Governance Archives - Thrive https://thrivenextgen.com/category/governance/ NextGen Managed Services Provider Wed, 02 Apr 2025 15:36:57 +0000 en-US hourly 1 Technology Strategy and Governance: What Does Excellence Look Like https://thrivenextgen.com/technology-strategy-and-governance-what-does-excellence-look-like/ Mon, 07 Apr 2025 15:30:33 +0000 https://thrivenextgen.com/?p=28163 Businesses need a strong technology governance framework to remain competitive, secure, and efficient in today’s marketplace. But what does excellence in governance look like? Organizations that achieve excellence align their technology investments with strategic goals,…

The post Technology Strategy and Governance: What Does Excellence Look Like appeared first on Thrive.

]]>
Businesses need a strong technology governance framework to remain competitive, secure, and efficient in today’s marketplace. But what does excellence in governance look like? Organizations that achieve excellence align their technology investments with strategic goals, maintain robust security and compliance measures, and implement processes that promote accountability, agility, and innovation.

The Foundations of an Excellent Technology Strategy

A well-defined technology strategy provides a roadmap for leveraging IT to drive business success. A robust strategy will cover both current objectives and ways to adapt as new situations emerge:

  • Business Alignment: IT investments and initiatives should directly support business objectives, enabling growth, operational efficiency, and customer satisfaction.
  • Innovation and Agility: A forward-looking strategy incorporates emerging technologies such as AI, cloud computing, and automation to foster innovation and maintain a competitive edge.
  • Scalability and Flexibility: Organizations must ensure their IT infrastructure can scale to accommodate growth while remaining flexible to adapt to new opportunities and challenges.
  • Risk Management: Proactive identification and mitigation of risks, including cybersecurity threats, regulatory changes, and operational disruptions, are essential for sustainability.

Defining Governance Excellence

One way of looking at technology governance is that it focuses on how to execute the IT strategy in a secure, compliant, and efficient manner. Excellence in IT governance can be characterized by:
Clear Policies and Standards: Organizations should establish comprehensive IT policies that govern data management, security, procurement, and compliance.

  • Strong Leadership and Accountability: IT governance should be overseen by a dedicated team, including executives, IT leaders, and compliance officers, ensuring accountability across all levels.
  • Cybersecurity and Compliance: A robust governance framework includes proactive security measures, continuous monitoring, and adherence to industry regulations such as GDPR, HIPAA, or SOC 2.
  • Performance Monitoring and Continuous Improvement: Establishing key performance indicators (KPIs) and regularly assessing IT performance ensures continuous optimization and alignment with business needs.

How Thrive Can Help

Thrive enables organizations to achieve their strategic objectives by helping them define and execute technology strategy and governance. Thrive provides real-world experience and insights through a comprehensive suite of services:

  • Trusted Advisors: Thrive offers a variety of different types of consulting and engagement to meet you where you are and inform your overall IT approach. From current-state assessments to vCIO engagements, you can gain a deeper understanding of your IT teams, processes, and platforms and how to align them to your overall goals.
  • Strategic IT Planning: Thrive works closely with organizations to develop a tailored technology roadmap that drives innovation, scalability, and efficiency while helping organizations reach their business goals.
  • Security & Compliance Expertise: Thrive’s cybersecurity solutions, including endpoint detection and response, threat intelligence, and compliance support, help businesses stay ahead of evolving risks.
  • Managed IT Services: Thrive provides 24x7x365 monitoring, proactive support, and automation-driven IT management to ensure continuous operations and minimize downtime.
  • Cloud & Infrastructure Optimization: Thrive’s cloud solutions help organizations modernize legacy systems, optimize workloads, and enhance IT resilience.

By continuously evolving their strategies and governance models, companies can remain resilient and adaptable in an ever-changing technological landscape. Download our latest Mid-Market Guide to Microsoft 365 Governance for more information on how to get started.

Contact Thrive to learn more about how your business can confidently navigate the complexities of technology strategy and governance, ensuring a secure, scalable, and future-ready IT environment.

The post Technology Strategy and Governance: What Does Excellence Look Like appeared first on Thrive.

]]>
Why Technology Governance in Your Organization is More Important Than Ever https://thrivenextgen.com/why-technology-governance-in-your-organization-is-more-important-than-ever/ Wed, 19 Feb 2025 21:44:31 +0000 https://thrivenextgen.com/?p=27783 With the rise of remote and hybrid work, Bring Your Own Device (BYOD) policies, cybersecurity threats, data privacy concerns, and AI-based tools, businesses must establish clear guidelines for their employees’ technology usage. Without proper governance,…

The post Why Technology Governance in Your Organization is More Important Than Ever appeared first on Thrive.

]]>
With the rise of remote and hybrid work, Bring Your Own Device (BYOD) policies, cybersecurity threats, data privacy concerns, and AI-based tools, businesses must establish clear guidelines for their employees’ technology usage. Without proper governance, businesses expose themselves to security risks, compliance violations, and operational inefficiencies that can be costly.

The Importance of Technology Governance Policies

A well-defined policy on technology use ensures that employees, contractors, and other business stakeholders understand the rules and expectations for utilizing company systems, networks, and data. This includes:

  • Remote and hybrid work security guidelines
  • BYOD policies and security measures
  • Acceptable use of AI-based tools
  • Data privacy and compliance considerations
  • Consequences for policy violations

By implementing a clear governance strategy along with an Acceptable Use Policy, organizations can reduce security risks, protect sensitive data, and enhance operational efficiency.

The Cybersecurity and Compliance Risks

  • Mitigating Risks from Remote and Hybrid Work: Employees working outside the office increase the risk of data exposure and cyber threats. Organizations can implement security measures such as VPNs, multi-factor authentication, and encrypted communication to ensure secure remote work.
  • Securing Bring Your Own Device (BYOD) Policies: Personal devices introduce potential vulnerabilities into corporate networks. Establishing tight security policies for personal devices, such as endpoint protection and controlled access, helps mitigate these risks.
  • Managing AI-Based Tools and Their Implications: AI-powered tools can enhance productivity but also pose risks related to data security and ethical concerns. Organizations need guidelines on how AI tools can be used responsibly to prevent data leaks and biased decision-making.
  • Ensuring Compliance with Data Privacy Regulations: Businesses must comply with regulations like GDPR, HIPAA, and CCPA. Governing technology use ensures that data handling, storage, and sharing practices align with regulatory requirements, reducing the risk of legal consequences.
  • Protecting Against Cybersecurity Threats: Unauthorized software, malware, and phishing attacks can disrupt business operations. Clear technology usage policies minimize the chances of employees engaging in risky behaviors that could compromise security.

Best Practices for Effective Technology Governance

  • Develop Comprehensive Policies: Cover all aspects of technology use, including AI tools, remote access, and BYOD security.
  • Regularly Train Employees: Provide ongoing education on cybersecurity best practices and compliance requirements.
  • Continuously Update Policies: As technology evolves, governance policies should be reviewed and updated regularly.
  • Enforce Policies Consistently: Ensure that policies apply fairly to all employees and stakeholders.

Governing technology use within an organization has never been more critical. With remote and hybrid work not going anywhere, AI-powered tools growing in popularity, and increasing cyber threats, businesses must implement strong policies to protect their data, maintain compliance, and enhance security. Taking proactive steps in technology governance will help organizations adapt to modern challenges while maintaining a secure and efficient work environment.

Download Thrive’s Acceptable Use Policy template today to get started on implementing robust, company-wide data governance policies and privacy protocols that make safeguarding sensitive information a priority.

Contact Thrive today to learn more about establishing a clear technology governance policy because now is the time to take action. A secure and compliant workplace starts with well-defined guidelines that protect both the organization and its employees.

The post Why Technology Governance in Your Organization is More Important Than Ever appeared first on Thrive.

]]>
Microsoft Copilot Planning: Ensure a Successful Generative AI Deployment https://thrivenextgen.com/microsoft-copilot-planning-ensure-a-successful-generative-ai-deployment/ Wed, 22 May 2024 15:30:44 +0000 https://thrivenextgen.com/?p=26978 The introduction of generative AI has led to remarkable efficiency gains for professional teams across a variety of industries and job functions. At the forefront of this change is Microsoft’s Copilot – a Large Language…

The post Microsoft Copilot Planning: Ensure a Successful Generative AI Deployment appeared first on Thrive.

]]>
The introduction of generative AI has led to remarkable efficiency gains for professional teams across a variety of industries and job functions. At the forefront of this change is Microsoft’s Copilot – a Large Language Model (LLM) that has recently captured widespread attention. Microsoft Copilot is not merely a tool; it’s an AI assistant that is seamlessly integrated into various Microsoft 365 applications. Its capabilities extend far beyond traditional autocomplete features – it has the ability to retrieve and compile data to assist users in optimizing workflows. 

However, implementing such a powerful tool comes with a unique set of challenges and considerations. To fully leverage Copilot’s potential and minimize risks to your IT stack, thorough pre-deployment planning is essential.

Why Is Planning Necessary?

AI tools, like Copilot, promise increased efficiency company-wide, but they also present significant security, accuracy, and intellectual property considerations.

For example, Copilot’s effectiveness relies on access to extensive data, which can pose a potential security risk if exploited by malicious actors. Accuracy issues can arise from biases in algorithms and potential errors in generated content, highlighting the importance of human oversight for reliability. Additionally, intellectual property risks are raised by questions around ownership and attribution of AI-generated content, necessitating clear guidelines and protections to safeguard that information.

Proper pre-deployment planning ensures that AI tools are integrated into workflows responsibly and securely, enabling organizations to leverage their full potential without compromising security or integrity.

Preplanning for Copilot Implementation

Developing a comprehensive AI policy requires the consideration of multiple factors to ensure responsible and effective implementation within your organization. If you’re unsure where to start, here are some key guiding steps:

  • Assess Organizational Needs: Identify specific pain points and areas where Copilot can add value to your workflows.
  • Define Usage Guidelines: Establish clear guidelines on how Copilot will be used, including access controls and data privacy measures.
  • Address Ethical Considerations: Develop protocols to ensure fairness, transparency, and accountability in AI-generated outputs.
  • Training and Support: Provide comprehensive training and ongoing support to employees to facilitate a smooth adoption of Copilot.
How Thrive Can Help

At Thrive, we’ve compiled an expert-driven AI Policy Template that offers comprehensive support to organizations navigating the complexities of AI governance. Here’s how Thrive’s AI Policy Template can empower your organization:

  • Tailored AI Governance: Our AI Policy Template is specifically designed to address the unique challenges posed by generative AI technologies, like Copilot. It provides clear guidelines and frameworks for acceptable AI use, ensuring that organizations leverage AI tools responsibly and ethically.
  • Protection of Confidential Information and Intellectual Property: The template includes provisions to safeguard confidential information and intellectual property rights associated with AI-generated content.
  • Support for Workplace Culture: We prioritize the integration of AI technologies within existing workplace culture. Our AI Policy Template helps organizations foster company-wide practices that set expectations for safe practice.
  • Brand Integrity: The template ensures that AI-generated content aligns with organizational values and maintains consistency with brand messaging.

When deploying Microsoft’s Copilot, prioritizing safety and compliance is paramount to protecting sensitive employee and client information. Thrive’s team of AI experts provides support and insights tailored to your organization’s unique needs. By leveraging Thrive’s AI Policy Template Guide, organizations can unlock the full potential of Microsoft Copilot with confidence and security.

To begin the safe and responsible implementation of Microsoft’s Copilot and other AI tools alike, download our AI Policy Template Guide to take proactive steps in ensuring the ethical and compliant deployment of AI technologies within your organization, maximizing the benefits of AI innovation while mitigating potential risks effectively. Contact Thrive’s AI experts for personalized support, today!

The post Microsoft Copilot Planning: Ensure a Successful Generative AI Deployment appeared first on Thrive.

]]>
Focusing on Access Control Can Make Your Business More Secure https://thrivenextgen.com/focusing-on-access-control-can-make-your-business-more-secure/ Wed, 23 Mar 2022 13:48:50 +0000 https://thrivenextgen.com/?p=23728 If you are someone who gets stressed out easily by people having access to resources they shouldn’t, then you probably have heard much about how to keep your data and internal resources safe from external…

The post Focusing on Access Control Can Make Your Business More Secure appeared first on Thrive.

]]>
If you are someone who gets stressed out easily by people having access to resources they shouldn’t, then you probably have heard much about how to keep your data and internal resources safe from external threats. However, access control is much more than just cybersecurity; you also need to take into account the physical space when considering your access controls.

What is Access Control?

At the root of it, access control is all about restricting access to specific resources within your organization based on user or role. Certain users might be authorized to view specific information or be required to verify their identity before being allowed access. Basically, you must ask the network for permission before you are allowed onto it, and once the network has given you permission, you can access the resources located on it.

Access control can basically be split into two groups: digital or cyber access control and physical access control, both of which have benefits and different types of solutions available on the market today.

Cyber Access Control

Your business has parts of its infrastructure that should only be accessed by specific individuals. Some of the data included on these parts of your infrastructure might include employee data, applications, resources, financial records, and more. This information should only be accessed by specific individuals who need it for their day-to-day responsibilities. The logic for this is simple: the fewer people who have access to this data, the less likely you will experience a data breach. Access control tools can help to limit access to this data.

Physical Access Control

You might also want to keep specific individuals out of certain parts of your office, too. Physical access controls might involve key cards, code-guarded doors, or biometric scanners to keep intruders out of your office, or specific parts of it. For example, you might store sensitive records in a specific part of your office guarded by card readers or code-authorized doors. Even keeping the door locked can be an effective deterrent.

Get Started Today

We understand that security can make things complicated for your organization, but you need to take it seriously before it comes back to bite you. If you want to implement access control systems for your office, be they digital or physical, Thrive can help. To learn more, contact us today.

The post Focusing on Access Control Can Make Your Business More Secure appeared first on Thrive.

]]>
Balancing Security and Productivity in Microsoft 365 During Times of Crisis – Part 3 https://thrivenextgen.com/balancing-security-and-productivity-in-microsoft-365-during-times-of-crisis-part-3/ Tue, 09 Jun 2020 21:06:57 +0000 https://www.timlinenterprises.com/?p=1692 In the second blog of this series, we discussed how Access Reviews in Azure Active Directory (Azure AD) provides a guided review of a group of Microsoft 365 users to help determine if their continued…

The post Balancing Security and Productivity in Microsoft 365 During Times of Crisis – Part 3 appeared first on Thrive.

]]>
In the second blog of this series, we discussed how Access Reviews in Azure Active Directory (Azure AD) provides a guided review of a group of Microsoft 365 users to help determine if their continued access to tenant resources is required. The third and final tool designed to control and audit access to company resources is Privileged Identity Management (PIM). PIM works synergistically with the other tools to help keep a watchful eye on the collaboration space without impeding productivity.

In Part 3, we’ll discuss PIM in detail. This tool is designed to provide just-in-time escalation of permissions to ensure higher permission levels are only available when needed and can be applied with governance in mind.

Privileged Identity Management

Setting up Privileged Identity Management

PIM is designed to support a “least privileged” model by making granular roles available to users requiring elevated functionality. In addition, users with continuous excessive access are vulnerable in the event their account is compromised, so when not-needed users’ accounts have no extraneous permissions. When needed, a user simply requests elevation into a specific role that has been made available to them. Depending on configuration, the assignment is either automatic or requires approval and/or justification.

The first step in configuring PIM is selecting which roles should be available under which circumstances. This configuration is found under Identity Governance, in the Manage section, by selecting Roles. The Roles screen presents a large list of Roles along with a Description of the Role’s intended usage. The screen will also display how many users are currently Active in a Role and how many users are eligible to be activated in the role.

Selecting Roles

For example, suppose you want to allow an Administrative Assistant to occasionally reset passwords without involving a tenant Global Administrator. To set this up, click on the Helpdesk Administrator Role in the list, or use the search to filter the list. Selecting this Role will list all current assignments for that Role, including Eligible, Active, and Expired. Pressing the “Add assignments” button will begin the process.

Add Assignments

The first screen will show you the Role you have selected, with a link to select member(s) to assign to the role. Pressing the hyperlink under the Select member(s) will bring you to a search for all users within your tenant.

Assigning Roles

Select the user and press the Select button to add them to the list of members eligible for the Role. Selecting Next navigates to the Settings section, where you determine the Assignment type and durations. Leaving the type Eligible will require the user to request elevation when needed, which is the intention in this case. If you want the assignment to be limited in duration, such as covering an employee who is on leave or vacation, you can set dates for the start and end of the assignment by un-checking Permanently eligible and select dates. Selecting Assign will move that assignment into the Eligible list.

Role Settings

Additional settings can be applied to the Role by selecting the Settings button at the top of the Assignments screen for the Role.

Additional Role Settings

From this screen, there are many configuration options to allow for more granular control of how the escalation process is executed, including approval and notification options. 

The first section covers the Activation process itself. Here you can set a maximum duration for the escalation, require Azure MFA, justification, ticket information, or even approval. If requiring approval, you can select who provides the approval from this screen as well.

Activation Process

The next section covers Assignment, where you can decide if permanent Eligible assignments are allowed, permanent Active assignments, and whether justification and/or MFA is required for Active assignments.

Assignment

The final section provides rich configuration for Notifications to be sent regarding this process. Notifications can be enabled for when members are assigned eligible to the role, when they are assigned as Active to the role, and when eligible members activate the role. This last alert would trigger when escalation has occurred. Each section of notification includes three options: Role activation, Notification to requestor, and request for approval. All of these options are enabled by default, with default recipients being Admin, Requestor/assignee, and Approver. Additional recipients can be added for most notifications.

Notification Settings

Requesting Elevation

Once a role is configured to be available, a user can request escalation by going to Azure AD, navigating to the Identity Governance screen, and selecting “Activate Just In Time”. There, they will see all Roles for which they are eligible, and have the opportunity to request being assigned to that role. Pressing Activate will start the process to be added to the role.

Requesting Elevation

Depending on configuration there may be approval and / or justification needed for the assignment to be completed. They can also set a Duration, up to the configured maximum, for how long the assignment should be in effect. 

Requesting Elevation Part 2

Once completed, they will be in the Active roles section until the duration has been met, or they manually Deactivate the assignment.

Active Roles

Summary

Privileged Identity Management in Azure AD Identity Governance provides just-in-time elevation to targeted roles, helping to protect users’ accounts during normal usage, but providing an easy, governed method of escalating privileges when needed. As with the other facets of Identity Governance, PIM provides a healthy balance of productivity and security within the Microsoft 365 platform.

Need a refresher?

Revisit Part 1 and Part 2 of this blog series.

The post Balancing Security and Productivity in Microsoft 365 During Times of Crisis – Part 3 appeared first on Thrive.

]]>
Balancing Security and Productivity in Microsoft 365 During Times of Crisis – Part 2 https://thrivenextgen.com/balancing-security-and-productivity-in-microsoft-365-during-times-of-crisis-part-2/ Mon, 13 Apr 2020 19:31:21 +0000 https://www.timlinenterprises.com/?p=1611 In our first blog of this series, we discussed how entitlement management in Azure Active Directory (Azure AD) Identity Governance creates Access Packages to control the scope and duration of access to groups, applications, and…

The post Balancing Security and Productivity in Microsoft 365 During Times of Crisis – Part 2 appeared first on Thrive.

]]>
In our first blog of this series, we discussed how entitlement management in Azure Active Directory (Azure AD) Identity Governance creates Access Packages to control the scope and duration of access to groups, applications, and SharePoint sites. The two additional primary tools designed to control and audit access to company resources include Access Reviews and Privileged Identity Management. These three functions work synergistically to help keep a watchful eye on the collaboration space without impeding productivity.

In Part 2, we’ll discuss Access Reviews in detail. These are about auditing access to ensure previously-granted permissions are still appropriate and necessary.

Access Reviews

Setting up an Access Review

An Access Review is a scheduled, guided review of a group of Microsoft 365 users to help determine if their continued access to tenant resources is required. The review can be performed by multiple users and can be set to report on dispositions and, in some cases, automatically take action based on the dispositions set.

The first step of creating an Access Review is naming and describing its purpose. You will also set a start date and frequency if the intention is to perform the review periodically. Frequencies include weekly, monthly, quarterly, semi-annually, and annually. Occurrences can run indefinitely or can end by a specified date or after a number of occurrences. The review will also have an end date, after which the review will close and the “upon completion settings” will be applied.

Create an Access Review

Next, you determine who will be reviewed and who will be performing the review. The users to review can be Members of a Group or users Assigned to an Application on the tenant. Additionally, you can scope the review to include Guest users only or include all users. For Reviewers, you can select the Group’s owners, specific tenant users, or allow for self-review by the users. You can also associate the review with a Program (similar in concept to a Catalog for Access Packages) or choose the Default Program.

Select Users And Reviewers

Next, we’ll set the “Upon completion settings,” which determine the action to take when the end date of the review is reached. The first choice is whether or not you’d like to auto-apply the results. With this setting enabled, any user whose disposition is to Deny access will automatically have their access removed upon the completion of the review. The second option is to determine what actions to take if reviewers don’t respond. These options include “No change,” “Remove access,” “Approve access,” or “Take recommendations.” The last option is based on Azure AD’s auto-set recommendations, which are primarily based on the last time the reviewed user utilized the system.

The final settings, under Advanced, include options to Show recommendations, Require a reason on approval, Mail notifications, and send Reminders to reviewers. All are currently enabled by default.

Settings

At this point, we are ready to start the review process. After pressing the Start button, the new Access Review will be added to the Access Reviews section within the Identity Governance module. The listing will include the name, the resource being reviewed, the status, and when it was created. 

Starting the Access Review

Clicking on the review will show an overview of the settings as well as a chart showing the status of the resources being reviewed. There are also pages to view the Results and the Reviewers. You can even send automated reminders for individual reviewers with the press of a button.

Performing a User Access Review

If the Mail Notifications option was set to Enabled, reviewers should receive an email with a link to begin their review. The email will have a hyperlinked button to take the user directly to the review page.

Review Request

The Review page will show all relevant information, including who requested the review, when it is due by, the names of any other reviewers, and the progress made so far. It will also list each Resource being reviewed with their name, email address, Access Info (statement about whether they have recently logged in), and a recommended Action.

Team Review

This list of users can be filtered based on Status (Reviewed, Not Yet Reviewed, All), Recommendation (Approve, Deny, All), or Action (Approved, Denied, Don’t Know, All). The reviewer can click on a single source to review or multi-select resources using the checkboxes, then press the “Review n user(s)” button. Reviewing resources opens a dialog with options for the disposition and comments. Actions can be Approve, Deny, or Don’t Know. The recommended action will be highlighted already. Don’t Know is useful if there are other reviewers who may have more insight or knowledge of the resource being reviewed. 

Approve or Deny

Although all Resources may have been reviewed, the Access Review will stay open until its end date has been reached to allow for changes or other reviewers to provide input. If desired, a review can be manually stopped so action can be taken. This can be done by the user who originally set up the review using the Access Review overview screen. At that time, the actions will be automatically applied if the “Upon completion” setting’s “auto apply results to resource” is enabled, or the Apply Results button can be pressed if not. 

The results of the review can be reviewed in the Results section of the Access Review.

Results Section

Summary

Access Reviews in Azure AD Identity Governance provide a simple, consistent, and governed method of reviewing and controlling access to company tenant resources. By combining Access Reviews with Access Packages, administrators can tightly control who has access to which resources and ensure they retain the appropriate access only as long as required, all while maintaining agility and simplicity for users.    

Next up: Privileged Identity Management. Configure just-in-time role escalation to implement a least-privileged security model for day-to-day operations while providing a rapid but governed path to escalated roles as required. Stay tuned!

The post Balancing Security and Productivity in Microsoft 365 During Times of Crisis – Part 2 appeared first on Thrive.

]]>
Balancing Security and Productivity in Microsoft 365 During Times of Crisis – Part 1 https://thrivenextgen.com/balancing-security-and-productivity-in-microsoft-365-during-times-of-crisis-part-1/ Thu, 02 Apr 2020 21:21:01 +0000 https://www.timlinenterprises.com/?p=1588 How Azure Active Directory (Azure AD) Identity Governance can assist your organization in responding quickly to new collaboration needs while maintaining security and governance.  The sudden onset of the COVID-19 pandemic sent much of the world into…

The post Balancing Security and Productivity in Microsoft 365 During Times of Crisis – Part 1 appeared first on Thrive.

]]>
How Azure Active Directory (Azure AD) Identity Governance can assist your organization in responding quickly to new collaboration needs while maintaining security and governance. 

The sudden onset of the COVID-19 pandemic sent much of the world into a frenzy. With businesses concerned for the safety and wellbeing of their employees and customers, and many governments strongly advising social distancing, the need to ramp-up the remote workforce went from a distant goal to a top priority almost overnight. One of the many groups greatly impacted by this new priority is the group of people responsible for collaboration platforms such as Microsoft 365. The need to quickly enable remote workers has made it seem necessary for many groups to ignore or postpone best practices and security considerations in favor of business continuityAzure AD’s Identity Governance is one set of tools designed to help strike the balance between security and productivity, enabling quick turnaround on required resources while providing checks and balances to mitigate risk.

What is Azure AD Identity Governance? 

Simply put, Azure AD Identity Governance is about “ensuring the right people have the right access at the right time.” More specifically, it is a set of 3 primary tools designed to control and audit access to company resources.   

Entitlement Management is about creating Access Packages to control the scope and duration of access to groups, applications, and SharePoint sites.    

Access Reviews are about auditing access to ensure previously granted permissions are still appropriate and necessary. 

Privileged Identity Management covers the just-in-time elevation of tightly scoped roles to allow users to perform privileged operations when needed while maintaining lower permission levels during their day-to-day job functions.   

These three functions work synergistically to help keep a watchful eye on the collaboration space without impeding productivity. Part 1 of this series will cover Entitlement Management in detail.   

Entitlement Management 

Setting up an Access Package 

The key component of Entitlement Management is the creation of “Access Packages”.  An Access Package is a collection of resources that users can be granted or request access to. Unlike simply adding users directly to Groups, these packages can control the duration, approval process, and periodic reviews of those assignments.   

The first step of creating an Access Package is naming and describing its purpose.  You can also create “Catalogs” to group multiple packages and delegate the administration of them to the appropriate users.

First steps of setting up Access Package.

 

Next, you determine the Resource Roles that will be part of this package. It can be a combination of Groups/Teams, Applications, and SharePoint sites. In this case, we will grant access to the “COVID-19 Response Team” team in the Member role.

Determining Resource Roles

We’ll then move onto the Request process. Since this team may be made up of external collaborators who are unknown at this time, we’ll select “For users not in your directory”, and we’ll allow “All users (All connected organizations + any new external users)” to request access. 

Request Process

Since we are allowing as of yet unknown external users, we must require approval (other settings allow you to disable approval). We will set a specific user to provide approval, ensure a decision is made within 2 days, and force both the requestor and the approver to provide a justification for the access. We’ll enable this access request when we are ready to start requesting access.

Approval Process

Next, we will set the lifecycle of the access being provided. In this case, we will allow for 30 days of access, with the ability to request an extension (which also requires approval). If this was a longer duration or did not expire, we could also tie access to an Access Review, which we’ll cover later.

Expiration Settings

The last page will show a summary of all the choices to allow you to make any desired changes before creating the package.  

Once the package is created, the browser will display a list of all Access Packages the current user has access to. From here, you can use the ellipsis to copy the link used to request access. This link can be emailed, put on a public site, or shared in any other traditional way.

Final Review

Requesting Access

To request access via an Access Package, a user can use the link generated during the creation process. Once they sign in to the 365 tenant, they will be presented details of the access being requested. The user would then select the package and push the “request access” button. 

Requesting Access

From there, because we require justification, the user will be presented an area to provide the reason they are requesting access.

Justification Requirement

They will receive confirmation that their request was submitted.

Request Confirmation

Approving Access

After requesting access, the Approver will receive an Email with actions to Approve or Deny the request, and a summary of the information about the request. 

Approval Process

Pressing the Approve or deny request button takes you to an Approvals page where you can approve or deny and provide the required justification. 

Approve or Deny

Now that the request has been approved, the user should have access to the Team as a Member.  When the expiration date is reached in 30 days, that access will be revoked unless an extension is requested. 

Summary

Entitlement Management using Access Packages is a great way to govern access to resources such as Teams, SharePoint sites, and Applications, especially when external users are involved or the context of the access is limited to a specific timeframe. Users can request access as needed, owners can be empowered to grant access on demand, and removal of access can be automated to prevent lingering exposure of company information.  

Next up: Access Reviews

Configure periodic, guided reviews of access to resources with suggestions based on login activity and automated resolution based on dispositions. 

 

The post Balancing Security and Productivity in Microsoft 365 During Times of Crisis – Part 1 appeared first on Thrive.

]]>
How To Avoid Chaos By Following An Office 365 Governance Plan https://thrivenextgen.com/follow-office365-governance-plan/ https://thrivenextgen.com/follow-office365-governance-plan/#respond Wed, 27 Feb 2019 19:12:47 +0000 https://www.timlinenterprises.com/?p=1071 Office 365 has over 30 different applications. While you may not use all of them, failure to implement some level of governance for your critical and frequently used applications and lead to chaos — and…

The post How To Avoid Chaos By Following An Office 365 Governance Plan appeared first on Thrive.

]]>
avoid chaos with a governance plan

Office 365 has over 30 different applications. While you may not use all of them, failure to implement some level of governance for your critical and frequently used applications and lead to chaos — and a lot of trouble to unwind down the road.  The following are just some of the pain points that are likely to arise when you don’t follow a governance plan:

  • Symptom 1: Users can’t find information, use outdated materials, and don’t know where to put company documentation and materials.
  • Symptom 2: You can’t get anyone to use the tools, or you don’t know what they’re using
  • Symptom 3: You stumble on data that is being shared with unknown outside accounts
  • Symptom 4: You get a lot of phishing emails, and are very concerned about private data escaping
  • Symptom 5: When the IT person who managed your Intranet left the company, everything just stopped getting used
  • Symptom 6: You don’t know what these tools are good for within your organization
  • Symptom 7: The features are always changing and you’re not sure when and how to stay on top of it
  • Symptom 8: You struggle with Shadow IT

Have you encountered any of the above issues?

These problems arise when you have organic growth and use.  Content, data collections, teams, sites, folders, permissions, etc. are created, used, and shared at the discretion of most or all end users.  Little to no information architecture has been completed.  Business users lack awareness in the capabilities, so they only use a small fraction of the features or none at all.  There’s a strong need for alignment.

Establishing and executing a governance strategy enables organizations to:

  • Understand and close the gap on corporate policies relative to the technology available that can break or help follow those policies
  • Align the configuring and security of the technology and tools to align with corporate policies
  • Provide guidance to the organization regarding how these tools can help solve real-world business problems in an IT-supported manner
  • Bring a group of people together to help define and follow objectives that marry the technology to the needs of the business
  • Define specific training opportunities and requirements
  • Understand the type of internal support needed for these tools
  • Maintain a process to continuous improvement by meeting regularly to discuss how to adjust to the changing needs of the business along with the changing capabilities of the tools that serve it.
  • Remove IT as a single point of failure and single “owner” of the technology.

What do you ACTUALLY need to Govern?

Not everything needs governance, some tools are pretty specific and relatively independent.  It certainly depends on how your organization runs culturally, but the following are the common tools and applications that are often cross-used enough to require governance:

  • Microsoft Teams
  • Intranet (not an application, but common use of the tools)
  • SharePoint
  • Planner
  • OneDrive
  • OneNote

It’s important to keep in mind that one of the main goals of governance is to drive user adoption, predictable usage, and trust in the IT department to serve the business.  These factors will drastically help cut down on Shadow IT and the unsanctioned and unsupported use of external tools and sharing of organizational IP.

Microsoft Teams

Teams is new on the scene but is being adopted faster than any other new Microsoft product I’ve ever seen. This is good and bad news for those of us trying to help ensure proper long-term use of such applications.  The tendency for early sprawl is very high, and without a history of experience to rely on, it makes proactive governance more difficult for this type of application.

However, there are governance plans that will help with Teams.  The process is generally the same as the other tools or applications, but you need to understand what Teams is capable of offering so that you can understand what questions to ask to ensure proper guidance.

Teams governance should conclude with an understanding of how you agree your organization will start using Teams, but not necessarily how they will be using it down the road.  You want to understand configuration, naming conventions, permissions, content, lifecycles, sharing, training, support, guidance, and administration.  You also want to know which folks on your team(s) will be responsible for helping to support this plan tactically.

Intranet

Your intranet is your place to disseminate important company information in an organized and “findable” manner.  It makes sense to understand the needs of different departments, ensure they have the training and understanding to follow the process, and the diligence to follow-through on the plan.  Having an agreement and guidance on the type and location of content from multiple stakeholders, and plan to ensure the intranet does not become stale is critical to its long-term success.

Intranets tend to be a cultural phenomenon as opposed to a technical masterpiece.  User Adoption is the primary goal of this type of application.  Keep that in mind as you envision your organization’s needs over time.  The best intranets are the ones where people need to use them to find information.  If you don’t really need one, consider using Microsoft Teams as a quasi-Intranet instead.  Any movement away from using Email as storage mechanism for corporate knowledge and data is a good thing.

SharePoint

SharePoint has had a bad rap over the years because it’s essentially just a platform and set of services.  It doesn’t solve a whole bunch of problems by itself.  It’s not the dining room table and chairs, it’s a pile of lumber and set of nice power tools.  Most people hammer together a couple of 2x4s and then say “SharePoint sucks”, I should have just bought a table and chairs.  Having worked on this platform for over 12 years, I completely understand.  I will offer the counter-point with a Governance spin:

The beauty of SharePoint is that the pile of lumber and tools can make almost anything, but we need to think about what we really need, can build, use, and support.  It’s generally our own fault when our SharePoint implementation fails.  The key is to understand what clearly identified and agreed upon problem is being solved, before planning the build out, use, and support for it.

Governance forces us to ask for what we intend to use technology, and how we plan to use and maintain it.  If we want to use SharePoint for project management, we would create a strategy for naming conventions, permissions, templates, data contained within these sites, their lifecycle and archival plan, ownership, and more.  Most importantly, the governance team would agree to monitor, adjust, and enforce decisions that drive the guided user adoption as intended.

Planner / OneDrive / OneNote

I bundle these three together not because they don’t deserve their own attention, but because of the somewhat more fluid and individual nature of their use.  Planner could definitely have a more guided strategy if teams have expectations around how a board is built and used, but there is a lot of freedom in these particular applications.

Governance around these tools is generally kept at the policy, security, sharing, and training level because restricting how someone takes notes is not the control we want to achieve.  However, guidance for the type of data stored in OneDrive versus a Team or SharePoint site makes a lot of sense.  Knowing that a OneDrive repository will eventually be deleted after an employee departs means that data stored there needs to be user-based, not team-owned.

OneNote can be used as an agreed upon source for certain collaboration tasks within Teams and Sites, with a predictable format of naming conventions for notebooks, sections, and pages, but also allowing for the individual/personal use of these tools in whatever manner suits the employees.

Each application has some elements that can and should be governed while opening up the other aspects for freedom of use.  The key is awareness and training to help business users understand what the tools can do for them.

Build It And They Will Come

Governance does not have to be a multi-month, drawn-out project. In these cases, most organizations will abandon the effort before the go-live date.

Instead, Governance should involve some initial up-front effort, and then a small and consistent (habit-forming) commitment to making minor modifications moving forward. Just like anything else, once the system is built for ongoing success and is well understood, the torch can be passed to other folks on the team to continue the process.

Start small, don’t worry too much about backing yourselves into a corner. Meeting on a regular basis with your governance committee and other stakeholders to discuss the usage and guidance will allow you to make course corrections based on critical feedback from your user base.

Instead of building something without the user in mind, a governance plan allows the process to be intentional and deliberate, as it reinforces to those users that you are there for long-haul to continue the digital transformation journey.


The post How To Avoid Chaos By Following An Office 365 Governance Plan appeared first on Thrive.

]]>
https://thrivenextgen.com/follow-office365-governance-plan/feed/ 0
Top 10 Reasons You Need an Office 365 Center of Excellence https://thrivenextgen.com/top-10-reasons-you-need-a-managed-office-365-sharepoint-center-of-excellence-coe/ https://thrivenextgen.com/top-10-reasons-you-need-a-managed-office-365-sharepoint-center-of-excellence-coe/#respond Wed, 13 Jun 2018 04:59:21 +0000 https://timlinenter.wpengine.com/top-10-reasons-you-need-a-managed-office-365-sharepoint-center-of-excellence-coe/ Adopting and using Office 365 is a big investment and enabling and sustaining the capabilities of the Office 365 platform can be challenging even for the largest organization. Just maintaining deep knowledge on the entire…

The post Top 10 Reasons You Need an Office 365 Center of Excellence appeared first on Thrive.

]]>
Adopting and using Office 365 is a big investment and enabling and sustaining the capabilities of the Office 365 platform can be challenging even for the largest organization. Just maintaining deep knowledge on the entire platform and understanding the implications of each tool and every enhancement on your environment alone can be daunting. It’s why taking the “if you build it they will come” approach to Office 365 is simply destined for failure.

“Just maintaining deep knowledge on the entire platform and understanding the implications of each tool and every enhancement on your environment alone can be daunting”

One proven solution to maximizing and sustaining your Office 365 and SharePoint solutions is to adopt a managed, Center of Excellence approach. Let’s explore the common challenges of companies with Office 365 and SharePoint solutions and how a Center of Excellence can remedy them.

  1. You struggle with user adoption or see other colleagues struggling to understand the value of Office 365. Users will not flock to the higher value features of Office 365 without training and support. They can send emails and use online file shares on their own, but social content, publishing, project management, document management, business automation, business intelligence, and a lot more, need support from skilled personnel.
  2. You know you need a broader Vision, Roadmap, and Plan. A plan is required to provide the platform tools, but there are a lot of moving parts required to effectively launch, train, and support your end users for an effective set of capabilities.
  3. You know there is a lot of capability in those menu items, but you don’t really know what they do or how to use them effectively. Office 365 is a big platform – it’s Microsoft Teams, Project Online, Planner, SharePoint & SharePoint Online, OneDrive, Exchange, PowerBI, Flow, Yammer, and PowerApps and more – and it takes dedication by multiple people to truly understand all the functionality. There is a lot of value to be gained with the right people to help you understand and leverage it.
  4. You need help with Governance & Communication strategies. Governance is a difficult undertaking for many organizations. You see the value in bringing in a partner that has experience in helping organizations understand how to undertake envisioning of key, strategic elements of platforms this large. A partner with a process and set of questions ready to hit the ground running will save you a lot of time.
  5. You can’t keep up with all the enhancements. Microsoft is releasing changes to the Office 365 platform at a brisk pace. Keeping up with the features in your tenant, applications, and the impact they have on your end users can be difficult to manage. You need someone who not only is abreast of all of the enhancements but also knows your deployment and is accustomed to reviewing your administration center, identifying the key information, and working within a framework to communicate the updates to you and your team.
  6. You need Training that is specific to your policies, guidelines, and intended use of Office 365. Generic training falls short when you’ve spent the time to deliver and support Office 365 in a way that works best for your users. You don’t want all that effort to be wasted with “one size fits all” training. You want to guide your users down the path you have built for them.
  7. You have varying needs that can be difficult to forecast. You may need architecture, development, analysis, or troubleshooting at various times. You also may not understand the best way to solve a problem because you don’t have the experience in-house to understand the depth of all the features available to you.
  8. Your IT Department wants to focus on solutions, projects, and innovation, not training and support. Time spent supporting user requests takes employees away from other priority work. Ad hoc responses and supporting users is critical, but it’s not what every IT expert or Business Analyst wants from their career. Keep your people happy and engaged in doing the work they enjoy that provides value to your organization. Delegate the rest.
  9. You need elasticity in your team. Sometimes you need more help for small projects, sometimes you need less. Many times, you have two critical issues or projects, and it’s difficult to triage. Employees go on vacation and many prefer not to be on-call. A small cost to provide around the clock SLAs may be highly valuable to your organization.
  10. You don’t have a full-time employee with enough skills across the platform.  Between a variety of skills (Business Analyst, Developer, Architect, Support Engineer, Workflow Specialist, Information Rights Guru, etc.) it is simply too difficult to have a single person or team fractionally available that knows you, your organization, and Office 365. It’s much more valuable and cost-effective to set this up as a service.

Learn more about the Center of Excellence framework by downloading our free whitepaper here.

The post Top 10 Reasons You Need an Office 365 Center of Excellence appeared first on Thrive.

]]>
https://thrivenextgen.com/top-10-reasons-you-need-a-managed-office-365-sharepoint-center-of-excellence-coe/feed/ 0