Loacker gains full control over guest access and external sharing in Microsoft 365 using Syskit Point
Customer
Since 1925, the name Loacker has stood for pure and wholesome natural goodness, the highest quality, and a love for nature – combined in delicious wafers, snacks, and chocolates. Over the past 90 years, the company established in the Italian Alps has become an internationally known brand whose export quotes keep growing. In 2021 alone, 37,534 tons of Loacker chocolate specialties were sold in more than 100 countries worldwide.
At Loacker, goodness is a choice. The main pillars of the company’s philosophy are high product and service quality, environmental protection, and following social and ethical principles. Loacker’s accelerated sustainability plans include the goal of 100% sustainable cocoa in its products by 2025.
Strategy comes first, technology second. By providing a stable platform we want to empower our 1,000+ employees in the best possible way for future endeavors.
Anton Dorfmann, CMS and Collaboration ManagerChallenge
A growing number of workspaces, folders, documents, and users resulted in decreased visibility into Loacker’s tenant, rendering the employees unable to easily control guest access to sensitive data.
Unauthorized guest account access
Loacker employees frequently collaborate with partners from different companies. They use guest account access and external sharing to grant outside users access to internal resources – both of which can cause data vulnerabilities.
When external users get invited into Loacker’s M365 tenant as guests, both parties can share and work on the same documents. If left uncontrolled, guest accounts remain active in the tenant after project completion, which means they can log in and freely access the company’s sensitive files.
Loacker’s IT team started looking for a way to implement a security policy that would automatically disable guest user access after a certain period of inactivity, to prevent unauthorized external access to the company’s valuable data.
Searching for a solution, they first turned to Microsoft 365, which doesn’t offer an out-of-the-box guest expiration policy. On top of that, Loacker’s IT team was forced to waste precious time using PowerShell scripts to detect inactive guest users in the company’s M365 environment.
With the inventory increase, the already exhausting and time-consuming process started to become even more complicated. The team soon realized that they needed to find a separate solution for the implementation of their guest account security policy.
Unsupervised link content sharing
In addition to guest account access, Loacker’s employees also used sharing links to grant outside users access to resources. Expiration policies weren’t the issue with them, since Microsoft 365 provides the ability to set them on the tenant level. However, they could not get a clear overview of the externally shared assets across the entire M365 tenant in a single report. To gain insight into who shared the documents with whom and what permissions the users had, Loacker’s IT team needed to dig – they had to go down to the file, folder, and site level, and extract data manually into a report.
Instead, the team at Loacker was searching for a simpler solution that would centralize all externally shared links in a single location and provide clarity and greater management abilities.
Solution
Loacker’s search for the right solution started with different requirements, a lot of googling, digging through presentations, and reading whitepapers. To make a final decision, all it took was a look at a comparison table with a numbers rating.
The result was clear.
With its powerful governance automation and reporting features, Syskit Point solved two major data security needs. Its array of capabilities, such as Teams lifecycle management, will continue to cater to Loacker’s expanding needs in the future.
“Syskit Point was everything we needed, right from the beginning: clear, intuitive, and super easy to use. It was a way better match than any other tool, not only from the financial aspect but technical as well.”
Guest user expiration policies
To prevent unauthorized guest access to valuable data, Loacker’s IT team uses Syskit Point’s tenant-wide policy that requires guest user access validation. It allows the team to achieve the following:
- Ensuring that guest users are reviewed periodically or whenever Point detects them as inactive.
- Receiving an e-mail to guest users’ managers or other users defined in the Guest Users Expiration policy.
- Automatically removing the ones no one takes responsibility for, leaving Loacker’s environment secure.
External sharing reporting
Another step to resolving data vulnerabilities was Point’s external sharing reports. Their team can now find all content shared via sharing links in one central report. It contains files shared via anonymous links, links for specific people, and sharing links within the company.
They gained the following abilities:
- Finding valuable details such as the creation and expiration dates of the sharing link and what type of access rights they give.
- Removing multiple sharing links or preventing specific guest users from accessing them.
- Stopping external OneDrive file sharing when needed.
Results
100% secure and seamless integration process of Syskit Point, accompanied by a helpful customer support team, has provided Loacker with an ultimate carefree experience every step of the way.
Resulting in:
-
1.Ensuring data protection
Making sure that sensitive files don’t get breached by controlling guest user access right from the workflow’s beginning.
-
2.Achieving complete visibility
Tracking all sharing activity by having a centralized overview of all externally shared links across the entire tenant.
-
3.Reacting to security breaches
Detecting malicious sharing activity and being able to take necessary action as soon as it happens.
-
4.Gaining long-term support
Laying the groundwork for future implementation of governance policies according to the company’s internal roadmap.
The best thing about Syskit is the people working there. There are not so many software providers where you can directly position your ideas and they will soon be evaluated, and that’s one of the most important things in our good relationship.
Anton Dorfmann, CMS and Collaboration Manager