SecurityRadar:  Teams, Collaboration & Tenant Security

SecurityRadar was launched in July to enable Microsoft Partners to use data-driven insights to proactively engage with their customers. There are 4 SecurityRadar categories regarding these insights which can transform a customer conversation from theoretical to actionable. This week’s final SecurityRadar blog covers the 4th category, Teams, Collaboration, & Tenant Security.


M365 tools are all about helping end users collaborate, but out of the box, managing security risks such Data Loss Prevention (DLP) is a challenge, as these tools give end users abilities to share data and permissions which expose them to a multitude of security risks.

So how can we know which users are at risk? How can we ensure that each end user is not over-extending access with external contacts, or leaking sensitive information to unauthorized people?

It is true that within M365 there exists the capability to manage some of the security permissions and settings for a tenant and the users, that’s traditional M365 management. However, these can be located in different locations, and often rely on proactive investigation which can be challenging. Powershell is always an option, but training your team on the right commands to use, and remembering which ones are available, is a scalability challenge and takes time to write these commands.

SecurityRadar means ‘no Powershell required’. The interface provides one-click reporting alongside meaningful alerts all in one easy-to-use interface. Furthermore, it provides context about what the best security practices are in each area, what options are recommended by Microsoft based on how a customer’s end users are using M365, and also allows you to do this across your entire customer base, not just one tenant at a time.

To date, there are over 60 out-of-the-box SecurityRadar reports to configure, monitor, and manage best practices for securing data in a tenant.

Collaboration is a broad topic, as most M365 features are all about collaboration. The SharePoint reports are a good example of how SecurityRadar helps partners approach customers regarding risks such as DLP, as Sharepoint users can share folders and files with external contacts.

Here’s how many partners use SecurityRadar’s reporting to approach a customer regarding their security in SharePoint and OneDrive:

Sharepoint Reports

  1. User Audit Log Events Overview – Reports on end-user logins, the timestamp, and their IP address upon login, and more.
  2. Files Activity – This includes where the document resides, who accessed it, when they did so, and whether they downloaded it.
  3. Sharing Activity – View who has shared documents and folders, the recipient of the share, and when it was shared.
  4. Sharing Settings – View the current and available sharing settings for the target in question (SharePoint, Teams, etc.)

With this visibility, approaching a customer to discuss their security settings is more effective, with data-driven insights specific to your customer’s actual environment and usage.

For Teams, the same above reports are available. We’ll deep-dive into 1 particularly useful report unique to Teams, to double-click on the type of ‘read-me’ information available in all SecurityRadar reports.

SecurityRadar Teams Report: “External Guest Access Settings
  • External Domains Access
  • Allowed Domains
  • Blocked Domains
  • Allow Communicate with Skype Users – Windows Live, Yahoo, AOL
  • Allow Guest Access
  • Allow Communicate With Non Organization Teams Users
  • Allow Guest Private Calls
  • Allow Guest Video
  • Guest Screen Sharing Mode
  • Allow Guest Meet Now
  • Allow Guest Edit Messages
  • Allow Guest Delete Messages
  • Allow Guest Delete Chat
  • Allow Guest Chat – Determines if a guest is allowed to chat
  • Allow Guest Immersive Reader
  • Allow External Teams Users Communicate Organization Teams Users – Allows external Teams users to discover and start communication with users in your organization

Remember: Each of these important security settings can be customized via Security Manager commands, workflows, and collections; both out-of-the-box, and also available for you to customize or created from scratch.

Lastly, having optics on the status of the M365 tenant is also a big part of security. SecurityRadar reports bring visibility to areas such as Transport Rules & Connectors, Multifactor Authentication (MFA), and the overall M365 Secure Score.

To double-click on one example of a popular tenant-level report, the “Org Info Report” displays:

  • Security Defaults– Indicates whether Security Defaults is On or Off
  • Azure Active Directory– Shows if licenses are present and lists license plans
  • Microsoft 365 Defender status
  • Conditional Access Readiness– Indicates whether organization is ready to use Conditional Access policies

In addition to the content of Alerts, SecurityRadar is all about providing powerful options for your reporting. In security, there can be a lot of benign alerts and information which makes managing the day-to-day management of your customers cumbersome and tedious. SecurityRadar reports were designed to alleviate all that noise by offering you the following report options:

  • Schedule Automatic Reports. Have reports automatically run on a schedule
  • Apply Reporting Filters. Keep reports clean by specifying output criteria (healthy users, etc)
  • Specify recipient(s). Internal or external email addresses can receive these reports. Additionally, you can sync Exchange Groups from a customer’s environment to select a Group of recipients
  • Export and Download. Formats options include Excel, .txt, or HTML
  • Audit Everything. History of reports, with exportable output
  • Tailor the Scope. Run against one, many, or all of your customers

Partners say that these options are almost equally important as insights they provide. For instance, the Excel format enables you to pivot on data and statistics. Whereas the HTML format is more aesthetic, with color-coded indicators of security risk levels to make customer conversations easy.

It is estimated that over 100 million pieces of sensitive information are shared with unauthorized external contacts every year. SecurityRadar means having robust, multi-layer, customizable reports to first detect whether or not an organization or any of their end users are at-risk, so you can deliver maximum Data Loss Prevention (DLP) with minimal effort on your part, allowing you to not only scale, but to provide your customers with industry-leading security.

We hope you have enjoyed our series on SecurityRadar. With 60+ reports and growing, we hope you can see the value of having data-driven insights at your fingertips to drive customer conversations. You have total visibility and control over all your customers’ M365 tenants, all in one place. That’s SecurityRadar.

Watch the Full Video on SecurityRadar

Footnote

SkyKick has attained global ISO 27001 certification and is trusted by thousands of Microsoft Partners use SecurityRadar to manage over 3.6 million users…and growing.

SkyKick continues to add features to their Security Manager platform to keep up with evolving threats and best practices. As of July 2023, Security Manager now has over 45 workflows regarding Foundational Security Insights, twice the security-related workflows out of the box compared to the beginning of 2023.

SkyKick takes the security of our partners’ and their customers’ data seriously. This growth demonstrates SkyKick’s ongoing commitment to be at the forefront of global security for our Partners and their customers.