Best Practices for Monitoring Microsoft 365 from On-Premises

With the recent flurry of cyber-attacks across the globe, one question we have heard from our users is best practices or recommendations on securely monitoring SaaS or cloud based resources from an on-premises monitoring solution such as Orion.

In this scenario, we will focus on Microsoft 365 and monitoring it securely from Orion.  There are a couple of ways in which to ultimately accomplish this.  

  1. Orion can be deployed into the cloud and self-hosted.  SolarWinds provides images for both Azure and AWS, so you can always monitoring cloud resources or services in this manner
  2. Create the appropriate firewall rules at the edge of your environment to only allow traffic to and from the Orion server externally from that service.  
  3. Microsoft’s Conditional Access capabilities.  Leveraging this capability, you can lock down access from an account used to access Microsoft 365 to a specific user, IP, location or device. For example, the Orion server itself.   

Microsoft have published an example of configuring this based on a location.

Microsoft has put together and published very thorough documentation on how to secure Microsoft 365 from On-Premises environment, which you can read more about here.  If you are monitoring cloud resources from AWS, Azure, etc. additionally you can create a virtual private network setup to ensure secure communication between Orion on-premises and the cloud service provider.

Security is something we need to take the time, research and plan out carefully to ensure our users and environment stay safe and secure.