Microsoft 365 seems like an inevitability, but it’s not as simple as migrating from one version of Office to another. With Microsoft 365, Microsoft is introducing a fundamentally new way of working using tools that are deceptively similar to its on-premises offerings but which work differently in the cloud. What’s different about SharePoint Online? How can I safely enable OneDrive for my end users? What are the implications of moving my users to Teams from Skype for Business?
There’s a lot that is new when it comes to Microsoft 365, and it’s not always easy to navigate.
Our Advice
Critical Insight
Map your organizational goals to the administration features available in the Microsoft 365 console. Your governance should reflect your requirements.
Impact and Result
The result is a defined plan for controlling Microsoft 365 by leveraging hard controls to align Microsoft’s toolset with your needs and creating acceptable use policies and communication plans to highlight the impact of the transition to Microsoft 365 on the end-user population.
Member Testimonials
After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve. See our top member experiences for this blueprint and what our clients have to say.
9.4/10
Overall Impact
$17,787
Average $ Saved
18
Average Days Saved
Client
Experience
Impact
$ Saved
Days Saved
Vancouver Public Library
Guided Implementation
8/10
$2,000
5
It was extremely helpful to have the framework of mapping controls to priorities and the lists of controls for Teams, OneDrive and Sharepoint. I s... Read More
Champaign Residential Services Inc
Guided Implementation
10/10
$2,599
2
John is an amazing resource. Thank you for all of your help!
Champaign Residential Services Inc
Guided Implementation
10/10
$2,599
2
Thank you for all of your help John! You took something that was completely overwhelming and helped us break it down into more digestible chunks.
Government of Bermuda
Guided Implementation
8/10
N/A
N/A
This was a great meeting.
Smile Train
Guided Implementation
10/10
$2,599
5
John's knowledge and insights into the Microsoft products
Huron County
Guided Implementation
9/10
$17,500
20
Best - friendly, timely, knowledgeable advice and information. Worst - nothing comes to mind, other than the out-of-reach subscription cost for t... Read More
Canada Border Services Agency
Workshop
9/10
N/A
N/A
The facilitator created an engaging and interactive environment, presented relevant content using various techniques, encouraged participation, pro... Read More
Champaign Residential Services Inc
Guided Implementation
10/10
N/A
N/A
This gave us a lot to think about and even more to read :-) PJ was great, and we look forward to working with him more once we get closer to starti... Read More
Town Of Whitby
Workshop
10/10
$10,000
20
Jeremy was a great SME and facilitator. The group collaboration and team understanding that was built was priceless. Great investment of resoruces.... Read More
Corvias Group
Guided Implementation
10/10
$12,999
10
Great intro to a topic our IT operations are beginning to focus
Kappa Delta Sorority
Guided Implementation
10/10
N/A
5
Receiving good feedback about our current situation and recommendations for options for our future state.
SSFM International
Workshop
10/10
$32,499
16
Jeremy was very pleasant to work with. He is well versed of the topic and facilitated with great examples and insights of our business pursuits. ... Read More
Government of Nunavut
Workshop
9/10
$75,000
50
Estimates for time and cost are really a best guess. The workshop helped put some focus to our team in discussing the whole O365 Governance. We h... Read More
Bermuda Monetary Authority
Guided Implementation
9/10
$11,339
10
Saskatchewan Workers Compensation Board
Guided Implementation
10/10
$10,000
2
John provided practical advice on data classification and on M365 controls that will get us to implementation faster.
City of Rohnert Park
Guided Implementation
7/10
N/A
1
The Saskatchewan Liquor and Gaming Authority
Guided Implementation
9/10
$5,000
5
Jeremy had a lot of knowledge regarding the subject and was able to answer all of the questions that we threw at him. He also provided detailed no... Read More
Akin Gump Strauss Hauer & Feld LLP
Workshop
10/10
$20,159
10
Scheduling of workshop can be optimized and be easy for customers. We had few scoping calls instead one. ... Read More
Government of Yukon
Workshop
10/10
$75,000
90
Jeremy and Ibrahim were extremely knowledgeable about 365 and able to answer our questions or find an answer to our questions. They were adaptable ... Read More
Rosens Diversified
Guided Implementation
10/10
$29,609
60
Hit the nail on the head. The worksheet is exactly what I was looking for. This worksheet will help to eliminate the guesswork on mapping security ... Read More
Ottawa Police
Guided Implementation
9/10
$10,000
10
Jeremy has been very helpful in implementing Office 365 Control Maps to assist us in our governance initiative for Office 365
Open Text Corporation
Guided Implementation
10/10
$30,999
20
The Govern O365 research helped us to quickly review our data and privacy controls. In our continuous efforts to deliver a reliable and secure mes... Read More
Workshop: Govern Microsoft 365
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Module 1: Define Goals
The Purpose
- Develop a plan to assess the capabilities of the Microsoft 365 solution and select licensing for the product.
Key Benefits Achieved
- Microsoft 365 capability assessment (right-size licensing)
- Acceptable Use Policies
- Mapped Microsoft 365 controls
Activities
Outputs
Review organizational goals.
- List of organizational goals
Evaluate Microsoft 365 capabilities.
Conduct the Microsoft 365 capability assessment.
Define user groups.
Finalize licensing.
- Targeted licensing decision
Module 2: Build Refined Governance Priorities
The Purpose
- Leverage the Microsoft 365 governance framework to develop and refined governance priorities.
- Build a SharePoint acceptable use policy and define SharePoint controls.
Key Benefits Achieved
- Refined governance priorities
- List of SharePoint controls
- SharePoint acceptable use policy
Activities
Outputs
Explore the Microsoft 365 Framework.
Conduct governance priorities refinement exercise.
- Refined governance priorities
Populate the Microsoft 365 control map (SharePoint).
- SharePoint control map
Build acceptable use policy (SharePoint).
- Sharepoint acceptable use policy
Module 3: Control Microsoft 365
The Purpose
- Implement governance priorities for OneDrive and Teams.
Key Benefits Achieved
- Clearly defined acceptable use policies for OneDrive and Teams
- List of OneDrive and Teams controls
Activities
Outputs
Populate the Microsoft 365 Control Map (OneDrive).
- OneDrive controls
Build acceptable use policy (OneDrive).
- OneDrive acceptable use policy
Populate the Microsoft 365 Control Map (Teams).
- Teams controls
Build acceptable use policy (Teams).
- Teams acceptable use policy
Module 4: SOW Walkthrough
The Purpose
Build a plan to communicate coming changes to the productivity environment.
Key Benefits Achieved
Communication plan covering SharePoint, Teams, and OneDrive
Activities
Outputs
Build SharePoint one pager.
- SharePoint one pager
Build OneDrive one pager.
- OneDrive one pager
Build Teams one pager.
- Teams one pager
Finalize communication plan.
- Overall finalized communication plan
Module 5: Communicate and Implement
The Purpose
- Finalize deliverables and plan post-workshop communications.
Key Benefits Achieved
- Completed Microsoft 365 governance plan
- Finalized deliverables
Activities
Outputs
Completed in-progress deliverables from previous four days.
- Completed acceptable use policies
- Completed control map
- Completed communication plan
- Completed licensing decision
Set up review time for workshop deliverables and to discuss next steps.
Validate governance with stakeholders.
Govern Microsoft 365
You bought it. Use it right.
Analyst Perspective
You must govern Microsoft 365, or it just won't work.
Microsoft 365 is not an IT project. Some might think upgrading an email service or changing the service model for productivity software is something that IT should handle on its own. But Office 365 is such a massive undertaking that this simply isn't possible.
Microsoft 365 is about more than just delivering the same experiences in a different way. It brings additional capabilities at additional cost. If those capabilities are worth it, everyone – not just IT – needs to work together to realize those benefits.
IT needs to empower users while protecting the interests of the business and reducing risk insofar as is possible. Too often IT leaders interpret this as “locking down” their Microsoft 365 tenant. I think this is the wrong approach. Articulate your goals, identify how Microsoft 365 can meet them, and balance those capabilities with governance. Use the resulting principles to build out targeted controls that will help you be the enabler your business needs you to be.
It's that easy!
Fred Chagnon
Principal research Director, Core Infrastructure
Info-Tech Research Group
Executive Summary
Your Challenge
Microsoft 365 seems like an inevitability, but it's not as simple as migrating from one version of Office to another. With Microsoft 365, Microsoft is introducing a fundamentally new way of working using tools that are deceptively similar to its on-premises offerings, but which work differently in the cloud. What's different about SharePoint Online? How can I safely enable OneDrive for my end users? What are the implications of moving my users to Teams from Skype for Business?
There's a lot that is new when it comes to Office 365, and it's not always easy to navigate.
Common Obstacle
Microsoft 365 is a lot for most organizations. The number of different features and services that come with even a basic E1 license introduces governance challenges. Chief among these:
- Licensing is complicated.
- No single repository of all available controls.
- Integrations and dependencies between the different services are not always obvious.
- Building out governance in a new environment is not always easy.
Info-Tech's Approach
Microsoft 365 may be big and different, but it's not impossible to implement well. Consider these points:
- All controls should be mapped to governance areas, which should be mapped to governance disciplines. You must be able to draw a line between a control and what it will help you to accomplish.
- The cloud is different. You should do things differently. Leverage its strengths; obviate its weaknesses. While your goals may not change, the way you accomplish them will.
Info-Tech Insight
Microsoft 365 isn't inherently better or worse than Office CALs. It comes with some additional features, and likely some additional cost, and reduces your overall control over your environment while enabling cloud features such as easy remote access and elasticity. If it's right for you, you'll be able to take advantage of its features. But it may not be right for you.
You need to get this right
Odds are, you already have a Microsoft footprint. If you're not already in Microsoft 365, it may well be on the roadmap.
Like it or not, Microsoft is a behemoth in the office suite market. Google (the next largest provider) is growing, but Microsoft continues to hold more than 85% of the overall market. Its dominance has filtered into other areas, and for many organizations the question isn't “what product should we buy?” it's “what's the next step in our relationship with Microsoft?” Right-sizing your Office deployment, getting licensing in order, and planning for a smooth rollout of Microsoft 365 have all become central to modernizing productivity and collaboration environments. Once your tenant is in place, ensure you're using it as effectively as possible and that end users understand any trade-offs and benefits that come with such a substantial revision of how IT services are delivered.
258,000,000
Monthly active users as of October 2021
MS FY20 Q1 Earnings call
87.5%
Microsoft's share of the office suite market
CIO Dive, 2020
595,935
Number of American companies using Office 365
Statista, 2020
Microsoft 365 Governance Framework
Balance Risk Reduction Controls With Work Enablement to Achieve Corporate Goals
GOVERNANCE CASCADE
Governance Objectives
At the highest level of abstraction, a governance objective enables a goal.
Corporate Goals
Use Microsoft's governance disciplines to generate your own governance objectives and apply them to the three work enablers.
Example Corporate Goals:
- Increase revenue
- Expand globally
- Cut costs
Priorities
Derived from the interaction between governance objectives and focus areas.
Five Disciplines of Cloud Governance
- Cost Management
Build out cost control policies. - Deployment Acceleration
A standard approach to deployment will speed it up. - Resource Consistency
Consistently configure resources to limit risk relating to the instantiation and management of workloads. - Security Baseline
Use governance policies to enforce policies across the cloud environment. - Identity
Consistently apply identity requirements for optimal security.
Work Enablers
- Productivity
Creation-focused services that generate portable artifacts. - Content Management
Services that allow users to sort and access content. - Collaboration
Services that allow users to work together to accomplish corporate goals.
Refined Governance Priorities
Example Refined Governance Priorities:
- Enable access to content based on need
- Leverage integration across the suite
- Use standard templates for collaboration groups
- Make productivity tools available by default
Controls
At the service level, governance principles take the form of specific controls.
Controls
Controls should all map to a broader organizational goal. If you want to implement a control but can't figure out why, reconsider said control.
Ensure that every control cascades down from your overall governance objective, which is important.
Example Controls:
- Limit external sharing
- Prevent users from creating SharePoint sites
- Disable third-party applications in Teams
- Sign out inactive users
- Mark new files as sensitive by default
- Prevent users from syncing OneDrive contents to their desktops
- Control access to SharePoint/OneDrive based on network location