Upcoming Event
Copilot & Governance – More Than Just Buzzwords!
According to IBM’s Cost of a data breach 2022 report, the global average cost of a data breach is $4.35M. Some 45% of data breaches occur in the cloud and cloud misconfigurations and vulnerabilities are some of the top key cost factors.
There is, however, a silver lining – there are some clear steps that can be taken to protect your organization from data breaches.
With the increasing amount and value of data being hosted in cloud environments, organizations should take steps to protect cloud-hosted databases. Mature cloud security practices were associated with breach cost savings of USD$720,000 compared to organizations without cloud security practices. One of the many cloud security practices that are worth implementing is identity and access management mitigation which reduces the cost of an average potential data breach by a whopping USD$224,396!
Throughout conversations with many organizations using Microsoft 365, we’ve heard a consistent refrain about Guest Management – for most, it’s simply not a “manageable” task to oversee guests with the tools they have. Most administrators feel ill-equipped to get a full understanding of the extent of Guest Access within their Tenant, let alone make decisions on whether current Guests and their access are still legitimate, or not. As collaboration scenarios grow in complexity, organizations mature in their usage patterns of the M365 platform, and digital security becomes an increasingly scrutinized part of the enterprise – the challenge of managing Guests is reaching a tipping point where it can no longer be ignored.
What You’ll Take Away
This article will go over some of the reasons why you should consider reviewing your Guests’ Access, how to set up recurring Reviews of your Guests using Azure Identity Governance within Microsoft365 and highlight some of the challenges and difficulties one may face in using these processes.
There are a host of reasons justifying the need to review an organization’s Guest accounts, but a short summary will serve the purposes of this article. Some of these reasons include:
The Features discussed below required Azure AD Premium P2 licenses.
See What are access reviews | Microsoft Learn and MAU billing model for Azure AD External Identities | Microsoft Learn.
At the bottom of the tab, select the scenarios that can progress from Stage 1 to Stage 2. In my case any guest that has decided during the self-review that their access can be removed need not continue to the second stage – only guests who believe they still need access or did not provide an authoritative answer should proceed to the second stage.
Participants in a Guest Review process will receive an email from Microsoft and direct them to the My Access portal to action the review. The user experience is not bad, but is likely to require some adoption and change management efforts to be successful.
To monitor an ongoing Access Review, the Access Review can be opened, and individual Groups can then be expanded. This can be quite challenging when done at scale and it is difficult to get an overall sense of individual guests and their current access reviews across the environment.
If you’ve gotten this far you can likely ascertain that there is a great deal of complexity to navigate to put this in place, to oversee its execution, as well as to prepare and onboard users to receive these requests and make sense of them.
Another significant challenge can be figuring out licensing and costing which can be extremely complicated. Microsoft provides a table of example license scenarios but even this is not altogether clear. How you choose to set up the Reviews has a clear impact on the licensing count that will be required. Furthermore, how do you know if you will fall over or under the first 50,000 MAU? Are you accounting for the extra fees for SMS/Phone-based multi-factor?
With the Azure P2 Premium license costing a whopping 11.50 per user/per month, incremental costs can add up fast! It is not hard to imagine a large organization with 1,000 unique Team Owners all wanting to perform access reviews for Guests in their Teams – this would amount to an annual cost of $138,000.
All this could be on top of existing license SKUs such as an E3 license (CAD 47.90 per user/month) for each user. Another option would be to bump these users from an E3 to an E5 (CAD 73.00 per user/month) but unless this is required for other functionality, this is a steep cost that many organizations are not ready to bear.
With Orchestry, there is! Our latest Guest Governance and Guest Insights features allow you to set up comprehensive Guest Review policies in minutes, and effectively delegate and automate the entire Guest review process. Curious about what the Guest Review process looks like with Orchestry and how much money and time it can save you?
What’s more important, Guest Governance and Guest Insights features not only allow for much simpler, more efficient, and well-informed Guest reviews but also offer unprecedented insights into all Guests in your tenant and give you granular control over Guest Access.
Unlike the out-of-the-box Microsoft 365 Guest addition functionality, Orchestry requires users to capture additional information on Guests before sharing access to assets in your tenant, including their first and last name, their company name, and country, and add a justification as to why the Guest needs access.
With the additional context on hand, reviewing Guests becomes a significantly simpler process.
We have put together a comprehensive blog on everything you want to know about Guests in your tenant and how to capture this information, so have a read!
Orchestry’s beautiful interface allows you to easily create Guest Review policies of any level of complexity and apply them to the existing workspaces in minutes.
Guest Request policies allow you to create granular rules around Guest requests. You can create policies that restrict Guest Access to certain types of Workspaces altogether. These policies can be applied to Workspaces that hold highly confidential information. More lenient policies can also be created, requiring users to collect additional information about Guests, or approval by a group of members or individuals within your organization before Guest Access is granted.
But that’s only a small portion of what Orchestry can do. On top of Guest Governance and Guest Insights features, it is full of other functionality including Workspace Template features which lets you get the most out of your Microsoft 365 license.
These features allow you to leverage the existing library of business-first scenario templates created by Microsoft 365 MVPs, or create your own templates and, of course, apply Guest Review and Guest Request policies to those templates. Now every time an end-user requests a new workspace from an existing template, the policies will be automatically embedded and put into action in that workspace once provisioned.
Orchestry’s Guest Insights lift the lid on all the Guests within your tenant and provides you with an unprecedented view of the total number of Guests, the number and list of Workspaces that have been shared with Guests, the number and list of unique domains the Guests in your tenant come from, access violations, growth in Guest numbers over time and so much more! These actionable insights allow your organization to make educated decisions on potential changes to the Guest Request and Review policies, revoking access and removing Guests, and the overall security of your tenant.
Want to See Orchestry’s Guest Governance and Guest Insights in Action? Watch our on-demand webinar “Gain control over M365 Guest Access with Orchestry”.
What will you learn in this 60-minute webinar?
/HubSpot%20-%20eBook%20-%20Proof%20Card%20Mockup%20001-min.jpg?length=1000&name=HubSpot%20-%20eBook%20-%20Proof%20Card%20Mockup%20001-min.jpg)
/HubSpot%20-%20Buyers%20Guide%20-%20Proof%20Card%20Mockup%20001-min.jpg?length=1000&name=HubSpot%20-%20Buyers%20Guide%20-%20Proof%20Card%20Mockup%20001-min.jpg)
/HubSpot%20-%20Features%20Sheet%20-%20Proof%20Card%20Mockup%20001-min.jpg?length=1000&name=HubSpot%20-%20Features%20Sheet%20-%20Proof%20Card%20Mockup%20001-min.jpg)
