Looking for Improvement in 2022
We can all improve the way we work, our experience, knowledge about the technology we work with and the tools that can make tasks easier. Sure, it takes effort to change things and acquire knowledge, but if that effort focuses on potentially high-impact areas, it’s worth going after. To get your creative juices going, I list five areas I think Microsoft 365 tenant administrators should consider investing time and effort in during the coming year. Because they’re important, the probability is that you’ve already mastered one or more areas. That’s OK, because there are many other places across the ecosystem in which to invest time. Let’s get into my list for 2022.
Increase the Use of Multi-Factor Authentication and Conditional Access Policies
Security is my number one concern. We live and work in a world of evolving and ongoing threat and that’s not going to change in 2022. The removal of basic authentication for multiple Exchange Online connectivity protocols in October 2022 will help. It will force people to use modern authentication to access their email. We can do more by increasing the percentage of accounts protected by multi-factor authentication (MFA), a step that will stop 99.9% of password attacks. There’s really no excuse for not using MFA to protect administrative and other categories of user accounts, including those used by executives which might be the target for business compromise email attacks.
To back up the extra protection afforded by MFA, you should deploy conditional access policies. These policies kick in to evaluate connections after successful authentication to stop people accessing applications and data in unsafe circumstances. Conditional access policies require Azure AD Premium P1 licenses. Normally, I hesitate to recommend extra cost, but conditional access policies are so important that they’re worth spending more.
Exploit Audit Data
The Microsoft 365 apps generate a staggering amount of audit data. Azure AD controls some data of interest, but most ends up in the Office 365 (or “unified”) audit log, which ingests over 1,500 different events from multiple workloads, including Azure AD. Audit data is available for up for 365 days (for accounts with Office 365 E5 licenses) or 90 days (for Office 365 E3). Ingestion isn’t immediate, and it can take up to an hour before an audit event is available. Once the data is there, administrators can interrogate the audit log with PowerShell or using the Audit Log search in the Microsoft 365 compliance center. In addition, the audit log is the source of data used by other tools such as Microsoft Sentinel, alert policies, and Microsoft Defender for Cloud App Security.
Audit data can answer “who did that” questions like “who edited that document” or “who deleted that group.” The data is a rich vein of essential information ready to be exploited by tenant administrators. Unfortunately, the out of the box tools are not as flexible and powerful as they should be, and Microsoft obscures some important data in the body of audit records. Even so, the data is there to be interrogated, analyzed, and reported upon – if you know how to do so with PowerShell. Many organizations extract audit data daily to import it into an external repository like Splunk. It really doesn’t matter how you extract value from the audit data – just resolve to make more use of this valuable data in 2022.
Become More Accomplished in PowerShell
Despite its obvious usefulness, it continues to amaze me that some tenant administrators don’t know how to use PowerShell or know only how to run the simplest commands. Although Microsoft emphasizes the Microsoft Graph APIs as the primary programming interface, PowerShell is a tremendous tool in the hands of tenant administrators, if they only know how to exploit the tool.
For 2022, my resolution is to continue to improve my knowledge of how to use PowerShell. Over the last few years, I have learned how to use Graph API commands in scripts, improved the quality of my code, and investigated the use of PowerShell with different Microsoft 365 workloads. I expect to do more work with the Microsoft Graph SDK for PowerShell, especially to track how Microsoft solves some of the current difficulties apparent in the SDK. I also anticipate using PowerShell to probe the darker corners of Microsoft 365. It’s been one of my go-to tools to find out how things really work since Office 365 came along in 2011.
Explore Power Platform
Microsoft is pouring development effort into the Power Platform. Using the platform is not quite a matter of code-free or code-less development, but there’s no doubt that Power Platform enables people who wouldn’t normally write code to get an awful lot done. A quick scan of the internet reveals the existence of hundreds of templates and articles describing how to accomplish tasks from sending email to creating meetings and posting to a Teams channel. I prefer PowerShell myself, but I understand how blunt and unwelcoming PowerShell can be to a novice. For those folks, Power Apps, Power BI, and Power Automate is an easier way to develop solutions.
Expand Personal Knowledge to Cover More of the Ecosystem
Microsoft 365 spans multiple areas of technology which keep on evolving and changing. It’s a challenge to keep track of what’s happening in the major workloads (Exchange Online, SharePoint Online and OneDrive for Business, and Teams) without attempting to dive deep into other components. However, because Microsoft 365 workloads intermingle and have dependencies on other technology, the more you know about how the complete ecosystem works, the more effective you’ll be.
Do yourself a favor and select one other part of Microsoft 365 that you don’t know well today and vow to master it by the end of 2022. Or at least, become competent and understand how the technology works. Do yourself a favor and select one other part of Microsoft 365 that you don’t know well today and vow to master it by the end of 2022. Or at least, become competent and understand how the technology works. It might be a question of doing a deep dive into an aspect of the current tenant configuration, like optimizing licenses in terms of mix and management (especially as Microsoft will increase license prices in March), or figuring how out to make Teams work better. You could also explore extending what you have today and consider whether solutions like Viva Topics, Viva Learning, SharePoint Syntex, or Microsoft Sentinel can add any value to the business. Whatever you do, it should help you understand Microsoft 365 better.
And A Resolution for On-Premises Administrators
I don’t have any on-premises Exchange or SharePoint servers anymore. I therefore can only suggest that on-premises server administrators resolve to do a better job of applying security and code updates after their release by Microsoft. 2022 didn’t start well for the on-premises community the malware engine update fiasco. 2021 featured a series of attacks on servers like the Hafnium affair to exploit known vulnerabilities (including patched issues). What was surprising was the number of unpatched and unmanaged servers connected to the internet, including servers used in hybrid environments.
Instead of complaining about Microsoft’s inability to create software to remove the last on-premises Exchange server, let’s all try and do a better job of applying updates in the new year by applying security patches and cumulative updates within a week of their release. It can only help and it’s something that local administrators control.
Keep Moving Forward
Over 40 years of work in IT, my observation is that those who move forward and stay abreast of technology are more successful than those who don’t. Anecdotally, COBOL programmers are scarce and demand high rates, there are many other now-antiquated disciplines that aren’t so lucrative. All of which means that it’s wise to keep on improving your knowledge, experience, and breadth. Have fun in 2022!