To be able to provide you the best possible support, we will off course need some access into your environment.
This article briefly describes what access we need and why.
Main topics in this article
Some considerations
Why do we need accounts on your tenant?
To be able to troubleshoot or investigate issues, reproduce some behavior or to guide you in how to use our Atlas features, we'll need to have access to your environment.
Multi-Factor Authentication (MFA)
If you're serious about security nowadays that means that you have MFA enabled as per Microsoft best practice and as a partner we off course also fully agree on that approach.
We use MFA on our platforms and we advise our clients to do the same
Generic (shared) Accounts
Yes, we all know them and we all have used generic accounts to be able to access to some environments in an "easy" way, but generic accounts off course also have a lot of cons and really are not a good idea if you take security serious
- there's no way to proof who's effectively doing any actions
- credentials are available to multiple people which is a security breach
- lack of MFA
- difficult to manage, also when people are leaving the company
- ...
Our recommendations and requirements
To be able to provide you the best possible and secure Atlas support we make sure we apply best practice where ever we can.
We invested in a secure password storage application which ensures all our internal and client credentials are safely stored and we expect our customers are looking into security in a similar way.
Also Microsoft nowadays advices to use MFA on all their environments and again we expect our customers to do the same.
Therefor we ask our customers to create named user accounts for our support assistants with MFA enabled. Our staff can safely store their credentials in their private password vaults and the credentials can only be used by them ensuring you have full control of who has access to your environment.
When some of our staff leave we simply provide you the details so you can disable, suspend or delete the accounts depending on your processes. At our side we have a process in place to remove the user's access to the secure password application and to delete the credentials in a secure way.
Practically this means we ask you to create somewhere between 5 - 10 user accounts on your tenant to allow us to have people with the proper skillset being able to support you and resolve the issues ASAP.
The support accounts will need SharePoint admin permissions but, in some occasions we'll also need permissions on your O365 tenant or your IT team will have to assist in troubleshooting.
Details will be coordinated with you via your Customer Success Manager
Comments
0 comments
Please sign in to leave a comment.