Enterprises will finally rethink how they organize their Office 365 administration team to keep pace with its rapid changes and interdependent security model.
In my 5th 2020 prediction ( see all 7 predictions here), we’ll discuss why the legacy model of Microsoft platform administration doesn’t translate very well to more and more services in Office 365, and we’ll discuss how organizations may align their IT.
Why the old admin model won’t work anymore
As enterprises adopt more and more services in Office 365, they can no longer get by with using their legacy model (.e.g, Exchange admin for Exchange Online, SharePoint admin for SharePoint online) because neither one is very good at managing the overall environment as Microsoft MVP Tony Redmond outlines in this TEC talk video .
Let’s break this down. When orgs first go to Office 365, they move their email – OK that’s the Exchange admin. Then they move their SharePoint – OK that’s the SharePoint admin. Now let’s add in Microsoft Teams – OK that’s the…hmm.
Because Teams brings together so many different services of Office 365, the person administering Teams will have to know a little bit about everything. As Tony Redmond states in the TEC talk video:
“[Y]ou have to know a bit about Exchange, a bit about Azure Active Directory, a bit about SharePoint, a bit about Planner, a bit about application management. Some PowerShell will be handy. And by the way, if you knew how to program the Microsoft Graph, that would be really good as well.”
When organizations start to deploy Teams, they start to think about Office 365 administration as a whole. Teams permissions require Exchange permissions, so this creates a crisis of separation of duties between SharePoint admins (who are often first tasked with Teams management) and Exchange admins. And then, of course, Office 365 groups unifies all of this - crosses the boundaries of services. Office 365 groups underpins all of these services and you have to have admin rights to Exchange Online, SharePoint Online, Teams, etc.
Add in the rapid pace of change of Office 365 administration and services into the blurred administration lines, and you’ve got a lot of chaos in your environment.
Office 365 organizational management models
There are several approaches organizations can take to building out a team model to manage Office 365, but here are the two most common I’ve heard from customers and analysts (feel free to comment if you have other options that work for your organization):
- The mirror approach. This preserves the legacy approach within Office 365 but adds in a PAM solution to grant temporary access to those functions that require admin rights within other services (like searching auditing logs that are stored in Exchange Online for one of the other services). Delegation is still an issue, but the PAM solution helps to control the access.
- Program manager approach. In this approach, you need a program manager, like a release coordinator. You still have your Exchange Online and SharePoint Online admins, but they have to roll up to a new program manager who is tasked with the overall picture, management and security of Office 365. One analyst equated this model to the large-scale SAP implementations of the past with war room meetings every week, but in these meetings, it’s to review the weekly Office 365 updates across services and discuss the roll-out, impact, and RACI model. There will still be some delegation issues, but in this scenario, the rapid changes in one service that impact another service are shared and discussed on a regular basis (just don’t take vacation if you want to stay up with the changes).
Even these models are preliminary, and as Microsoft releases more updates and more services, we’ll see it evolve and mature. For now, understand that as a typical Microsoft administrator, your role is changing (duh) and your team dynamics have to change to stay up with the new interdependent security and management model.
Because of the unifying approach of Microsoft Teams, I suggest learning more about managing your Office 365 environment by looking at how to manage your Teams environment. At The Experts Conference , Microsoft Office Apps and Services MVP, Tony Redmond, tackles the topic of managing Microsoft Teams successfully, including governance. Watch the recording of his packed session today to learn more about how to see the full picture and delineate and govern this service.
For further training on how to protect your AD and O365 environments (including Teams), join us at The Experts Conference 2020, where Microsoft MVPs and experts lead deep, practical technical trainings on Hybrid Active Directory Security, Office 365 and migrations. We’re about to announce TEC 2020, so join the waiting list. Not sure, check out this keynote on AD security from Randy Franklin Smith at TEC 2019.