Why having a Microsoft GCC High environment doesn’t limit you to Microsoft Office 365 native admin tools

October 11, 2024
|By Sonia Bounardjian
Tags: audit gcc high sapio365 Security
Microsoft GCC High compliance

One of our customers had a large client base of federal agencies and would be handling certain types of Controlled Unclassified Information (CUI) that require U.S. data sovereignty. They knew this meant they needed to move to level 2 of the Cybersecurity Maturity Model Certification (CMMC). This customer also knew that Microsoft recommends GCC High, a version of the Microsoft 365 suite that is designed to address stringent compliance levels of CMMC 2.0. They opted for Microsoft GCC High as many other government agencies in their client base.

Their problems arose when they realized they would no longer be able to use their usual third-party software tools to manage Entra ID and Active Directory. They were now limited to using Microsoft 365 native tools. This customer had a large Microsoft 365 environment with over 700 users. The team found it difficult to assess the environment because they couldn’t get a view of all the users at one time.

Complicating the situation was the fact that the IT team members did not possess a lot of expertise in writing complex PowerShell scripts. Several times, an admin had to go online to try and find suitable scripts. In one of those cases, the script that was found was outdated and caused issues in their environment that took days to fix. The entire IT team knew they had to find another solution.

Supporting Microsoft GCC High tenants

They started looking at all the third-party party tools on the market and attended many demos. Most did not support Microsoft GCC High tenants like the third-party tool they were currently using. The senior IT admin spoke to a colleague who mentioned he recently attended a webinar on a tool called sapio365 where they mentioned that the tool supported Microsoft GCC High environments. They contacted Ytria and after their own demo, decided to get a free trial to see how the tool worked. They were pleasantly surprised that it took only five minute to set up. The customer’s security team was involved from the start and because sapio365 is a locally installed desktop solution, they were able to approve the solution quickly. sapio365 serves as a direct bridge to tenant data, as well as on-premises Active Directory data. No third parties, including Ytria, the makers of sapio365, ever have access to data. Every aspect of sapio365 usage remained under the IT team’s control.

A great PowerShell alternative

The customer’s IT team was relieved that PowerShell was not required. Everything in sapio365 can be done with clicks instead of complicated code writing. The risk of using an outdated and untested PowerShell script was eliminated. With sapio365, all changes can be previewed so you can see where and what the changes will be before committing to them. Very quickly, the team was able to de-clutter their environment by cleaning up stale accounts and groups that were no longer in use and verifying that their Microsoft policies were still working as expected. In addition, they removed old distribution lists and nested group memberships.

A preview of old user accounts that are about to be deleted

Automated IT tasks

They were impressed with the solution and how it saved them hours of time every day as they performed their routine IT tasks like offboarding users who left the company. The entire team preferred sapio365 to Microsoft native tools and even to the third-party toolset they were using before switching to Microsoft GCC High.

Several options are available for offboarding users automatically

Custom Microsoft 365 reporting

They really appreciated how easy it was to perform custom reporting. sapio365 provides a wide range of filters so you can organize and sort your data in any way you want, then you simply save the view for future use. The team began customizing reports on how documents were shared and with whom. They even scheduled the reports to run automatically every week using sapio365’s automation feature so they could be more proactive.

How OneDrive files are shared and with whom

Within a very short time, the team realized that a lot of their daily IT tasks could be automated and were delighted when sapio365’s customer success team offered to create a customized automated job for them.

Last but not least, sapio365 is a great tool for auditing. The customer had a clear look into how the IT admin team was using it because every change and data access is logged into sapio365’s User Activity Logs. Learn more about using sapio365 to maintain CMMC 2.0 compliance.

sapio365 User Activity Logs record when data is accessed or changed with sapio365

Conclusion

The customer’s need to be CMMC 2.0 compliant had led them down the path towards sapio365 and an efficiency they could only have dreamed of. The tool was scalable and saved their IT staff hours of time every day. Tasks that took a lot of time in the admin portal could be automated and done in minutes. What’s more, they had avoided the repercussions of having a cluttered environment. If you’re moving to a GCC High version of Microsoft 365, why not discover all of sapio365’s features.

Get your sapio365 free trial

Sonia Bounardjian

Sonia is a sapio365 product specialist at Ytria. She was part of the initial development team that created sapio365. When she's not busy helping sapio365 users virtually or writing helpful articles in this blog, she's reorganizing her impressive collection of unused high heels.