Insight to tenant configurations across all customers
We have a constant need to monitor current tenant configurations across all customers. Currently, we have a huge Excel-based spreadsheet that includes all customer tenants and all the configuration settings we see relevant to keep track on. The configuration settings are currently recorded on very general level. Updating this own "centralized monitoring tool" is manual, slow and all the changes may not end up to our spreadsheet. The settings we keep track on include for example:
- MFA status in organisation: yes/no
- MFA type, if enabled: per-user / Conditional Access
- Other Conditional Access rules in place (ie. block legacy auth, require device compliancy)
- is Intune deployed, MDM/MAM
- Autopilot configuration status: affects to process of ordering and delivering new computers
- Intune Device Compliancy policies
- Audit log activated: yes/no
- Blocked legacy auth protocols (default tenant settings): which protocols
- Self-Service Password Reset enabled: yes/no
- Password Expiration Policy
- O365 ATP configured: yes/no
- Message Encyption enabled: yes/no
- AIP enabled: yes/no
- Cloud app security enabled: yes/no
- AAD Security defaults enabled: yes/no
- AAD Company Branding: yes/no
- Teams guest access: yes/no
- Teams Live Events: yes/no
- license type: M365 Business Premium / lower / higher (to filter in spreadsheet which features are available, but not yet enabled)
We have used this report in account/IT management: roadmaps, current state reports, prioritization of new projects, evaluation of changes affecting to customers. Our technical department is also very eager for this information, especially when going onsite to give IT support and different kind of questions and issues arise.
It would be huge for us, if Lighthouse could have a centralized view to all customer tenants with features similar to our current solution. We wouldn't mind, if there is even more details of technical configuration per above listed setting or additional M365-settings, which could be monitored via Lighthouse.
Thank you for all your suggestions. There is a lot of great feedback for us to consider. There is a lot we will be sharing in the near feature with regards to standardizing on tenant deployments across your SMB customers, including tools to understand progress and changes made to existing solutions. As part of the initial roll out you will find policies to deploy AAD and Intune policies consistently. We are also currently shipping the ability to add tags to help group and filter customers. We are exploring scenarios around MDO and EOP. In the longer term we will enable use cases to customize and expand on them. Some of the items you have listed are on our longer term roadmap and some are new ideas that you have brought to our attention.
Chris Thorton commented
Our firm currently uses Simeon Cloud to do this.
I submitted my own that include a subset of some of these. Ensuring we have the proper controls implemented across all clients is ESSENTIAL to ensuring they are protected. Having someway to easily have insight into these configurations would be a huge benefit to us and our clients.