Automate 150+ Tenant-Wide Baseline Security Settings with One Workflow
In today’s blog we cover the final topic of the series: Strengthening Tenant Security.
In our prior blogs, we aimed to help you get started with Security Manager. If you haven’t already done so, it may be worthwhile to review these prior blogs to:
- Link your customer base to Security Manager
- Gain total visibility on Secure Scores
- Improve mailbox security through automation workflows
These blogs covered how to identify and rectify specific security vulnerabilities. Now we walk through how to comprehensively strengthen overall tenant security for your customers through configuring 150+ M365 Security Baselines.
Today’s Step: Strengthen your Customer’s Tenant
These 3 steps in the workflow can be executed independently or with a single click and will greatly strengthen a customer’s tenant.
- Assess Customer’s Current Status – Automates the expensive and lengthy audit project
- Navigate to Security Manager => Manage => Workflows
- Search for Assess and Apply Microsoft 365 Security Baselines
- Run the first command Get Microsoft 365 Security Baselines Report
Note: Unlike alternatives, there is no requirement for Defender
- Take Action – Configures 150+ Baseline Security Settings with automation
- Run First Step: Apply M365 Security Baselines
- This automates re-configuration of all settings to meet the highest possible recommended settings
- No customization required due to M365 license insufficiency. This step will simply skip and report on the settings which cannot be configured
- Update Action Plan – Many security compliance certificates require status of tenant security along with an action plan for known insufficiencies
- Run: Set M365 Secure Score Recommended Action Status
- Updates the status and action plan for baseline settings which are not met
- Any customized action plans will sync to M365
Security Baselines & the Costs of the Old-Fashioned Way
Top MSPs at a minimum strive to make sure their customers’ tenants adhere to recommended best practices across Microsoft Security Baselines.
Historically, this has been an arduous process to configure all of the baselines and to run an audit on them. Windows Defender has been a requirement in order to begin with some basics, but at a cost to the customer and their MSP. The licenses can be expensive, not to mention that a single audit project or baseline security improvement project can last months.
Managing the project if strengthening tenant security can be costly for MSPs. From a project management perspective, it is up to us to MSPs to customize a project plan for each customer. The project will evolve as you discover more about a customer’s environment, both because of what is not configured properly, but also because of their users’ needs and tenant’s capability.
From there, it is typically a massive undertaking to then configure those settings, and then to check again to make sure the settings took hold. And if a customer ever needs to provide an audit of their tenant’s security, this work may need to be repeated with little advanced notice, requiring an MSP to scramble to re-prioritize their own resources.
And these are just among a few of the challenges we hear from MSPs on the topic of securing the tenant.
Data Loss Prevention (DLP) is another key aspect of tenant security. For example: How can an MSP effectively prevent end users from disclosing sensitive information to unwanted parties? What sort of policies can and should be implemented against the tenant to protect end users from doing so?
The answer within Security Manager can be found within a collection of workflows called Microsoft 365 Security & Information Governance Configuration. This Collection includes commands and instructions to:
• Assess Microsoft 365 tenant security
• Configure Microsoft 365 tenant security
• Deploy data loss prevention (DLP)
• Create data retention policies and labels
And it all works in a manner consistent with the above steps for applying M365 Security Baselines. This is part of how Security Manager makes it easy to implement recommended settings for a customer across their entire tenant.
“A significant influence on our operations has been the implementation of various legislation and compliance requirements. These regulations have driven us to prioritize activities that align with the new standards, including our conversations with customers.”
Sean Erntzen, Managing Director at UK-based Impreza IT
Why Security Manager is Preferred for Tenant Security
Security Manager is designed specifically for MSPs delivering security management to their customers. Each dashboard and workflows were designed for MSP usage cases.
Overall, Security Manager brings the management of all of your customers into one place and provides you integration with the tools you need to maximize your visibility and rectify security risks.
For MSPs there are overhead to deliver security in a secure way. Manually configuring and tracking access points to all required tools often requires humans accessing each customer’s baseline tenants, a security risk in and of itself.
Security Manager removes the need for humans to be accessing tenants. The SkyKick platform is compliant with GDPR, SOC2, ISO 27001, and ISO 27701.
Often, customers requiring a level of security compliance are not necessarily required to conform to all security measures, but simply to be able to report on which ones they comply with, and the plan or reason for those which they do not.
The single workflow in this blog has 3 easy steps which can be run one at a time or with the click of a single button, for one or all of your customers. The first and third of these steps both deliver this visibility, regardless of a customer’s Microsoft licensing tier. This report automates a lengthy project for customers and MSP’s to simply take inventory and ability to provide this information to appropriate parties.
And it’s just one of many workflows included at your low subscription price for Security Manager.
MSPs who harness the power of Security Manager manage millions of end users today in a scalable and secure fashion. So whether you’re one of them or just getting started with Security Manager, we hope that strengthening M365 tenant security is helping you protect customers like never before before.