Sep 23 2019
Six Biggest Microsoft Office 365 Challenges
How to Overcome Each
While that success is truly stunning, there are tough challenges in ensuring an Office 365 deployment matches a company’s needs. If you are moving to the Microsoft cloud suite, or want your current environment to run safely and smoothly, you must overcome these six Office 365 challenges.
Without handling these six issues, you face up to millions of dollars in unnecessary licensing fees, suffer security vulnerabilities, and fail to maximize the investments in Office 365 productivity tools and capabilities.
On the surface, Microsoft Office 365 is an excellent collaboration and productivity solution. However, Office 365 is not just a service, rather a collection of multiple services (i.e. Exchange, SharePoint, Teams, Flow, etc.). This seems like a trivial point,but the differences between these services, and how they are managed, secured, and adopted, creates substantial risk and slashes your potential reward.
Luckily, there is a new solution addressing these six critical IT Office 365 challenges. Recently IT research giant Gartner named this category of tools “SaaS Management Platforms (SMP)”, an emerging market addressing the complexities of managing a multi-SaaS infrastructure such as Office 365. For details, download the Gartner Market Guide to SaaS Management-Platforms (SMP).
In this paper, we consider these six Office 365 challenges:
- RBAC (Role-Based Access Control)
- License Management
- Provisioning and Deprovisioning
- Misconfiguration (Policy Management)
1. Visibility – Prevent and Fix Problems, Insure Smooth Operation
You can drive a car without a dashboard — but with considerable danger. Without a reliable and comprehensive dashboard, you risk:
- Tickets and Fines: Without a speedometer, you face speeding tickets and accidents.
- Traffic Collisions: If you do not know your tires or brakes are in dangerous shape,
- you can crash.
- Preventative Maintenance: Engines are complex machines. With no dashboard to monitor
- engine vitals, engine failure is not an if, but a when.
- Operating your Office 365 environment without visibility likewise leads to difficulty, including:
- Fines due to noncompliance or running afoul of other government regulations
- Security risks and breaches due to misconfiguration or improper user behavior
- Excessive financial waste due to over-provisioned or inactive licenses
While Microsoft provides some Office 365 deployment information via its API and PowerShell, it is up to an IT admin to collect, aggregate, and utilize such data to properly manage the Office 365 environment. With the Office 365 built-in tools, this takes tremendous manual effort, and the approaches to such data gathering differ greatly from application to application. In the end, IT still lacks comprehensive and actionable results.
That complexity is because Microsoft Office 365 is a multi-SaaS environment, meaning it is a collection of different SaaS services. To gain a full picture, IT must collect data from a variety of sources, often using vastly different collection techniques.
To show what this entails, consider the challenge of running a PowerShell script on a big tenant. In order to collect a subset of configuration information for a single service, it can take more than 24 hours for a successful scan to run (we have seen customers needing 72 hours to collect data following a single PowerShell script).
The Solution – a Single View into Your Entire Office 365 Environment
CoreView offers a single platform approach makes it easy to delegate admin tasks, automate alerts, and facilitate adoption. It offers:
- Administration and Reporting – Manage licenses in Azure with single sign-on, one dashboard, and 200+ out of the box reports.
- Permissions and Delegation – Assign license pools and create remote admins to efficiently manage thousands of users across multiple regions.
- SaaS Product Adoption – Report product usage across a variety of user cross sections and set up email campaigns to drive adoption.
- Accounting and Chargebacks – Filter chargeback costs by department, region or a custom license subpool. Plan budgets with usage data.
- Security and Compliance – Track suspicious sign-ins, email forwards and external server attacks. Get alerts for potential data breaches.
- Hybrid and Cloud – Manage Office 365 solutions across multiple deployment structures, whether cloud or hybrid.
2. Role-Based Access Control (RBAC)
Least privilege’ means restricting access rights for users, accounts, and computing processes to only the resources absolutely required to perform routine, legitimate administrative activities. Least privilege is not new, but was promoted in the US “Department of Defense Trusted Computer System Evaluation Criteria” report in 1985, following recommendations from a task force dedicated to safeguarding classified data.
Least privilege is hard to apply to Office 365 – at least out of the box. There is a limited range of Microsoft Office 365 admin roles, and these lack the flexibility in defining what an admin can (and cannot) do – the precise flexibility leading edge IT organizations absolutely require. Microsoft does offers some pre-made roles to limit admin rights to specific workloads — but not across all workloads.For instance, you can configure an Operator account as an Exchange admin and another account as a SharePoint admin.
The problem is that both types of operators have access to all company users, as well as access to all configuration capabilities for the assigned workload.
This rigid permission model simply does not match the security and operational needs of enterprises.
If you have local support teams across multiple countries, or different support tier teams, you need far more granular permissions to limit their data access. Plus, you should restrict visibility to the appropriate scope, and limit management rights based on their defined responsibility. For instance, the helpdesk should have a more limited set of management actions compared to a second or a third level support team.
The Solution – Fine Tuning Office 365 Admin Permissions and Delegation
CoreView was designed in the trenches by a Microsoft Gold partner and solution provider to improve the manageability and security for its large base of Office 365 clients.
Today, the CoreView set of solutions such as CoreAdmin and CoreSuite, offer a single pane of glass to create, control, and delegate admin permissions across the entire Office 365 set of applications. Instead of using the Microsoft Office 365 Admin Center console, CoreView uses a single Global Administrator account, and then has the CoreView portal grant permissions that are highly granular to administrators within the CoreView hierarchy.
In contrast, the Microsoft Admin Center has different, sometimes vastly different approaches to setting permissions for Office 365. CoreView shields your IT group from all that. Your Office 365 IT manager need not know how the different Microsoft implementations of RBAC work to tightly control access to all the applications in your Office 365 tenant.
Using a simple, intuitive interface, CoreView lets IT segment the Office 365 tenant in myriad ways — for example, by department, business unit, or location. After these groups are set up, IT can dive deeper, using CoreView’s deep RBAC capabilities to define specific permissions for administrators who then can only perform certain tasks — and only against a specific subset of users.
With CoreView, IT can take the entire organization served by Office 365 and break it into logical groups, or sub-tenants, perhaps based on Active Directory (AD) attributes. Once the organization is logically divided, regional admins can be assigned to the sub-tenants.
This granular control over permissions carries over to reporting. Here both the central IT group and regional admins can get reports on what is happening with the local users in the sub-tenant. This level of detail is critical for compliance audits, spotting trends, and troubleshooting.
CoreView further allows you to fine-tune what actions each admin can perform, and which reports they see. Instead of using the Office 365 Admin Center, your administrators simply log into the CoreView portal. Here, they are limited to making changes only to their assigned users, and can only perform actions they are specifically assigned.
Lastly, with CoreView you not only audit end users, but also can track admins. With our 5W Audit approach, we track any administrator activity, and we report WHO has performed a specific action (WHAT), WHEN they did it, and the action’s target (WHERE). In CoreView you can also force the operator to add the reason WHY he performed the action, all of which creates a detailed, insightful admin audit log.
3. License Management – Only Pay For What You Actually Use
A major selling point for deploying workloads to the cloud is saving money by paying only for services used. At least that is the idea.
The reality is that IT often pays for workloads, services and licenses they do not use.
IT pros always ask prospective cloud vendors how they measure the usage and charge for their services. With Microsoft Office 365, you simply pay for users through individual licenses. However, Microsoft does not consider whether all your selected users indeed use the services allocated. That is the job of IT. However, tracking licensed application utilization is hard to do, so most of the time customers just pay for the licenses allocated for their selected tier of service — regardless of whether all these licenses are actually used.
Whether paid for licenses are used or not is a huge consideration, and source of immense savings when you downsize to only the licenses you truly need. Coreview finds that, on average, organizations cut licensing costs by 30% after they analyze actual Office 365 usage.
Another consideration is Microsoft Office 365 licenses levels, selected service plans, or tiers of use. Again, it is ultimately IT’s responsibility to identify the right plans for your business and individual user needs.
If you want to truly benefit from the SaaS pricing model of Microsoft Office 365, you must:
- Commit only to the licenses you really need (do not over-commit and carry unused licenses)
- Assign licenses only to legitimate active users (by identifying inactive users with a license)
- Identify the right plan for each user and your business
The Solution – Find Inactive Office 365 Licenses and Reallocate Them with Ease
So how do you identify the best plans, and limit the number of inactive users? With CoreAdmin, you easily discover all inactive, oversized and duplicated Office 365 licenses and can cancel or reallocate them without ever leaving the CoreView management platform. This stops overspending, and at the same time identifies departments with low application adoption.
You can get a free CoreView Office 365 Health Assessment to discover license savings, application usage, and the security state of your Office 365 environment.
4. Adoption – Maximize Application Use and Office 365 Investment
Driving application adoption is essential to maximizing Office 365 investment. Office 365 is a collaboration and productivity suite, so driving adoption of its services improves your end users’ cloud dexterity, overall productivity, and collaboration skills.
Key to a successful adoption plan is clustering users based on different service usage and behavior – which helps drive targeted adoption and training campaigns. For this to work, you must apply the correct metrics to define your clusters, as well as identify incorrect user behavior so you can take corrective action.
By analyzing the segmented user list, you gain valuable information for your adoption campaign and can track campaign efficiency.
Once you have an adoption strategy, it is time to train your users. Experts have found that standard training (classroom and eLearning) are not optimal since users forget 70% of what they learned within 24 hours.
Instead, end users today look for on-demand training. It is not unusual for users to search the internet to learn needed skills. Sadly, using non-standard training creates inconsistency across your workforce. Using or adopting all key productivity application is critical to Digital Transformation, and therefore end user training is vital to the success of any transformations initiative. On the flip side, a lack of end user training is the number one barrier to adoption, and a key reason why so many digital transformation projects fail
The Solution – Smart Adoption Campaigns and Just in Time Learning (JITL)
In the world of cloud-based IT services, applications are constantly being added to and updated. CoreView’s CoreAdoption usage insights and adoption campaigns ensures all employees keep pace as things change. With CoreAdoption:
- Usage Data Is Consolidated – We scan all Office 365 solutions at once, so you’re not jumping from dashboard to dashboard for reports.
- Reports Are Easy to Filter – Usage data can be analyzed by sub-pool, region and more, so it’s easy to identify groups that need help.
- Email Campaigns Are Built – Once you identify low adopters, you can send targeted adoption campaigns without leaving the platform.
- Campaign Success Is Easier to Measure – With email and usage data in the same place, it’s easy to see which of your campaign strategies is working best.
- Integrations Are Effortless – If you also use our CoreLearning video library, it’s easy to drop training videos right into your adoption emails.
- All License Types Are Tracked – Whether you use cloud or hybrid licenses, workload and service usage across your Office 365 system can be reported.
Fortunately, CoreView’s CoreLearning is a Just in Time Learning (JITL) system with 2,000+ how-to videos lasting from 30 second to 3 minutes. The secret sauce is these videos are context sensitive, and play as the user is working with the application.
Read our Just in Time Learning (JITL) whitepaper to find out more.
5. Process Automation (Smarter Provisioning and De-provisioning)
Process automation is a best practice that reduces human error, and delegates complex automation to lower skilled operators. While you can automate hundreds of different processes, provisioning and de-provisioning are critical processes to prioritize.
Consider a standard turnover rate of 11%. That means you should be de-provisioning at least 10% of your employees, and provisioning 11% of new employees every year.
Provisioning and de-provisioning can be a simple process, but incorrect execution has a massive negative impact. Consider the results of an incorrectly executed de-provisioning process:
- Assigned licenses cannot be properly released
- Former employees can still access sensitive company data
- You lose company data you need to access in the future – such as Exchange or OneDrive data
Automating those processes improves key operations, generates opportunities to save money through efficient license management, while reducing overall security risks.
The Solution – Know Who Your Users Are, and Provision/De-Provision Properly
With CoreView, Workflow Templates automate provisioning and deprovisioning operations. Our CoreAdmin solution supports automated provisioning and deprovisioning processes. This ensures your users have correct licenses and permissions and access to the right applications and infrastructure.
6. Policy Management (Avoiding and Fixing Misconfiguration)
Gartner and Forrester both indicate that 80% of SaaS breaches stem from misconfiguration, inappropriate user behaviors, or incorrectly elevated user permissions.
In the SaaS market, service providers are accountable for service availability. However, users and service configuration are still IT’s responsibility.
For enterprises, correctly defining configurations and appropriate user behaviors are best practices. However, misconfiguration is still possible due to operator workarounds or operator error. That is why it is so important to monitor and enforce your configuration best practices including policies and baselines, and thus fully secure your SaaS environment.
The Solution – Understand Who Your Users Are and What They Are Doing
CoreView, and in particular, the CoreAdmin tool, helps set up administrators that are specific to a location, functional set of users, or other attributes. This means admins know who their users are, and have a manageable set of end users to handle.
At the same time, CoreView tracks application usage, so you know which applications handle the most work, and when end users are misusing the system. The ‘single pane of glass’ CoreView console offers deep insight into how end users are configured, and where they might be misconfigured.
With CoreView, you can monitor your configurations and usage policies. If a misconfiguration or a misusage has been detected, you can immediately remediate it as well as enforce those policies using the CoreView RPA automation capability.
With CoreView, policy management moves from a manual and error-prone process to one that is intuitive, easy and automated.
More on How CoreView Helps
CoreView is the SaaS Management Platform (SMP) leader for Microsoft Office 365. CoreView helps customers gain visibility into their Office 365 environment through a single pane of glass across all Office 365 services. CoreView also improves standard operator rules with an enterprise-level RBAC, enabling IT to define operator roles based on key business needs.
License optimization and service adoption are two of the key pillars which CoreView can enable for all of its customers.
CoreView is a hybrid-ready solution providing workflow automation processes to simplify complex challenges. In addition, with CoreView’s policy management capabilities, IT monitors and enforces policies in a highly efficient and accessible way.
Learn Everything That’s Wrong with Your Office 365 Environment
The Free CoreView Office 365 Health Check Finds:
- How Many Licenses Are Inactive
- What Services Are Barely Touched
- How Many Files Are Shared Dangerously
- How Many Users Have Admin Rights
- Where Security and Compliance Problems Lay
- And What To Do About It!
The customized Office 365 Health Check Action Plan saves money, boosts end user productivity, secures Office 365, and automates common admin tasks — taking Office 365 management to the next level. This sample report is based on an actual customer, tracking two weeks’ of usage data. If you have any questions, please contact us.
Get your report here.
Learn More about Managing Office 365 Using CoreView
Learn more about Office 365 administration with a CoreView demo.
You can also get a free CoreView Office 365 Health Assessment that details license savings, state of application usage, and pinpoints security problems in your Office 365 environment.
Find out how to make your cloud environment more efficient by reading out Opportunities for Office 365 Cost savings white paper.
David Mascarella is Chief Global Strategist, co-founder and Managing Director at CoreView