Govern Microsoft 365
You bought it. Use it right.
Microsoft 365 seems like an inevitability, but it’s not as simple as migrating from one version of Office to another. With Microsoft 365, Microsoft is introducing a fundamentally new way of working using tools that are deceptively similar to its on-premises offerings but which work differently in the cloud. What’s different about SharePoint Online? How can I safely enable OneDrive for my end users? What are the implications of moving my users to Teams from Skype for Business?
There’s a lot that is new when it comes to Microsoft 365, and it’s not always easy to navigate.
Our Advice
Critical Insight
Map your organizational goals to the administration features available in the Microsoft 365 console. Your governance should reflect your requirements.
Impact and Result
The result is a defined plan for controlling Microsoft 365 by leveraging hard controls to align Microsoft’s toolset with your needs and creating acceptable use policies and communication plans to highlight the impact of the transition to Microsoft 365 on the end-user population.
Member Testimonials
After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve. See our top member experiences for this blueprint and what our clients have to say.
8.7/10
Overall Impact
$16,092
Average $ Saved
12
Average Days Saved
Client
Experience
Impact
$ Saved
Days Saved
The New Zealand Institute for Plant and Food Research Limited
Guided Implementation
10/10
$34,250
20
Best part was the firsthand experience of the technical requirements and ability to propose a suggested road map along with supporting tools!
Workplace Safety & Prevention Services
Guided Implementation
7/10
$2,000
10
Lussier Cabinet D`Assurance - LDP
Workshop
9/10
$5,000
5
This is an intensive work, but Info-Tech was able to adapt the schedule and timing with our busy schedule.
HEALTH CARE COMPLAINTS COMMISSION
Guided Implementation
7/10
$4,550
5
Sam presented the research well. The topic of governing Microsoft 365 is massive, and it seemed difficult to initially see where the HCCC should fo... Read More
Canadian Defence Academy
Workshop
10/10
$50,000
23
Venkat was extremely knowledgeable and answered all our questions promptly. No negative experiences come to mind.
Kappa Delta Sorority
Guided Implementation
10/10
$6,850
10
The guided approach is always the best part, and we were able to complete the work fairly quickly so I can move into our next steps. John's knowled... Read More
United Counties of Leeds & Grenville
Guided Implementation
8/10
$10,000
10
Govern Microsoft 365
You bought it. Use it right.
Analyst Perspective
You must govern Microsoft 365, or it just won't work.
Microsoft 365 is not an IT project. Some might think upgrading an email service or changing the service model for productivity software is something that IT should handle on its own. But Office 365 is such a massive undertaking that this simply isn't possible.
Microsoft 365 is about more than just delivering the same experiences in a different way. It brings additional capabilities at additional cost. If those capabilities are worth it, everyone – not just IT – needs to work together to realize those benefits.
IT needs to empower users while protecting the interests of the business and reducing risk insofar as is possible. Too often IT leaders interpret this as “locking down” their Microsoft 365 tenant. I think this is the wrong approach. Articulate your goals, identify how Microsoft 365 can meet them, and balance those capabilities with governance. Use the resulting principles to build out targeted controls that will help you be the enabler your business needs you to be.
It's that easy!
Fred Chagnon
Principal research Director, Core Infrastructure
Info-Tech Research Group
Executive Summary
Your Challenge
Microsoft 365 seems like an inevitability, but it's not as simple as migrating from one version of Office to another. With Microsoft 365, Microsoft is introducing a fundamentally new way of working using tools that are deceptively similar to its on-premises offerings, but which work differently in the cloud. What's different about SharePoint Online? How can I safely enable OneDrive for my end users? What are the implications of moving my users to Teams from Skype for Business?
There's a lot that is new when it comes to Office 365, and it's not always easy to navigate.
Common Obstacle
Microsoft 365 is a lot for most organizations. The number of different features and services that come with even a basic E1 license introduces governance challenges. Chief among these:
- Licensing is complicated.
- No single repository of all available controls.
- Integrations and dependencies between the different services are not always obvious.
- Building out governance in a new environment is not always easy.
Info-Tech's Approach
Microsoft 365 may be big and different, but it's not impossible to implement well. Consider these points:
- All controls should be mapped to governance areas, which should be mapped to governance disciplines. You must be able to draw a line between a control and what it will help you to accomplish.
- The cloud is different. You should do things differently. Leverage its strengths; obviate its weaknesses. While your goals may not change, the way you accomplish them will.
Info-Tech Insight
Microsoft 365 isn't inherently better or worse than Office CALs. It comes with some additional features, and likely some additional cost, and reduces your overall control over your environment while enabling cloud features such as easy remote access and elasticity. If it's right for you, you'll be able to take advantage of its features. But it may not be right for you.
You need to get this right
Odds are, you already have a Microsoft footprint. If you're not already in Microsoft 365, it may well be on the roadmap.
Like it or not, Microsoft is a behemoth in the office suite market. Google (the next largest provider) is growing, but Microsoft continues to hold more than 85% of the overall market. Its dominance has filtered into other areas, and for many organizations the question isn't “what product should we buy?” it's “what's the next step in our relationship with Microsoft?” Right-sizing your Office deployment, getting licensing in order, and planning for a smooth rollout of Microsoft 365 have all become central to modernizing productivity and collaboration environments. Once your tenant is in place, ensure you're using it as effectively as possible and that end users understand any trade-offs and benefits that come with such a substantial revision of how IT services are delivered.
258,000,000
Monthly active users as of October 2021
MS FY20 Q1 Earnings call
87.5%
Microsoft's share of the office suite market
CIO Dive, 2020
595,935
Number of American companies using Office 365
Statista, 2020
Microsoft 365 Governance Framework
Balance Risk Reduction Controls With Work Enablement to Achieve Corporate Goals
GOVERNANCE CASCADE
Governance Objectives
At the highest level of abstraction, a governance objective enables a goal.
Corporate Goals
Use Microsoft's governance disciplines to generate your own governance objectives and apply them to the three work enablers.
Example Corporate Goals:
- Increase revenue
- Expand globally
- Cut costs
Priorities
Derived from the interaction between governance objectives and focus areas.
Five Disciplines of Cloud Governance
- Cost Management
Build out cost control policies. - Deployment Acceleration
A standard approach to deployment will speed it up. - Resource Consistency
Consistently configure resources to limit risk relating to the instantiation and management of workloads. - Security Baseline
Use governance policies to enforce policies across the cloud environment. - Identity
Consistently apply identity requirements for optimal security.
Work Enablers
- Productivity
Creation-focused services that generate portable artifacts. - Content Management
Services that allow users to sort and access content. - Collaboration
Services that allow users to work together to accomplish corporate goals.
Refined Governance Priorities
Example Refined Governance Priorities:
- Enable access to content based on need
- Leverage integration across the suite
- Use standard templates for collaboration groups
- Make productivity tools available by default
Controls
At the service level, governance principles take the form of specific controls.
Controls
Controls should all map to a broader organizational goal. If you want to implement a control but can't figure out why, reconsider said control.
Ensure that every control cascades down from your overall governance objective, which is important.
Example Controls:
- Limit external sharing
- Prevent users from creating SharePoint sites
- Disable third-party applications in Teams
- Sign out inactive users
- Mark new files as sensitive by default
- Prevent users from syncing OneDrive contents to their desktops
- Control access to SharePoint/OneDrive based on network location
About Info-Tech
Info-Tech Research Group is the world’s fastest-growing information technology research and advisory company, proudly serving over 30,000 IT professionals.
We produce unbiased and highly relevant research to help CIOs and IT leaders make strategic, timely, and well-informed decisions. We partner closely with IT teams to provide everything they need, from actionable tools to analyst guidance, ensuring they deliver measurable results for their organizations.
What Is a Blueprint?
A blueprint is designed to be a roadmap, containing a methodology and the tools and templates you need to solve your IT problems.
Each blueprint can be accompanied by a Guided Implementation that provides you access to our world-class analysts to help you get through the project.
Need Extra Help?
Speak With An Analyst
Get the help you need in this 3-phase advisory process. You'll receive 5 touchpoints with our researchers, all included in your membership.
Guided Implementation 1: Define your organizational goals
- Call 1: Conduct a goals exercise and introduce the capability assessment.
Guided Implementation 2: Control your Microsoft 365 environment
- Call 1: Refine governance objectives.
- Call 2: Build out controls (repeat this call for all relevant services).
Guided Implementation 3: Communicate your results
- Call 1: Formalize governance and build out one pagers.
- Call 2: Finalize communication plan.
Contributors
- Jorge Carvalho, Collaboration Solutions Architect, LendLease
- Bryan Mierzejewski, VP, Network & Security Manager, Guilford Savings Bank
- Charles Nguyen, VP of Strategic Partnerships, NetGovern
- Chris Kershaw, Manager Enterprise Information Management, Strathcona County
- Dan Nobles, Senior Systems Specialist, Alabama Department of Environmental Management
- Harry Fukasawa, Executive Senior Advisor, Mitsubishi Chemical Holdings America, Inc.
- Joerg Meissner, Sr. Architect Azure/O365, Ovatio Technologies
- Mathieu Duhamel, IT Application Director, Richter
- Pankaj Srivastava, JGM, Office of CIO, Nayara Energy
- Phil Yaghi, Director, Sales Engineering, Hyalto
- Steven Smith, IT Infrastructure Manager, Seattle Housing Authority
- One anonymous contributor
Run Better Meetings
Rationalize Your Collaboration Tools
Implement Desktop Virtualization and Transition to Everything as a Service
Establish a Communication and Collaboration System Strategy
Build a Digital Workspace Strategy
Govern Microsoft 365
Create a Post-Implementation Plan for Microsoft 365
Microsoft Teams Cookbook
2020 Enterprise Collaboration Tools: Market Trends and Buyer’s Guide
Build a Minimum Viable Product for Data Classification With Microsoft 365
Drive Ongoing Adoption With an M365 Center of Excellence
Endpoint Management Selection Guide
Define Your Virtual and Hybrid Event Requirements
Collaborate Effectively in Microsoft Teams
