Our systems detected an issue with your IP. If you think this is an error please submit your concerns via our contact form.

Infrastructure Operations icon

Govern Microsoft 365

You bought it. Use it right.

Microsoft 365 seems like an inevitability, but it’s not as simple as migrating from one version of Office to another. With Microsoft 365, Microsoft is introducing a fundamentally new way of working using tools that are deceptively similar to its on-premises offerings but which work differently in the cloud. What’s different about SharePoint Online? How can I safely enable OneDrive for my end users? What are the implications of moving my users to Teams from Skype for Business?

There’s a lot that is new when it comes to Microsoft 365, and it’s not always easy to navigate.

Our Advice

Critical Insight

Map your organizational goals to the administration features available in the Microsoft 365 console. Your governance should reflect your requirements.

Impact and Result

The result is a defined plan for controlling Microsoft 365 by leveraging hard controls to align Microsoft’s toolset with your needs and creating acceptable use policies and communication plans to highlight the impact of the transition to Microsoft 365 on the end-user population.


Govern Microsoft 365 Research & Tools

1. Govern Microsoft 365 – Understand the challenges posed by governing Microsoft 365 and the necessity of deploying proper governance.

Governing Microsoft 365 is a key step to making your tenant safe and have meaningful guardrails in place. Develop a list of organizational goals that will enable you to leverage the Microsoft 365 toolset to its fullest extent while also implementing sensible governance. By completing this blueprint, you will be able to set the controls for Microsoft 365 that align to your business goals.

2. Microsoft 365 Capability Assessment Tool – Build a plan for migrating to Microsoft 365.

Complete your Microsoft 365 capability assessment to determine your licensing needs.

3. Control Your Microsoft 365 Environment – Use Info-Tech's toolset to build out controls for OneDrive, SharePoint, and Teams that align with your organizational goals as they relate to governance.

Complete the control map that aligns to your priorities based on your defined goals.

Create acceptable use policies not supported by the hard controls in the control map tool set.

4. Microsoft 365 Communication Plan Template – Communicate the results of your Microsoft 365 governance program.

Using the Communication Plan Template, customize your communications to meet your organizational needs for One Drive, SharePoint, and Teams.


Member Testimonials

After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve. See our top member experiences for this blueprint and what our clients have to say.

8.7/10


Overall Impact

$16,092


Average $ Saved

12


Average Days Saved

Client

Experience

Impact

$ Saved

Days Saved

The New Zealand Institute for Plant and Food Research Limited

Guided Implementation

10/10

$34,250

20

Best part was the firsthand experience of the technical requirements and ability to propose a suggested road map along with supporting tools!

Workplace Safety & Prevention Services

Guided Implementation

7/10

$2,000

10

Lussier Cabinet D`Assurance - LDP

Workshop

9/10

$5,000

5

This is an intensive work, but Info-Tech was able to adapt the schedule and timing with our busy schedule.

HEALTH CARE COMPLAINTS COMMISSION

Guided Implementation

7/10

$4,550

5

Sam presented the research well. The topic of governing Microsoft 365 is massive, and it seemed difficult to initially see where the HCCC should fo... Read More

Canadian Defence Academy

Workshop

10/10

$50,000

23

Venkat was extremely knowledgeable and answered all our questions promptly. No negative experiences come to mind.

Kappa Delta Sorority

Guided Implementation

10/10

$6,850

10

The guided approach is always the best part, and we were able to complete the work fairly quickly so I can move into our next steps. John's knowled... Read More

United Counties of Leeds & Grenville

Guided Implementation

8/10

$10,000

10


Govern Microsoft 365

You bought it. Use it right.

Analyst Perspective

You must govern Microsoft 365, or it just won't work.

Microsoft 365 is not an IT project. Some might think upgrading an email service or changing the service model for productivity software is something that IT should handle on its own. But Office 365 is such a massive undertaking that this simply isn't possible.

Microsoft 365 is about more than just delivering the same experiences in a different way. It brings additional capabilities at additional cost. If those capabilities are worth it, everyone – not just IT – needs to work together to realize those benefits.

IT needs to empower users while protecting the interests of the business and reducing risk insofar as is possible. Too often IT leaders interpret this as “locking down” their Microsoft 365 tenant. I think this is the wrong approach. Articulate your goals, identify how Microsoft 365 can meet them, and balance those capabilities with governance. Use the resulting principles to build out targeted controls that will help you be the enabler your business needs you to be.

It's that easy!

Fred Chagnon
Principal research Director, Core Infrastructure
Info-Tech Research Group

Executive Summary

Your Challenge

Microsoft 365 seems like an inevitability, but it's not as simple as migrating from one version of Office to another. With Microsoft 365, Microsoft is introducing a fundamentally new way of working using tools that are deceptively similar to its on-premises offerings, but which work differently in the cloud. What's different about SharePoint Online? How can I safely enable OneDrive for my end users? What are the implications of moving my users to Teams from Skype for Business?

There's a lot that is new when it comes to Office 365, and it's not always easy to navigate.

Common Obstacle

Microsoft 365 is a lot for most organizations. The number of different features and services that come with even a basic E1 license introduces governance challenges. Chief among these:

  • Licensing is complicated.
  • No single repository of all available controls.
  • Integrations and dependencies between the different services are not always obvious.
  • Building out governance in a new environment is not always easy.

Info-Tech's Approach

Microsoft 365 may be big and different, but it's not impossible to implement well. Consider these points:

  1. All controls should be mapped to governance areas, which should be mapped to governance disciplines. You must be able to draw a line between a control and what it will help you to accomplish.
  2. The cloud is different. You should do things differently. Leverage its strengths; obviate its weaknesses. While your goals may not change, the way you accomplish them will.

Info-Tech Insight

Microsoft 365 isn't inherently better or worse than Office CALs. It comes with some additional features, and likely some additional cost, and reduces your overall control over your environment while enabling cloud features such as easy remote access and elasticity. If it's right for you, you'll be able to take advantage of its features. But it may not be right for you.

You need to get this right

Odds are, you already have a Microsoft footprint. If you're not already in Microsoft 365, it may well be on the roadmap.

Like it or not, Microsoft is a behemoth in the office suite market. Google (the next largest provider) is growing, but Microsoft continues to hold more than 85% of the overall market. Its dominance has filtered into other areas, and for many organizations the question isn't “what product should we buy?” it's “what's the next step in our relationship with Microsoft?” Right-sizing your Office deployment, getting licensing in order, and planning for a smooth rollout of Microsoft 365 have all become central to modernizing productivity and collaboration environments. Once your tenant is in place, ensure you're using it as effectively as possible and that end users understand any trade-offs and benefits that come with such a substantial revision of how IT services are delivered.

Logos for Microsoft 365 and its individual apps.

258,000,000
Monthly active users as of October 2021
MS FY20 Q1 Earnings call

87.5%
Microsoft's share of the office suite market
CIO Dive, 2020

595,935
Number of American companies using Office 365
Statista, 2020

Microsoft 365 Governance Framework

Balance Risk Reduction Controls With Work Enablement to Achieve Corporate Goals

GOVERNANCE CASCADE

Governance Objectives
At the highest level of abstraction, a governance objective enables a goal.

Corporate Goals

Use Microsoft's governance disciplines to generate your own governance objectives and apply them to the three work enablers.

Example Corporate Goals:

  • Increase revenue
  • Expand globally
  • Cut costs


Priorities
Derived from the interaction between governance objectives and focus areas.

Five Disciplines of Cloud Governance

  • Cost Management
    Build out cost control policies.
  • Deployment Acceleration
    A standard approach to deployment will speed it up.
  • Resource Consistency
    Consistently configure resources to limit risk relating to the instantiation and management of workloads.
  • Security Baseline
    Use governance policies to enforce policies across the cloud environment.
  • Identity
    Consistently apply identity requirements for optimal security.

Work Enablers

  • Productivity
    Creation-focused services that generate portable artifacts.
  • Content Management
    Services that allow users to sort and access content.
  • Collaboration
    Services that allow users to work together to accomplish corporate goals.

Refined Governance Priorities

Example Refined Governance Priorities:

  • Enable access to content based on need
  • Leverage integration across the suite
  • Use standard templates for collaboration groups
  • Make productivity tools available by default


Controls
At the service level, governance principles take the form of specific controls.

Controls

Controls should all map to a broader organizational goal. If you want to implement a control but can't figure out why, reconsider said control.

Ensure that every control cascades down from your overall governance objective, which is important.

Example Controls:

  • Limit external sharing
  • Prevent users from creating SharePoint sites
  • Disable third-party applications in Teams
  • Sign out inactive users
  • Mark new files as sensitive by default
  • Prevent users from syncing OneDrive contents to their desktops
  • Control access to SharePoint/OneDrive based on network location

You bought it. Use it right.

About Info-Tech

Info-Tech Research Group is the world’s fastest-growing information technology research and advisory company, proudly serving over 30,000 IT professionals.

We produce unbiased and highly relevant research to help CIOs and IT leaders make strategic, timely, and well-informed decisions. We partner closely with IT teams to provide everything they need, from actionable tools to analyst guidance, ensuring they deliver measurable results for their organizations.

MEMBER RATING

8.7/10
Overall Impact

$16,092
Average $ Saved

12
Average Days Saved

After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.

Read what our members are saying

What Is a Blueprint?

A blueprint is designed to be a roadmap, containing a methodology and the tools and templates you need to solve your IT problems.

Each blueprint can be accompanied by a Guided Implementation that provides you access to our world-class analysts to help you get through the project.

live
00:00

Need Extra Help?
Speak With An Analyst

Get the help you need in this 3-phase advisory process. You'll receive 5 touchpoints with our researchers, all included in your membership.

Guided Implementation 1: Define your organizational goals
  • Call 1: Conduct a goals exercise and introduce the capability assessment.

Guided Implementation 2: Control your Microsoft 365 environment
  • Call 1: Refine governance objectives.
  • Call 2: Build out controls (repeat this call for all relevant services).

Guided Implementation 3: Communicate your results
  • Call 1: Formalize governance and build out one pagers.
  • Call 2: Finalize communication plan.

Authors

John Donovan

Jeremy Roberts

Fred Chagnon

Contributors

  • Jorge Carvalho, Collaboration Solutions Architect, LendLease
  • Bryan Mierzejewski, VP, Network & Security Manager, Guilford Savings Bank
  • Charles Nguyen, VP of Strategic Partnerships, NetGovern
  • Chris Kershaw, Manager Enterprise Information Management, Strathcona County
  • Dan Nobles, Senior Systems Specialist, Alabama Department of Environmental Management
  • Harry Fukasawa, Executive Senior Advisor, Mitsubishi Chemical Holdings America, Inc.
  • Joerg Meissner, Sr. Architect Azure/O365, Ovatio Technologies
  • Mathieu Duhamel, IT Application Director, Richter
  • Pankaj Srivastava, JGM, Office of CIO, Nayara Energy
  • Phil Yaghi, Director, Sales Engineering, Hyalto
  • Steven Smith, IT Infrastructure Manager, Seattle Housing Authority
  • One anonymous contributor

Search Code: 96668
Last Revised: December 22, 2023

Visit our IT Critical Response Resource Center
Over 100 analysts waiting to take your call right now: +1 (703) 340 1171