City of Port St. Lucie Fixes Thousands of Over-Permissioned Sharing Links, Improves Guest Access Oversight with Policies and Insights
Success Highlights
Customer Location Port St. Lucie, United States
Industry Public Sector
Platform Microsoft 365
Port St. Lucie is a city on the Atlantic coast of southern Florida. The city has roughly 1,000 Microsoft 365 users.
Critical Needs
- Migrate personal drives to Microsoft 365 while keeping permissions intact
- Granular Backup and Recovery of Microsoft 365 content to meet “Sunshine State” laws
- Reduce management burden of Microsoft Teams
- Insights into external sharing and guest access
The Challenge
As COVID-19 swept the country, the City of Port St. Lucie IT department sprang into action to enable remote work.
“Employees were having trouble getting into their personal drives, so we moved two departments to OneDrive and SharePoint,” said Hannah Melton, Assistant IT Director. “We were moving quite a bit of data, but we were able to get it done overnight—within 12 hours. It was great to have FLY because it made the process really simple.”
Hannah had experience using FLY from previous migrations, after Microsoft’s migration tool didn’t quite get the job done.
“We were having trouble with permissions. We would move the files, but it wouldn’t keep the permissions,” said Melton. “But that wasn’t a problem when I moved the data from the personal drives with FLY.”
The City of Port St. Lucie also rolled out Microsoft Teams for the first time as part of their quick efforts to support remote work and keep collaboration among city employees running efficiently. However, managing the service threatened to overwhelm the lean IT department.
“I’m the only person who oversees SharePoint and Teams, so I was getting inundated with provisioning requests during the pandemic,” said Melton. “I created 80 Teams in the first week of the pandemic. I tried to get a person budgeted, but it was turned down.”
When we first ran Policies and Insights, it came up with thousands of links that were shared incorrectly. We hit a button and it basically fixed all the links and that risk was instantly mitigated.
Assistant Director IT, City of Port St. Lucie
The AvePoint Solution
“Cloud Governance allowed me to scale so I could keep up without having to hire someone,” said Melton. “The provisioning request goes through the questionnaire and I’ll use Cloud Governance’s Teams app, MyHub, to facilitate the request. A process that took me 30 minutes per Team now takes me 5.”
Cloud Governance has also improved the security and compliance of the city’s Microsoft Teams deployment by automating the management and disposition of the Teams.
“I didn’t even know I would need to manually check Teams memberships and configuration settings on a regular basis,” said Hannah. “AvePoint helped me setup regular automated recertifications every 6 months and appropriate Teams expiration settings.”
All workspaces that were created prior to implementing AvePoint were able to be imported into the city’s management and governance process moving forward. Cloud Governance also improved how the city managed its guest users and external sharing in Microsoft Teams.
“Guest users are only supposed to be in our tenant for a short time–typically the length of a project,” said Melton. “We saw many guests users sitting in our AD without a reason, so we set up Cloud Governance to automatically sort through and expire them so they aren’t hanging in our AD forever.”
The City of Port St. Lucie is also a happy Cloud Backup customer, having transitioned from a failed deployment with a Metalogix (now Quest) Microsoft 365 backup solution.
“They could never get it to work. We had it for a year didn’t get a single backup out of it. We did a demo with AvePoint and they had a 200GB site collection restored in a day,” said Melton. “It is so easy to use.”
After finding so much success with AvePoint solutions, Melton started leveraging Policies and Insights (PI) as soon as it became available in July 2020. PI provides the ability to monitor risk and access on sensitive documents by proactively monitoring and remediating policy violations. It also provides actionable security dashboards to highlight and track exposure (anonymous links, external user access) over time.
“When we ran a scan with Policies and Insights for the first time, we came up with thousands of document links that were shared incorrectly,” said Melton. “We went through them and hit a button and it basically fixed the links and instantly mitigated that risk.
PI’s simple, three step process (identify, prioritize, prevent) visualizes reports for IT, security, and business units by consolidating disparate reports that contain thousands of unprioritized line items in the Microsoft Compliance and Security Center.
“It can be difficult to configure all the policies natively—it’s not very intuitive with Microsoft,” said Melton. “We had a problem because our users were new to working with Microsoft Teams. They were sending links out without understanding who they were giving access to. It was crazy the amount of anonymous links that weren’t shared properly.”
Policies and Insights was very easy to use, deriving value almost instantly without needing to first classify their data.
“You don’t even have to have your information classified as sensitive for PI to identify it and tell you if too many people have access to it,” said Melton. “We turned it on and had insights in 24 hours or so.”
The Road Ahead
“My advice to others going through this transformation is to be very patient with your users who don’t know how to work in the cloud,” said Melton. “We are walking them through concepts and holding their hands.”
When asked if she would recommend AvePoint to other public sector organizations she said, “Of course I would! We have had an excellent experience and it’s been fun to work with you.”