The best way to extend and secure large installations of Office 365 (now Microsoft 365).

While cloud computing is certainly a game-changing technology for businesses, some confusion remains when it comes to security. Many business owners are unaware that they are responsible for cloud security and leave it to their IT team to implement security measures while managing access and permissions, workspace and website creation, and other important tasks.

This is especially difficult for those managing multi-tenant Microsoft 365 environments. In short, where does the buck stop? With Azure, Microsoft, the multi-tenant provider (in the case of an MSP) or the individual company? Coby Liang, CTO SaaS Management at SaaS and data management platform provider AvePoint, recently joined us to discuss business options.

Cloud security is your responsibility

M365 handles massive amounts of business-critical information on a daily basis in the form of emails, documents, spreadsheets and the like, which need to be adequately protected to ensure they are backed up and recoverable.

Many mistakenly assume that cloud providers protect their users’ data and operational integrity as part of their service offering. The truth is, while the cyber and physical defenses surrounding an Azure data center are impressive, those defenses are in place to protect your data from power outages, bad patches, and natural disasters – not yourself.

If you become a victim of cybercrime, regulatory missteps, or even human error, you could lose data or even revenue while you work on recovery. For this reason, many cloud providers encourage users to invest in a third-party solution that extends this native protection to optimize recovery and ensure business resiliency.


The stakes are even higher for multi-tenancy organizations such as MSPs, or companies that operate in separate departments or divisions, such as companies with international offices or companies that have grown through mergers and acquisitions. For these types of organizations, security, account management, and oversight are generally combined into one big melting pot that local admins must manage. When admins juggle so much, security can fall by the wayside and environments can remain vulnerable.

Cloud security pain points for multi-tenancy organizations

While access to your collaboration environment can be secured and encrypted (it’s also easy to add a single sign-on feature or multi-factor authentication), there aren’t too many native security features suitable for multi-tenant organizations . The ethos of M365 is that it’s enterprise-wide and has at least the potential for cross-functional, multinational work. It is a challenge for admins to create separate account scopes for multi-tenancy where data simply needs to be kept separate.

In large organizations, data protection and security is highly complex for many more reasons than the possibility of hacking. For example, sensitive information should only be accessible to those who have the appropriate permissions. Certain data should only exist in certain places, which of course makes collaboration – or rather secure collaboration – very problematic.

It is precisely this situation, Coby told us, that is leading to a new breed of shadow IT: people will use the closest possible tools to get a cross-departmental job done, regardless of security concerns or data governance.

For MSPs, full data segregation is a must. Customer information, workspaces, entire environments must be kept in clearly delimited areas. At the same time, MSP administrators need to monitor all of their tenants’ operations and data to gain their own insight into what’s happening across the organization.


Delegated administration secures the environment and relieves central IT

Access rights control is at the heart of the problems faced by multi-campus organizations and MSPs. Solutions like AvePoint’s Elements platform can layer security systems that can, for example, close or isolate accounts in just seconds, while providing a wide range of management capabilities for multi-tenant environments.

In fact, Coby explains that the ideal model for permissions policies (and security policies in general) is one of delegation, as it frees your global admins from routine, day-to-day tasks and allows them to focus on securing and controlling your collaborative environment .

“AvePoint is able to offer our customers a delegation operating model, which is a key competitive differentiator for us. And when we say delegation, we are talking about the two different levels of delegation. First: Delegate to the business, regional IT or key user groups […] on behalf of global IT. You can delegate to region IT, but central IT should manage all key security compliance settings [each] Renter. […] Second, directly delegating to the users themselves. If a user wants to create a workspace to host a project, does he have to go to the IT team to create one? Self-service helps the business move projects forward quickly while IT can focus on more important activities. And this is where M365 can really help you maximize your revenue for the business.”


The final result

While AvePoint offers this enterprise-grade security and control to organizations of all sizes and industries, the general principles are the same for all organizations.

Coby says, “If you think of a big company like a modern car manufacturer, they have so many different brands, and not necessarily all of those brands need to have their own leases. However, sometimes they need to be set up [an isolated tenancy] because one of the brands wants to manage itself. So that’s a fundamental difference, but the setup is exactly the same. If you think about how we help the MSP or the company […] We basically offer a single dashboard with full transparency across multiple tenants.”

With a powerful and customizable feature set, AvePoint’s platform helps organizations migrate, manage, and protect their Microsoft investments.

To learn more about AvePoint’s specialized platform for ubiquitous cloud service, contact a representative today or sign up for a free 30-day trial.

Leave a Comment

%d bloggers like this: