Microsoft’s Office 365, now called Microsoft 365, hit 200 million monthly active users late in 2019 – that’s a lot of businesses using a lot of cloud computing. It also means that there’s a pressing need for good governance in Office 365 in the new decade. All those millions of employees working for all those hundreds of thousands of companies need an effective cloud governance policy to ensure their environment is managed safely and professionally. Cloud governance success lies in the planning.
If your organization has migrated from an on-premises environment to Office 365, the governance policies you had before won’t be appropriate for the context of the cloud. Let’s look at why cloud governance is important, and what you can do to ensure it is implemented correctly.
Governance defines the responsibilities and processes that ensure an IT platform is managed securely and in an organized manner. It defines who is accountable for what, when and how content will be stored, the level of permissions that will be implemented and the defining of document retention guidelines. On-premises and cloud governance have a lot in common on a high level. However, certain aspects of Office 365 (outlined below) make governing the platform quite different.
Office 365 is updating on an almost daily basis. This means Microsoft can and will add new features frequently to the platform, and sometimes introduce entire new products overnight. You will therefore have to manage this constant flux in a way you didn’t have to on-premises. You will have to decide which new products and features you will use as they are rolled out (see the Office 365 Roadmap here), and will also have to decide on a training plan for new features.
On-premises, you paid for a fixed number of licenses. However, because Office 365 is subscription-based, the dynamic is totally different. You’ll need to prepare for the flexible increase and decrease in the number of licenses you use. For instance, it’s easy in Office 365 to add or remove users. The problem is, many organizations forget to delete accounts that are not in use and end up paying too much.
A great feature of Office 365 is that it’s easy to share content externally. But in terms of cloud governance, that’s potentially a big risk. You need to have a plan to track and watch what people are sharing, and also to decide what is or isn’t permitted.
Customizations are also very different in the cloud. Certain kinds of (more dangerous) customizations are simply not permitted in the cloud, which is great because it means most businesses are safer. However, there are also new risks. Some third party apps introduce security problems, and unsafe add-ins built in-house will also produce problems. It’s important to construct a solid framework.
In many respects, cloud governance is similar to on-premises. But differences like those listed above underscore why you need to fully educate yourself around governance in the cloud to make sure you are compliant in your new environment. Let’s look at our four key steps for better cloud governance.
You need to set up a process where all changes to the architecture around content need approval. You need to have a process in place that requires experienced members of staff who can decide what your information architecture will be to sign off on new libraries and even Sites in SharePoint Online.
Office 365 lets you introduce new customizations in several ways. You can produce your own in-house customizations or implement add-ins from third parties. Good governance is all about managing these customizations and making sure they operate as intended, so it is highly advisable to test the quality of any code you deploy in Office 365.
Over time you will amass a lot of documents, files and customizations. Oftentimes, these will have been relevant once, but rarely – if ever – used any more. You therefore need to set up a cloud governance policy which ensures timely deletion of archiving to somewhere cheaper.
The final stage in cloud governance is security. You need to implement a governance policy that clearly defines storage locations for certain types of data, and who has permission to access it. You need to report violations against these policies. You need to record and track who accesses content and how they share it externally. Part of your process should involve monitoring unusual external sharing to ensure staff only share documents that they are allowed to.
Rencore Governance is one such tool that helps you keep track of what is happening in Office 365, SharePoint Online, Teams, Power Platform and Azure. It continuously monitors your tenant, runs all activity against standard or tailored policies and reports on all violations against those policies. The tool will then allow you to take necessary steps to manually or automate actions to solve those issues.
While Microsoft takes the responsibility for managing some of the infrastructure capabilities of Office 365, it doesn’t mean you can forget about cloud governance. To be successful in the cloud, you should aim to develop policies that reflect the changing tools and features of Office 365 and which also fit around the needs of your organization and your users.
If you are looking for a comprehensive guide to help you govern Microsoft 365, I recommend reading the Essential Cloud Governance Planning: Keep Microsoft 365 Decluttered whitepaper. It’s free and addresses how to handle ever-growing office 365 tenants in the cloud.