing cloud security practices like identity and access management mitigation can significantly reduce the risk and potential cost of a data breach.
Guest Reviews can be a powerful way to mitigate this risk, and while this can be done via Microsoft Identity Governance services, another alternative is to use Orchestry.
Throughout conversations with many organizations, we’ve heard a consistent refrain about Guest Management – for most, it’s simply not a “manageable” task. In our related article, we introduced you to the many reasons why Guest Access in Microsoft365 needs to be a massive priority and showed you the way Guest Access reviews can be done using Azure Identity Governance. In summary, although Azure Identity Governance is extremely beneficial in potentially preventing security issues, it is far from easy to set up, and depending on the number of Groups, Teams, users, and Guests, can lead to a completely unfeasible increase in license costs.
What You’ll Take Away
In our previous related article we discussed some of the reasons why you should consider reviewing your Guests’ Access and how to set up recurring reviews of your Guests using Azure Identity Governance within Microsoft365. In this article we’ll showcase an alternative way to perform Guest Reviews using Orchestry – a significant part of the new Guest Governance and Guest Insights functionality.
The Features discussed below require an active subscription to Orchestry as well as a single Azure P1 license (or license that contains these same core abilities like an E3, or E5). Currently, Orchestry Review Policies can only be attached to Group-connected objects including a Modern Team Site and a Team.
In Orchestry, like Microsoft Identity Governance, we execute Guest Reviews based on the Workspaces (Modern Team Sites and Teams) that currently contain Guest accounts. Policies are created and can be attached to Workspace Templates, or applied individually to workspaces to achieve the desired results.
Much like Workspace Lifecycle Policies which are part of Orchestry’s Workspace Governance feature, Guest Review Policies can easily be attached to existing (historic) workspaces either one at a time or in bulk.
In both cases, the policy will first fire based on the policy interval beginning on the day the policy has been applied to a workspace.
To execute a Guest Review Policy to begin immediately and not wait for the standard specified interval, simply select Force Policy.
Once Guest Lifecycle is put in place via Guest Review Policies, Orchestry surfaces the overall status of Guest Reviews across the enterprise, while allowing administrators to drill down into where that user may be currently undergoing a review.
As a Workspace Owner (or designated user) identified to respond to a Guest Review Policy, a notification will be received via Email and Teams.
Once the reviews are actioned, Guest Users are either renewed (retained in the workspace) or removed immediately, based on the decision. This completes the Guest Review for that particular workspace until such time as it is set up to fire again.
The Guest Review policies are just the tip of the iceberg when it comes to Orchestry’s Guest Insights & Guest Governance features, let alone all the other unrivaled functionality.
Unlike the out-of-the-box Microsoft 365 Guest addition functionality, Orchestry requires users to capture additional information on Guests before sharing access to assets in your tenant, including their first and last name, their company name, and country, and add a justification as to why the Guest needs access.
With the additional context on hand, reviewing Guests becomes a significantly simpler process.
Guest Request policies allow you to create granular rules around Guest requests. You can create policies that restrict Guest Access to certain types of Workspaces altogether. These policies can be applied to Workspaces that hold highly confidential information. More lenient policies can also be created, requiring users to collect additional information about Guests, or approval by a group of members or individuals within your organization before Guest Access is granted.
But that’s only a small portion of what Orchestry can do. On top of Guest Governance and Guest Insights features, it is full of other functionality including Workspace Template features which lets you get the most out of your Microsoft 365 license. These allow you to leverage the existing library of business-first scenario templates created by Microsoft 365 MVPs, or create your own templates and, of course, apply Guest Review and Guest Request policies to those templates. Now every time an end-user requests a new workspace from an existing template, the policies will be automatically embedded and put into action in that workspace once provisioned.
Orchestry’s Guest Insights lift the lid on all the Guests within your tenant and provides you with an unprecedented view of the total number of Guests, the number and list of Workspaces that have been shared with Guests, the number and list of unique domains the Guests in your tenant come from, access violations, growth in Guest numbers over time and so much more! These actionable insights allow your organization to make educated decisions on potential changes to the Guest Request and Review policies, revoking access and removing Guests, and the overall security of your tenant.
Want to See Orchestry’s Guest Governance and Guest Insights in Action?
Orchestry offers a free full-experience trial for 28 days.
Book your demo today to chat with one of our Microsoft 365 experts about the opportunities you can unlock with Orchestry and see it in action.
For more Microsoft 365, SharePoint Online, and Teams insights, tips and tricks, best practices, and exclusive events delivered straight to your inbox, join our mailing list today and level up your Microsoft 365 game!