Microsoft 365: is the tail wagging the dog?

Have you given people too many Microsoft 365 apps?

A single, common toolset will avoid problems later

Microsoft 365 contains more than 30 different applications and within every licence, there will be bundled applications that are not necessary, or more importantly, aren’t necessary for everyone.

This myriad of applications can act as a type of ‘shadow IT’ within 365 and, if used without planning, run out of control, compromising IT security and integrity. The IT team needs to manage monitoring, updates and backups, which is impossible if they don’t know who is using which applications. In addition, ‘unauthorised’ applications can cause difficulties with compliance and interoperability, slowing down more important apps and IT processes.

Information in the wrong place

At one business we recently carried out an IT Strategic Review and discovered Yammer (Microsoft’s intranet solution from yester-year) was being used by members of the finance team to store HR information. 

A new member of the team had used it in a previous job and so quickly set up a place to share information with the team. 

The review of IT use across the business revealed confidential personnel records were accessible by everyone in the business. What’s more, employment contracts had been stored but the data was not being backed up.  The biggest issue was that a new island of data had been created, not easily found by the people who actually needed it but more seriously, accessible to people who most definitely should not see it.  A compromise to security, compliance and ethics.

Access to applications in the Microsoft 365 site, or features within applications, can be controlled either by group or individual. The roll-out of Teams, especially, needs to be planned so that file-sharing can be managed safely and progressively.

Don’t let the tail wag the dog

In another example, at a college, the students and staff had separate Office 365 tenants. Yammer had moved from being a separate application to an app sitting inside Office 365. The students found they could create new groups and message everyone that group. Every group created appeared in 365. 

Needless to say, much of the commentary was inappropriate and, on occasions, offensive. When they tried to amend the administration, the IT team found that they couldn’t get into the Students’ Yammer admin pages as they were still separate to the College’s 365 pages.

The IT team concerned ended up having to create a fake account in the Student 365 tenant, elevate its rights to ‘admin’ and regain admin control of Yammer. A case of breaking back into your own house.

These stories had happy endings but are examples of people assuming, fairly reasonably, that just because it’s available, they should be using everything in the Microsoft 365 suite.

Disabling new features prior to general release can prevent this kind of shadow IT from taking hold. As a guiding principle, ‘less is more’ is a good one.

“Focus as much as possible on a single common toolset that everyone knows how to use” Adam Plevin, Consultant IT Director

 Strategic IT Review

If you’ve got a sense that people are using multiple applications and storing data inefficiently or worse, insecurely, you may want to consider a Strategic Review of IT.

It can be a useful step for anyone who’s rolled out remote working in a hurry, has implemented Microsoft 365 but needs to streamline or integrate or is just unsure about what they’ve got and how it’s all being used.

It provides the information you need to make changes whether that’s drive adoption of new technology, streamline use of applications or review security and governance.  Having all the relevant information helps you plan for change from a position of strength.

Boardroom Briefing M365: It's time for some paranoia

This post is an extract from our recent Boardroom Briefing, Microsoft 365: it’s time for some paranoia.  In this paper we suggest five areas where you could be saving money, tightening security or improving your back-up and business continuity processes.  Get the full briefing here

The Boardroom Briefing

Management teams are more conscious than ever of the importance of IT to their success, but less sure of how it works in their business. This is partly a matter of benchmarks: what measures do we have in place, what do we need and how do we judge? But it’s also a matter of instinct: ‘I know it’s developing all the time; I need to understand more than I do; I’m not sure it’s right, but I don’t know where to start’.

Our ‘Boardroom Briefing’ series is designed to provide CEOs, Operations and Finance Directors with insights into information technology that will help them to ask the right questions. It is based on the experience and knowledge of our technicians. Some of the language is necessarily technical but, we hope, not just jargon.

The Boardroom BriefingInsights for Finance Directors and CEOS

The Boardroom Briefings are written for Finance Directors and CEOs who want insights into how they should be evaluating IT provision in their business. These are some of the questions we’d expect you to be asking us or your current IT provider.

Microsoft 365: It’s time for some paranoia

You’ve got Office 365 in your business, but is it being properly used?  In this briefing we offer five challenges a healthily paranoid executive should be worrying about with regards to their investment, their security and their productivity.

Boardroom Briefing M365