Microsoft Office 365 is a dynamic, cloud-based subscription service that marries a range of tools for the way people work today. Microsoft’s best-in-class applications—coupled with powerful cloud services—let anyone create and collaborate anywhere, on any device.
At its heart, Office 365 (O365) is designed for collaboration. Team chat, online meetings, co-authoring and secure file share, group email, and social network are cornerstones to O365.
In addition, Microsoft takes security and compliance to a new level. You have more control with built-in privacy, transparency, and refined user controls. O365 is the most secure Office ever.
O365 also incorporates powerful intelligence and analytics. Data monitoring and personal and organizational analysis tools help you discover data with interactive reports, dashboards, and visualizations.
O365 also empowers your teams to stay connected and productive from anywhere. O365 mobile apps can be loaded on any device and allow you to securely view, co-author, and share files in the cloud. You can access content, hold conversations, view and perform tasks, and schedule from any mobile device.
Sounds pretty good!
Hundreds of millions of subscribers agree and have made Office 365 a can’t-live-without tool for their businesses and personal lives. When you’re viewing the sales and subscription material, it feels like it does it all.
Get a subscription and you’re good to go.
That’s the perception.
The reality is there are two critical categories that Office 365 doesn’t address.
This discussion isn’t geared toward explaining the tools, but rather a simplistic idea of what’s needed if you elect to use them.
- The Office 365 suite of apps incorporates several powerful tools that need to be configured and managed—they can’t be used “right out of the box” for their full advantages. Your needs and approach will impact which Microsoft licenses you’re buying. Many of these are security tools that can help keep your organization protected against threats.
- There are critical add-on tools and apps not found in Office 365 that warrant serious consideration if you’re all-in on Office 365.
Extra Effort You’ll Need to Spend Within Office 365
Office 365 Reporting: An O365 administrator can view reports on how your organization is using O365 services. To track usage, the administrator needs to periodically run reports, create an adoption plan, and help administer it.
O365 Security and Compliance Reporting: there are ongoing actions that you need to take to stay up on this. It needs to be viewed on a frequent basis.
O365 Secure Score: Secure Score is an important measure of how your organization is doing as you continue to secure your organization. It needs to be viewed on a regular basis. You’ll need to establish a set of security priorities and understand that the actions you take may impact your Microsoft licensing.
Exchange Online Protection: You’ll need to configure these tools as part of your security plan.
Domain Keys Identified Mail (DKIM): You’ll need to enable and configure DKIM to ensure that destination email systems trust messages sent from your domain.
Microsoft Data Loss Prevention (DLP): you’ll need to establish your DLP mail flow rules to the conditions, actions, and exceptions that filter messages and attachments based on their content.
Microsoft Sender Policy Framework (SPF): SPF needs to be configured as another measure to ensure that destination email systems trust messages from your domain. This is done in concert with DKIM.
Microsoft Advanced Threat Protection (ATP): ATP is part of your threat management and tracking. In addition to setting it up, ATP will generate actionable items and is related to your threat response planning. There are real-time reports, investigation, remediation, and education activities that require your efforts. There are a couple of different ATP Plans. Depending on your needs and the licensing you have, you may need to purchase additional licensing. ATP is a powerful set of tools and needs ongoing care.
Safe Links: Safe Links are part of ATP and protects users from malicious URLs. This will need to be set up.
Safe Attachments: This is also part of ATP and protects against unknown malware and viruses (day zero protection). This needs to be set up as part of ATP.
Microsoft Enterprise Mobility Suite: Although EMS is not a standard part of most O365 licenses, many organizations understand the value that the EMS toolset provides. The setup and management of EMS is significant and requires a skilled engineer well versed in both Microsoft and security concepts.
Multi-Factor Authentication (MFA): MFA can be part of Azure Active Directory or EMS and helps safeguard access to data and applications through a simple sign-on process. If MFA is added to your O365 environment, it will require both setup and on-going maintenance.
Azure Information Protection (AIP): AIP is an add-on for O365 that allows protection from unauthorized internal and external access to your valuable information. If you elect to add these tools, policies will have to be setup and maintained.
Teams: Teams is built into Office 365 subscriptions. It a hub for collaboration between different O365 applications. Teams is a very robust and rich resource. Setting up and training your employees to use Teams consistently and within your policy framework is time consuming.
Services to Consider in Addition to Office 365
There are elements needed for Office 365 that can greatly enhance the security or adoption of O365. You can operate your organization without any of these, but you may find them highly desirable. This is by no means a comprehensive list, but I do want to highlight a couple of technologies that are very popular.
User Training and Adoption: Microsoft has some very good training aids to get your users up to speed within O365. O365 Reporting can be used to identify how the applications are being used. There are some third-party applications (i.e. Brainstorm) that can take training and adoption to the next level. These tools will much more rapidly help you maximize your O365 investment and increase the productivity of your employees. Adding a training and adoption tool requires an administrator for on-going setup, management and reporting.
O365 Cloud Protection: Microsoft does an outstanding job replicating your data within their Cloud, but that’s not the same as a backup. If your O365 data is corrupted, lost, or compromised (e.g. ransomware). There are several organizations that provide data security separate from O365 to insure privacy, security, governance and informational integrity. We highly recommend them to our clients, but they, too, require setup and administration if they’re going to be useful.
So, What Now?
The point of this blog is to illustrate there is setup and management required if you want to run Microsoft Office 365 correctly. Microsoft does a fantastic job bringing O365 to market and delivering on an exceptionally powerful set of applications, but there always appears to be a perception that O365 is an “install and forget” technology. As a Microsoft Gold partner supporting many clients running O365, we’re amazed at how frequently customers are shocked there’s more to do after the initial installation.
Some of our larger clients can dedicate manpower from their IT staff to perform the functions I’ve illustrated earlier. Some choose to hire a service provider to do it for them. Our smaller clients often struggle with how to address their ongoing O365 care and feeding. They often lack the technical skills, but it’s just as likely they don’t have the time to do it. There’s a discipline and consistency required. If you can’t invest the time needed, you may want to consider a service provider to help.
Tim Krueger, PEI