Best Practices for Monitoring Microsoft 365 from On-Premises
With the recent flurry of cyber-attacks across the globe, one question we have heard from our users is best practices or recommendations on securely monitoring SaaS or cloud based resources from an on-premises monitoring solution such as Orion.
In this scenario, we will focus on Microsoft 365 and monitoring it securely from Orion. There are a couple of ways in which to ultimately accomplish this.
- Orion can be deployed into the cloud and self-hosted. SolarWinds provides images for both Azure and AWS, so you can always monitoring cloud resources or services in this manner
- Create the appropriate firewall rules at the edge of your environment to only allow traffic to and from the Orion server externally from that service.
- Microsoft’s Conditional Access capabilities. Leveraging this capability, you can lock down access from an account used to access Microsoft 365 to a specific user, IP, location or device. For example, the Orion server itself.
Microsoft have published an example of configuring this based on a location.
Microsoft has put together and published very thorough documentation on how to secure Microsoft 365 from On-Premises environment, which you can read more about here. If you are monitoring cloud resources from AWS, Azure, etc. additionally you can create a virtual private network setup to ensure secure communication between Orion on-premises and the cloud service provider.
Security is something we need to take the time, research and plan out carefully to ensure our users and environment stay safe and secure.