Get Instant Access
to This Blueprint

Infrastructure Operations icon

Govern Microsoft 365

You bought it. Use it right.

Microsoft 365 seems like an inevitability, but it’s not as simple as migrating from one version of Office to another. With Microsoft 365, Microsoft is introducing a fundamentally new way of working using tools that are deceptively similar to its on-premises offerings but which work differently in the cloud. What’s different about SharePoint Online? How can I safely enable OneDrive for my end users? What are the implications of moving my users to Teams from Skype for Business?

There’s a lot that is new when it comes to Microsoft 365, and it’s not always easy to navigate.

Our Advice

Critical Insight

Map your organizational goals to the administration features available in the Microsoft 365 console. Your governance should reflect your requirements.

Impact and Result

The result is a defined plan for controlling Microsoft 365 by leveraging hard controls to align Microsoft’s toolset with your needs and creating acceptable use policies and communication plans to highlight the impact of the transition to Microsoft 365 on the end-user population.


Govern Microsoft 365 Research & Tools

1. Govern Microsoft 365 – Understand the challenges posed by governing Microsoft 365 and the necessity of deploying proper governance.

Governing Microsoft 365 is a key step to making your tenant safe and have meaningful guardrails in place. Develop a list of organizational goals that will enable you to leverage the Microsoft 365 toolset to its fullest extent while also implementing sensible governance. By completing this blueprint, you will be able to set the controls for Microsoft 365 that align to your business goals.

2. Microsoft 365 Capability Assessment Tool – Build a plan for migrating to Microsoft 365.

Complete your Microsoft 365 capability assessment to determine your licensing needs.

3. Control Your Microsoft 365 Environment – Use Info-Tech's toolset to build out controls for OneDrive, SharePoint, and Teams that align with your organizational goals as they relate to governance.

Complete the control map that aligns to your priorities based on your defined goals.

Create acceptable use policies not supported by the hard controls in the control map tool set.

4. Microsoft 365 Communication Plan Template – Communicate the results of your Microsoft 365 governance program.

Using the Communication Plan Template, customize your communications to meet your organizational needs for One Drive, SharePoint, and Teams.


Member Testimonials

After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve. See our top member experiences for this blueprint and what our clients have to say.

9.4/10


Overall Impact

$17,787


Average $ Saved

18


Average Days Saved

Client

Experience

Impact

$ Saved

Days Saved

Vancouver Public Library

Guided Implementation

8/10

$2,000

5

It was extremely helpful to have the framework of mapping controls to priorities and the lists of controls for Teams, OneDrive and Sharepoint. I s... Read More

Champaign Residential Services Inc

Guided Implementation

10/10

$2,599

2

John is an amazing resource. Thank you for all of your help!

Champaign Residential Services Inc

Guided Implementation

10/10

$2,599

2

Thank you for all of your help John! You took something that was completely overwhelming and helped us break it down into more digestible chunks.

Government of Bermuda

Guided Implementation

8/10

N/A

N/A

This was a great meeting.

Smile Train

Guided Implementation

10/10

$2,599

5

John's knowledge and insights into the Microsoft products

Huron County

Guided Implementation

9/10

$17,500

20

Best - friendly, timely, knowledgeable advice and information. Worst - nothing comes to mind, other than the out-of-reach subscription cost for t... Read More

Canada Border Services Agency

Workshop

9/10

N/A

N/A

The facilitator created an engaging and interactive environment, presented relevant content using various techniques, encouraged participation, pro... Read More

Champaign Residential Services Inc

Guided Implementation

10/10

N/A

N/A

This gave us a lot to think about and even more to read :-) PJ was great, and we look forward to working with him more once we get closer to starti... Read More

Town Of Whitby

Workshop

10/10

$10,000

20

Jeremy was a great SME and facilitator. The group collaboration and team understanding that was built was priceless. Great investment of resoruces.... Read More

Corvias Group

Guided Implementation

10/10

$12,999

10

Great intro to a topic our IT operations are beginning to focus

Kappa Delta Sorority

Guided Implementation

10/10

N/A

5

Receiving good feedback about our current situation and recommendations for options for our future state.

SSFM International

Workshop

10/10

$32,499

16

Jeremy was very pleasant to work with. He is well versed of the topic and facilitated with great examples and insights of our business pursuits. ... Read More

Government of Nunavut

Workshop

9/10

$75,000

50

Estimates for time and cost are really a best guess. The workshop helped put some focus to our team in discussing the whole O365 Governance. We h... Read More

Bermuda Monetary Authority

Guided Implementation

9/10

$11,339

10

Saskatchewan Workers Compensation Board

Guided Implementation

10/10

$10,000

2

John provided practical advice on data classification and on M365 controls that will get us to implementation faster.

City of Rohnert Park

Guided Implementation

7/10

N/A

1

The Saskatchewan Liquor and Gaming Authority

Guided Implementation

9/10

$5,000

5

Jeremy had a lot of knowledge regarding the subject and was able to answer all of the questions that we threw at him. He also provided detailed no... Read More

Akin Gump Strauss Hauer & Feld LLP

Workshop

10/10

$20,159

10

Scheduling of workshop can be optimized and be easy for customers. We had few scoping calls instead one. ... Read More

Government of Yukon

Workshop

10/10

$75,000

90

Jeremy and Ibrahim were extremely knowledgeable about 365 and able to answer our questions or find an answer to our questions. They were adaptable ... Read More

Rosens Diversified

Guided Implementation

10/10

$29,609

60

Hit the nail on the head. The worksheet is exactly what I was looking for. This worksheet will help to eliminate the guesswork on mapping security ... Read More

Ottawa Police

Guided Implementation

9/10

$10,000

10

Jeremy has been very helpful in implementing Office 365 Control Maps to assist us in our governance initiative for Office 365

Open Text Corporation

Guided Implementation

10/10

$30,999

20

The Govern O365 research helped us to quickly review our data and privacy controls. In our continuous efforts to deliver a reliable and secure mes... Read More


Workshop: Govern Microsoft 365

Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

Module 1: Define Goals

The Purpose

  • Develop a plan to assess the capabilities of the Microsoft 365 solution and select licensing for the product.

Key Benefits Achieved

  • Microsoft 365 capability assessment (right-size licensing)
  • Acceptable Use Policies
  • Mapped Microsoft 365 controls

Activities

Outputs

1.1

Review organizational goals.

  • List of organizational goals
1.2

Evaluate Microsoft 365 capabilities.

1.3

Conduct the Microsoft 365 capability assessment.

1.4

Define user groups.

1.5

Finalize licensing.

  • Targeted licensing decision

Module 2: Build Refined Governance Priorities

The Purpose

  • Leverage the Microsoft 365 governance framework to develop and refined governance priorities.
  • Build a SharePoint acceptable use policy and define SharePoint controls.

Key Benefits Achieved

  • Refined governance priorities
  • List of SharePoint controls
  • SharePoint acceptable use policy

Activities

Outputs

2.1

Explore the Microsoft 365 Framework.

2.2

Conduct governance priorities refinement exercise.

  • Refined governance priorities
2.3

Populate the Microsoft 365 control map (SharePoint).

  • SharePoint control map
2.4

Build acceptable use policy (SharePoint).

  • Sharepoint acceptable use policy

Module 3: Control Microsoft 365

The Purpose

  • Implement governance priorities for OneDrive and Teams.

Key Benefits Achieved

  • Clearly defined acceptable use policies for OneDrive and Teams
  • List of OneDrive and Teams controls

Activities

Outputs

3.1

Populate the Microsoft 365 Control Map (OneDrive).

  • OneDrive controls
3.2

Build acceptable use policy (OneDrive).

  • OneDrive acceptable use policy
3.3

Populate the Microsoft 365 Control Map (Teams).

  • Teams controls
3.4

Build acceptable use policy (Teams).

  • Teams acceptable use policy

Module 4: SOW Walkthrough

The Purpose

Build a plan to communicate coming changes to the productivity environment.

Key Benefits Achieved

Communication plan covering SharePoint, Teams, and OneDrive

Activities

Outputs

4.1

Build SharePoint one pager.

  • SharePoint one pager
4.2

Build OneDrive one pager.

  • OneDrive one pager
4.3

Build Teams one pager.

  • Teams one pager
4.4

Finalize communication plan.

  • Overall finalized communication plan

Module 5: Communicate and Implement

The Purpose

  • Finalize deliverables and plan post-workshop communications.

Key Benefits Achieved

  • Completed Microsoft 365 governance plan
  • Finalized deliverables

Activities

Outputs

5.1

Completed in-progress deliverables from previous four days.

  • Completed acceptable use policies
  • Completed control map
  • Completed communication plan
  • Completed licensing decision
5.2

Set up review time for workshop deliverables and to discuss next steps.

5.3

Validate governance with stakeholders.


Govern Microsoft 365

You bought it. Use it right.

Analyst Perspective

You must govern Microsoft 365, or it just won't work.

Microsoft 365 is not an IT project. Some might think upgrading an email service or changing the service model for productivity software is something that IT should handle on its own. But Office 365 is such a massive undertaking that this simply isn't possible.

Microsoft 365 is about more than just delivering the same experiences in a different way. It brings additional capabilities at additional cost. If those capabilities are worth it, everyone – not just IT – needs to work together to realize those benefits.

IT needs to empower users while protecting the interests of the business and reducing risk insofar as is possible. Too often IT leaders interpret this as “locking down” their Microsoft 365 tenant. I think this is the wrong approach. Articulate your goals, identify how Microsoft 365 can meet them, and balance those capabilities with governance. Use the resulting principles to build out targeted controls that will help you be the enabler your business needs you to be.

It's that easy!

Fred Chagnon
Principal research Director, Core Infrastructure
Info-Tech Research Group

Executive Summary

Your Challenge

Microsoft 365 seems like an inevitability, but it's not as simple as migrating from one version of Office to another. With Microsoft 365, Microsoft is introducing a fundamentally new way of working using tools that are deceptively similar to its on-premises offerings, but which work differently in the cloud. What's different about SharePoint Online? How can I safely enable OneDrive for my end users? What are the implications of moving my users to Teams from Skype for Business?

There's a lot that is new when it comes to Office 365, and it's not always easy to navigate.

Common Obstacle

Microsoft 365 is a lot for most organizations. The number of different features and services that come with even a basic E1 license introduces governance challenges. Chief among these:

  • Licensing is complicated.
  • No single repository of all available controls.
  • Integrations and dependencies between the different services are not always obvious.
  • Building out governance in a new environment is not always easy.

Info-Tech's Approach

Microsoft 365 may be big and different, but it's not impossible to implement well. Consider these points:

  1. All controls should be mapped to governance areas, which should be mapped to governance disciplines. You must be able to draw a line between a control and what it will help you to accomplish.
  2. The cloud is different. You should do things differently. Leverage its strengths; obviate its weaknesses. While your goals may not change, the way you accomplish them will.

Info-Tech Insight

Microsoft 365 isn't inherently better or worse than Office CALs. It comes with some additional features, and likely some additional cost, and reduces your overall control over your environment while enabling cloud features such as easy remote access and elasticity. If it's right for you, you'll be able to take advantage of its features. But it may not be right for you.

You need to get this right

Odds are, you already have a Microsoft footprint. If you're not already in Microsoft 365, it may well be on the roadmap.

Like it or not, Microsoft is a behemoth in the office suite market. Google (the next largest provider) is growing, but Microsoft continues to hold more than 85% of the overall market. Its dominance has filtered into other areas, and for many organizations the question isn't “what product should we buy?” it's “what's the next step in our relationship with Microsoft?” Right-sizing your Office deployment, getting licensing in order, and planning for a smooth rollout of Microsoft 365 have all become central to modernizing productivity and collaboration environments. Once your tenant is in place, ensure you're using it as effectively as possible and that end users understand any trade-offs and benefits that come with such a substantial revision of how IT services are delivered.

Logos for Microsoft 365 and its individual apps.

258,000,000
Monthly active users as of October 2021
MS FY20 Q1 Earnings call

87.5%
Microsoft's share of the office suite market
CIO Dive, 2020

595,935
Number of American companies using Office 365
Statista, 2020

Microsoft 365 Governance Framework

Balance Risk Reduction Controls With Work Enablement to Achieve Corporate Goals

GOVERNANCE CASCADE

Governance Objectives
At the highest level of abstraction, a governance objective enables a goal.

Corporate Goals

Use Microsoft's governance disciplines to generate your own governance objectives and apply them to the three work enablers.

Example Corporate Goals:

  • Increase revenue
  • Expand globally
  • Cut costs


Priorities
Derived from the interaction between governance objectives and focus areas.

Five Disciplines of Cloud Governance

  • Cost Management
    Build out cost control policies.
  • Deployment Acceleration
    A standard approach to deployment will speed it up.
  • Resource Consistency
    Consistently configure resources to limit risk relating to the instantiation and management of workloads.
  • Security Baseline
    Use governance policies to enforce policies across the cloud environment.
  • Identity
    Consistently apply identity requirements for optimal security.

Work Enablers

  • Productivity
    Creation-focused services that generate portable artifacts.
  • Content Management
    Services that allow users to sort and access content.
  • Collaboration
    Services that allow users to work together to accomplish corporate goals.

Refined Governance Priorities

Example Refined Governance Priorities:

  • Enable access to content based on need
  • Leverage integration across the suite
  • Use standard templates for collaboration groups
  • Make productivity tools available by default


Controls
At the service level, governance principles take the form of specific controls.

Controls

Controls should all map to a broader organizational goal. If you want to implement a control but can't figure out why, reconsider said control.

Ensure that every control cascades down from your overall governance objective, which is important.

Example Controls:

  • Limit external sharing
  • Prevent users from creating SharePoint sites
  • Disable third-party applications in Teams
  • Sign out inactive users
  • Mark new files as sensitive by default
  • Prevent users from syncing OneDrive contents to their desktops
  • Control access to SharePoint/OneDrive based on network location

You bought it. Use it right.

About Info-Tech

Info-Tech Research Group is the world’s fastest-growing information technology research and advisory company, proudly serving over 30,000 IT professionals.

We produce unbiased and highly relevant research to help CIOs and IT leaders make strategic, timely, and well-informed decisions. We partner closely with IT teams to provide everything they need, from actionable tools to analyst guidance, ensuring they deliver measurable results for their organizations.

MEMBER RATING

9.4/10
Overall Impact

$17,787
Average $ Saved

18
Average Days Saved

After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.

Read what our members are saying

What Is a Blueprint?

A blueprint is designed to be a roadmap, containing a methodology and the tools and templates you need to solve your IT problems.

Each blueprint can be accompanied by a Guided Implementation that provides you access to our world-class analysts to help you get through the project.

Need Extra Help?
Speak With An Analyst

Get the help you need in this 3-phase advisory process. You'll receive 5 touchpoints with our researchers, all included in your membership.

Guided Implementation 1: Define your organizational goals
  • Call 1: Conduct a goals exercise and introduce the capability assessment.

Guided Implementation 2: Control your Microsoft 365 environment
  • Call 1: Refine governance objectives.
  • Call 2: Build out controls (repeat this call for all relevant services).

Guided Implementation 3: Communicate your results
  • Call 1: Formalize governance and build out one pagers.
  • Call 2: Finalize communication plan.

Authors

John Donovan

Jeremy Roberts

Fred Chagnon

Contributors

  • Jorge Carvalho, Collaboration Solutions Architect, LendLease
  • Bryan Mierzejewski, VP, Network & Security Manager, Guilford Savings Bank
  • Charles Nguyen, VP of Strategic Partnerships, NetGovern
  • Chris Kershaw, Manager Enterprise Information Management, Strathcona County
  • Dan Nobles, Senior Systems Specialist, Alabama Department of Environmental Management
  • Harry Fukasawa, Executive Senior Advisor, Mitsubishi Chemical Holdings America, Inc.
  • Joerg Meissner, Sr. Architect Azure/O365, Ovatio Technologies
  • Mathieu Duhamel, IT Application Director, Richter
  • Pankaj Srivastava, JGM, Office of CIO, Nayara Energy
  • Phil Yaghi, Director, Sales Engineering, Hyalto
  • Steven Smith, IT Infrastructure Manager, Seattle Housing Authority
  • One anonymous contributor
Visit our IT Cost Optimization Center
Over 100 analysts waiting to take your call right now: 1-519-432-3550 x2019