Create an Office 365 tenant, synchronize active directory, migrate mail and sites and you’re all set, right?
This post was previously published here.
Create an Office 365 tenant, synchronize active directory, migrate mail and sites and you’re all set, right? While consulting in the Office 365 space I continue to encounter clients who are either misinformed or completely uninformed about the breadth of decisions that are required to implement this cloud solution. Office 365 is not a single decision (i.e. let’s move to the cloud), rather a vast array of decisions most of which affect not only your IT staff but your end users and budgets as well. At Centric Consulting, we ask all of the questions required to help our clients successfully implement a cloud solution like Office 365; some of those questions are listed below to show the diversity of topics an implementation effort of this scale requires.
Which Office 365 features are you planning to use?
Some of the available features that will require decisions are as follows:
- Office current version
- Mobile Device and Application Management
- Information Retention and Management
- Azure Active Directory
- Multi-factor authentication
- External Sharing
- Rights Management
- Outlook Groups
Is your network prepared?
Does your network have the capacity to migrate existing mailboxes and identities to the cloud while continuing day-to-day business without performance issues? Will that still be the case when users begin to synchronize their OneDrives, too? Before you start migrating users, be certain your network is prepared by using Microsoft’s tools for Planning and Performance.
How will you manage identities?
In most cases Centric Consulting has found that companies are synchronizing their on-premises Active Directory, but is that enough? If users have to sign in multiple times they will not use the solution; be prepared for federation. Standard Azure Active Directory may not provide all the features you need for identity and security management. A third-party identity provider solution can also be used to federate with Office 365.
How will you manage mobile and application access?
We have also found that most of our clients cannot meet their company’s security requirements surrounding mobile device management using the default settings in Office 365. Look to Microsoft’s Enterprise Mobility Suite for enhanced mobile security features.
Who will support Office 365?
The most underestimated and under-planned-for category of decisions is around who will support what parts of the Office 365 platform. Read what administration roles are available at the platform level alone to get a better idea of this undertaking. Along with help desk, business analyst roles, developers and other subject matter experts the support organization will require retraining or repurposing of existing staff and/or new hires, some of whom are difficult to find.
How will your users learn?
Most companies discover the questions they forgot to answer when their users locate and begin to use features for which no one planned. In order to avoid shadow training and hacks that users will find on their own, as well as the security of the company’s data, plan for training: not once, but continuously. The Office 365 platform is more fluid than static, and changes realized by the support team can be passed on to the training team for dissemination to users.
How will you manage change?
As mentioned, Office 365 is in a nearly constant state of flux with platform updates anticipated quarterly and additional feature updates on varying schedules. Managing the Office 365 Roadmap and the administration console message center are a requirement along with a governing body. A governance or steering committee will review current policies and the need for new policies. This committee should meet on a regular basis and include stakeholders not only from IT but from the businesses as well. This is vital to the overall management of the platform as well as user satisfaction.
I will repeat that this is in no way a comprehensive list of questions, nor will it get you on your way to purchasing, configuring or supporting Office 365. Rather, this is meant to illustrate the breadth of questions that need to be answered and some of the topics that need to be discussed before deciding to make a leap into the cloud.
How do you select the correct synchronization and authorization strategy for Office 365?
A couple of the questions we get asked frequently are, “What is the difference between a cloud account and an on-premises account,” and “What type of cloud authentication should I use?” These are valid questions in light of the many, and often confusing, options available.
The account differentiation is clear:
- A cloud account is a user account whose entire lifecycle is in the cloud, where provisioning, deprovisioning, and any user or admin maintenance takes place
- An on-premises account is a user account whose lifecycle is managed completely on-premises, in active directory or a third-party identity provider
- A hybrid account is a user account whose lifecycle begins on-premises where it is created, managed, and synchronized to Office 365, but depending on the type of synchronization, may have some administration tasks performed in the cloud and synchronized back to on-premises
What isn’t always clear is the synchronization type. Azure AD Connect allows a number of different options to keep users from having to enter credentials while working on the corporate network and entering them again when connecting to Office 365. Here are the types of synchronization available for use with Office 365.
- Cloud Only – usually used in smaller organizations with little to no on-premises network and no desire to add infrastructure
- Password Synchronization with Password Hash – any size organization with on-premises Active Directory willing to synchronize passwords (via hash) with Office 365
- Password Synchronization with Pass-Thru Authentication – any size organization with on-premises Active Directory and wanting authentication to be performed on-premises and security tokens only passed to Office 365
- Federation – usually larger organizations with ADFS already in place, willing to put the additional infrastructure in place, or using a third-party identity provider.
Hopefully these will help you understand what types of accounts and what types of synchronization are available, if at a high level.
A paper released earlier this year by Microsoft France further illustrates the synchronization options through the table below.
Table courtesy of Microsoft France; Authors: Philippe Beraud, Jean-Yves Grasset (Microsoft France); Contributors/Reviewers: Daniel Pasquier (Microsoft France), Philippe Maurent (Microsoft Corporation)
I hope this helps and thank you for stopping by. Come see us @Centric Consulting on Twitter or the Centric Website.
The very popular phrase “digital workplace transformation” is without doubt underselling the actual task.
The very popular phrase “digital workplace transformation” is without doubt underselling the actual task. You cannot undergo this transformation using the same knowledge with which you currently operate, and realize a high degree of success.
“We can’t solve problems using the same kind of thinking we used when we created them.”
Depending on the size of your organization, you are likely to remain in large part a hybrid operation between cloud and on-premises technology. That’s fine, but if you are a large or global organization, this is not the whitewater you want to raft alone and without a helmet. You will need help, and that is not fake news.
Supporting the essential offerings in Office 365 — Exchange, SharePoint, Skype — is not altogether different from supporting the local server versions you currently use. Transitioning them is easy and secure without much customized knowledge.
But Office 365, like others, is a platform; supporting or transitioning those three applications isn’t really that important in the overall corporate transformation. Those applications are all intersected by other, more collaborative pieces of SaaS: Teams, OneDrive, Delve, etc. being the most notable. You know the ingress and egress of data in your organization but those endpoints triple and quadruple in a cloud offering and will continue to include your existing shadow IT.
Here’s just the beginning on who and what will need to be involved if your transformation is to succeed:
- Local infrastructure – Active Directory, Server, Firewall, Network, Email, SharePoint, Skype
- Local Software – Office versions, internally developed, 3rd party for HR and the like
- Human Resources
- Corporate Communications, Governance, and Policymakers
- Corporate Security
- Business Unit Representation
- Training and Development
- Office 365 Platform team
- Office 365 Strategy and Operations teams
That’s just to get started. The overall transformation is a business-wide endeavor and requires much more than a few members of your technical IT staff and a couple of weeks to make you successful. You aren’t just updating or moving operations, you are transforming them and impacting everyone in the organization in ways that you may not even be aware of yet.
To be successful, you will have to merge your skilled, current staff with a team of skilled Office 365 transformation staff. My colleagues and I have been transforming businesses to digital operations for many years. Let me know if we can help you too.
Thank you for stopping by!