Microsoft 365 has outgrown manual configuration management:
It’s not unusual for a large organization to have over 250,000 unique tenant configurations. This is more configurations than the number of minutes in a working year (175,200 minutes).
The word “configuration” doesn’t scream significance. It sounds technical, obscure, and mundane. And yet, configurations are the only thing standing between the world as we know it, and complete chaos.
A single misconfiguration could lock your whole business out of your tenant, expose you to a devastating cyber-attack, or even lead to downtime across a global supply chain (see CrowdStrike Bug 2024).
With so much at stake it’s astonishing that Microsoft 365 configuration remains a time consuming, error prone, manual process.
This is why CoreView has introduced Configuration Management for Microsoft 365.
Configuration Management for Microsoft 365 Defined:
Microsoft 365 Security and Governance starts with Configuration Management.
With 99% of attacks being traced back to human errors and misconfigurations, and 99% of cloud misconfigurations going undetected, it is critical to prioritize mature configuration management processes to secure your Microsoft 365 environment.
Mature Configuration Management for Microsoft 365 means:
- Mature Configuration Change Management
- Backing up Tenant Configurations for Disaster Recovery
- Monitoring Microsoft Configurations for Changes
- Keeping an Audit of Configuration Changes
Mature Configuration Change Management for Microsoft 365
It is not unusual for Microsoft customers to accidentally misconfigure their tenant. Some misconfigurations are loud and obvious (for example a misconfigured conditional access policy locking all users out of the tenant),. Some are quiet and remain under the radar until they are exposed (for example, a misconfigured defender policy creating security gaps).
Regardless of the experience, every customer we speak to wants to find misconfigurations before they are deployed into their production tenant.
This is where Configuration Change Management comes in. In fact, even Microsoft recommend that:
“…alterations to the intended configuration of a Microsoft Entra tenant are subject to robust change management processes.”
To enable this, organizations must create dev and test tenants to test configuration changes before they are deployed in production.
However, creating distinct Entra tenants with consistent configurations is practically impossible with Microsoft’s native tooling, leaving organizations with no way to practice mature configuration change management.
Backing Up Tenant Configurations for Disaster Recovery
Another key component for mature configuration management is the ability to backup and restore configurations.
For decades businesses have been faithfully backing up their data to ensure rapid recovery in the event of a disaster. But in 2024, Microsoft 365 organizations are experiencing firsthand that this is not sufficient.
In the event your tenant is encrypted or its configurations are completely altered or deleted, you will need to be able to rebuild your tenant fast.
Quite often, organizations facing this challenge have to go through the mind-numbing task of reconfiguring their tenant piece by piece. With 5,000+ configuration types and over one million unique configurations in the largest tenants, an organization that relies on Microsoft 365 for its day-to-day business operations may not survive the time it takes to rebuild their tenant.
Despite this, there are no solutions on the market today that enable you backup and restore your tenant configurations.
Monitoring Microsoft Configurations for Changes
Major compliance and regulation mandates like NIST, CMMC, CIS, and HIPAA now have requirements to monitor your configurations for unauthorized changes.
Given the sensitivity of configurations in Entra ID, Defender, and Intune, it’s no surprise that large organizations often try to manually monitor configurations for changes, despite the mind-numbing nature of the work.
The challenge for Microsoft 365 customers is that no matter how absurdly intensive the process is, misconfigurations are amongst the leading contributors to cyber attacks, forcing them to take action, however laborious.
Keeping an Audit of Configuration Changes
Finally, for similar reasons, keeping an audit of configuration changes is necessary for both audits and incident response.
Given the incredible power of conditional access, privilege management, and Defender configurations, it is inconceivable that admins should be allowed to alter these without these changes being audited and saved for future reference.
However, Microsoft’s native capabilities simply do not make this practical.
Dedicated Configuration Tools for Microsoft 365
Despite how critical each of these requirements is, delivering on them natively in Microsoft 365 is practically impossible.
This is why CoreView now offers configuration control through our Microsoft 365 Configuration Management tool, Simeon Cloud.
With Simeon Cloud, you can deliver best-practice configuration management—whether that’s deploying consistent configurations across dev, test, and prod tenants to enable configuration change management, backing up and restoring configurations for disaster scenarios, identifying configuration drift, and auditing how configurations change over time.
All of this is automated and streamlined for an effortless experience.
Source: https://www.coreview.com/blog/configuration-management-for-m365-governance