[MUSIC PLAYING] Hello, everybody, and welcome to Virtual TEC. This session is about mastering Microsoft 365, and I'm Tony Redmond. I'm an independent consultant. I've been in the industry for a long time.
I'm an editorial director and contributor to Practical 365, where we write about everything to do with Microsoft 365 at a very practical level. And we're always looking for new writers for if you want to take on that challenge. I'm also the lead editor of the Office 365 for IT Pros book, and one of the things that's relevant about that book to this session is that there's so much change in Microsoft 365 that we have to republish the book every month. So that just gives you a little bit of an insight.
So this session is all about unicorns. Now, unicorns are a mythical creature, or so you might think. But in fact in the business world, there is a definition for what a unicorn is, and it's an employee who makes a lot of difference to people. It's an employee who actually knows their stuff. It's an employee who knows all their stuff about everything.
And so when you're coming to think about Microsoft 365, what would a Microsoft 365 unicorn look like? Well, it would probably be somebody who knows a lot about Microsoft 365, and that is the purpose of this session.
My goal is to give you some ideas. I'm not going to give you a recipe. I'm going to give you some ideas about how you can become a Microsoft 365 unicorn. It's not saying that you have to wear a horn coming out of your head. That's strictly optional. But we'll give you some ideas about all the other stuff.
So some points that I want to discuss. I want to chat a little bit about the changing role of IT admins in the world. I want to talk about knowledge, because you need knowledge to be able to master and understand Microsoft 365.
And in fact, we'll think about this a little bit, of is it actually possible to acquire so much knowledge that you can master Microsoft 365? It's a little thought that we have to talk about. And then finally, we'll ask the question, do these mythical creatures-- these Microsoft 365 unicorns-- do they exist, or should we just give up and go home?
OK, what do you have to do to become a unicorn? Very, very pertinent question.
So I said I wanted to start by talking about the changing role of IT administrators. And when we ran on-prem servers, when we ran Active Directory, when we ran Windows 2003, we were in charge of the world. You could do anything you wanted. You ran your own ecosystem.
You decided what software was there. You decided when backups were taken. You decided when service packs were installed. You decided what third party software you would integrate. You were master of the universe. But the point is that you were a master of your own little universe.
Everything changes with cloud services. With cloud services you're no longer the master because mastery is exerted by the cloud providers-- by Microsoft, by Amazon, by Google. And you no longer have that central role of deciding what goes where and when. So in fact, when we look at what IT admins can do, all they can really do is tweak things.
You can't dictate the quality of service that your users are going to get. That's going to be a function of the cloud provider and, perhaps, even your internet service provider. All you can do is tweak settings. So that means that you can accept that and become a master tweaker, or you can do something more proactive.
And the thing that I would like you to think about is how you can become more proactive. How you can help the organization exploit cloud services to the maximum because that's really what we've got to get into. Instead of just accepting that, oh well, Microsoft does everything, let's think about being proactive. Let's think about taking that leading role in the organization.
And that means that we want to master new applications and services. We want to understand how that can be used. We want to understand how, in particular, they can be used to remove business benefit, because then you become an absolute hero to the organization. And we want to seek out opportunities that exist in cloud services to fix problems that you can see in the business, or that your users can see in the business.
And if we remember the point I made right at the start-- Microsoft 365 is not static. It changes all the time. And because it changes all the time, you've got an opportunity to keep on going back and keep on asking questions. Is there something new coming that maybe can be used by the organization to fix a problem? So it's quite a proactive role you can take if you want to take it.
I think there are three basic rules that admins can follow in this search to be proactive. First, you've got to break down the on-premises silos that may or may not exist in your organization, or that may or may not exist in your own head. An on-premises silo is a way of thinking about how things were run on-premises. But as we've just discussed, it's a different ballgame and what you did on-premises is no longer valid in the cloud.
The second thing is to focus on what you can influence. You can't influence Microsoft. Forget that. Maybe the largest, biggest, most-- how would you call it-- the most lucrative customers in the world can influence Microsoft when it comes to Microsoft 365.
But at the scale that the service runs, supporting some 370-odd million users, you come along to Microsoft with your 20,000 users and you say, wow, this is a big organization. Then they say, yeah, boo, sucks. We have 100, we have 1,000, we have 10,000 organizations like you.
So just because you think something is a great idea, maybe not going to happen. So you've got to focus on what you can influence. And by focusing on what you can influence, you get to a point where you can make a difference.
Then I think you should seek to exploit new technologies. They come along all the time. But before you can exploit a new technology, you've got to understand a new technology. You've got to understand how it works. You've got to understand its strengths and its weaknesses. You've got to understand what opportunities expose. What it can do, what it can't do. And that, I think, is where a lot of the ability to become this mythical Microsoft 365 unicorn lies.
So in terms of influencing things, don't think about the operational details. Operational details are things like reporting a problem to Microsoft, following up on that problem, making sure it gets fixed, making a request for new functionality. Nah. That's not what I mean at all. You can't influence that. Those processes will work no matter which way you do it.
I think in the context of what we're discussing today, in the context of becoming a Microsoft 365 unicorn, you want to expand your own personal expertise to cover as much of Microsoft 365 as possible. You need to understand licensing, in particular. You need to understand how to take advantage of licensing. You need to understand how to reduce the spend on licensing, and you need to master automation. In particular, you need to think about these no-code or low-code methods that are available.
Now, if you've been around administration in the Windows world for a long time, you're probably competent with PowerShell. But what about the new things? And indeed, inside PowerShell, what about all the new modules that are available to you? So things like the Microsoft Graph, things like Power BI, Power Apps, Power Platform-- all of that stuff represent opportunities for you to exert a bigger influence over stuff that you can actually affect.
OK, so now we've talked about some basic rules. Let's talk about dividing up Microsoft 365 into the areas that you may want to focus on. And that's what I mean by "covering the basics."
Here's my list of what I think every tenant administrator should be competent in. "Competent" means that you understand the technology. It might not mean that you could do a deep dive in the technology, but it means that you're literate in it, that you understand how the technology works. It means that you can manage the technology.
So from the start, Azure Active Directory, absolutely fundamental to Microsoft 365 and every one of the services delivered within Microsoft 365. You need to understand how Azure AD works. You need to understand things like what's an enterprise app? What's a registered app? What is a user? What is a guest user? What's an external identity?
All of these concepts-- some of which are similar to what existed in on-premises AD, but some of which are unique to the cloud because a cloud, of course, is a pretty unique environment. You need to understand how identities and permissions work. That's the basic thing. And so when we talk about that, we talk about things like how Hybrid Active Directory works with Azure AD.
How OAuth-- which isn't an authentication mechanism, it's an authorization mechanism-- how OAuth 2.0 works. So we're talking there about how permissions are given and granted within the service. What tokens are-- what's an access token? What's a refresh token? How is an access token granted? What happens when a critical event happens inside Active Directory, Azure Active Directory? And so forth and so on.
And then moving into the area of collaboration, we have Azure AD B2B collaboration-- which is all about guest accounts-- and we have direct connect, this new technology which has been exploited in Teams shared channels for the moment which basically allows organizations to define how they want to connect to each other and what applications the users in each tenant are allowed to use.
And of course you got Exchange Online, which is the largest of the workloads inside Microsoft 365. If you come from Exchange On-Premises, you've probably got a pretty good idea of what Exchange Online is like. Even though you'll find that most of the stuff that you used to manage in Exchange Online is not there for you to manage in the cloud.
I mean, Exchange Online is a massive, massive organization when you think about it. You've got over 300,000 physical mailbox servers running in the cloud. Just think about that, 300,000. They're physical servers, these are not virtual servers. They are physical servers.
They're physical servers because that's how Exchange Online delivers the best performance and stability, especially around storage. And storage is very, very important in the Exchange Online story because when you think about it, Exchange Online makes a huge amount of storage available to users in terms of very large mailboxes, and archive mailboxes, and inactive mailboxes, and all the other type of mailboxes that are out there.
But it also makes a huge amount of storage available to the Microsoft 365 substrate. The substrate is the part of Microsoft 365 where data is held so that it can be operated on by common services-- common services like Microsoft Search.
Think of how difficult it would be for Microsoft Search to find documents and messages and tasks and people if it had to go from repository to repository to repository, from workload to workload to workload, to find this information. So instead what happens is that you've got the substrate holds what Microsoft call digital twins of items like documents in storage managed by Exchange Online to give these common services like Search the ability to go to one place at one time to perform operations like search.
So the substrate is not something that you're going to be able to affect. It's just there. It happens. It does its work. But it's something that you should understand and have an appreciation about.
Then we've got SharePoint Online and OneDrive for Business. Now, the thing about Exchange and SharePoint in the on-premises world is that these applications were the king of their own kingdoms. Well, of course, you're a king, so you're king of your own kingdom. But they were top of the pile in their own kingdoms, if you will.
And people specialized-- you were a SharePoint admin, you were an Exchange Admin, and never the twain should meet. I mean, when Microsoft came along in Exchange 2013 and SharePoint 2013 and they introduced this concept called site mailboxes to make the two work together, and they introduced a 57 step list of items that you had to do to connect everything together, that just demonstrated how far apart the two apps were.
Well, it's very different inside the cloud because SharePoint Online, in the same way that Exchange Online does its work as the mail provider and the storage provider to Microsoft 365, SharePoint and OneDrive are the document management providers.
And Microsoft has done a great job, really, I think in terms of rolling out SharePoint and making it more accessible to people. I mean, people don't understand that they're using SharePoint when they use OneDrive, for example, but they're quite happy to have all of their items up in the cloud managed by OneDrive which is, of course, SharePoint. So you need to understand that.
Then we have Microsoft 365 Groups and Teams, including guest access. Teams has been a phenomenal success for Microsoft, phenomenal success. 270 million monthly active users, that was the latest data that Microsoft gave. And that was back in January 2022, so today it's probably far higher. And some organizations have over half a million Teams users, which is a phenomenal amount.
I think the key, though, to Teams is Microsoft 365 Groups. Not insofar as just Groups power Teams, but more in terms of if you don't get Groups right, you're not going to get Teams right. If you don't take control about how Groups are created and managed and removed from your environment, you're not going to have an effective deployment of Teams. So that's definitely an area to look at.
And then the final basic point for an administrator is that you need to know how to monitor a tenant. You need to know how things are going on. Because if you don't know what's going on, how are you going to act as the intermediary voice between your users and Microsoft to go and get problems solved?
So you need to understand how the service monitors itself, how it publishes health indications, how these notifications can be consumed and understood in the context of your own business. That's a very, very important thing. You may or may not want to use a third party application to help you here. There's certainly plenty of them out there on the market. But you can do a lot yourself with just the raw data that's inside Microsoft 365.
I do want to spend a little bit of time talking about backups because backups are a big question mark in my mind as to whether or not you actually need them in the cloud. Now, some organizations absolutely do need backups because they're forced to have backups through regulation or legal requirement. If that's the case, that's absolutely fine. There is no doubt that you can take backups of the Microsoft 365 workloads.
However, there's a lot of organizations, lots of companies, lots of businesses, I think, that have been adversely influenced about the need for backup by some of the publicity and some of the PR that have been put out by vendors who want to sell backup products.
Now, I have no problem with an ISV selling a backup product, but I'd like the sale to be based on honesty and an appreciation of what the risks are and an appreciation of what information can be, in fact, backed up out of Microsoft 365, and more importantly, how that information can be restored.
So they are good questions to have a pretty blunt discussion with your backup vendor-- what information you actually getting out of Office 365, Microsoft 365, and how can you tell me that this information can be restored if that's what needs to happen?
I think, in fact, that in most cases, the need for some of these disasters that people predict can happen can be stopped by simple, good account hygiene. And that means using modern authentication, getting rid of basic authentication everywhere, and using multifactor authentication to protect people's accounts.
Stop attackers getting in, you're not going to have malware in your organization. You're not going to have compromise. You're not going to have cyber criminals getting in and encrypting your data. And then maybe you won't need backups. But think about it.
It's worth noting that Microsoft's strategy here is to move to Graph-based export APIs for backups. And the first workload where this is happening is for Teams.
Now, these export APIs are metered. They're metered for consumption, which means that as you extract data out of Microsoft 365, Microsoft has a meter running on you and you pay for the transactions you use to extract data, and you pay through an Azure subscription.
So this is a very different approach to what's traditionally happened in the past, where you just run an API like Exchange Web Services to stream data out of your tenant to wherever your backup location is. Now that streaming operation is going to cost you money. So keep an eye on that, and we'll see how that develops over time.
Let me talk a little bit about auditing, which I realize is everybody's favorite word. It's the kind of unique thrill you get when somebody says that, oh, you're going to be audited. But let's talk about it in a positive sense, how auditing can help administrators understand what's going on.
As it happens, Microsoft 365 gathers a great amount of audit information. And to me it's kind of an insight that an administrator can gain into what's actually happening inside Microsoft 365. There's roughly 1,600-- maybe it's 1,650 at the moment, they're adding them all the time-- but these audit events are being generated by all the various workloads running.
For example, a recent one that was added was by Teams, who now record reactions that people have to messages. So if you do a thumbs up, or you do a heart, or you do a laugh as a reaction to a chat or a channel conversation, an audit event is captured for that. Why, you would think, is an audit event necessary for somebody doing thumbs up to a silly chat message?
Well, the actual thing is is that in the world of the compliance, if somebody reacts to a message instead of coming back and said, oh yeah, that's a good idea, the reaction is an indication and that could mean a lot to an investigator.
Take an example of where I said, I'm going to murder my Auntie Mabel next week. Do you think that's a good idea? Thumbs up. Well, whoever gave that thumbs up might be an accomplice who is willing to knife Auntie Mabel in the back, and that's an important fact for an investigator to know.
So anyway, some of the workloads are very verbose. SharePoint-- very, very, very verbose. It tells you everything that happens. Some are less so.
Events are kept for 90 days if you have Office 365 E3 licenses. If you have E5 license, they're kept for 365 days. And in fact, there's advanced auditing they're out there as well. Some events can be kept for 10 years if that's what you want. That's what they call these high-value audit events.
Now the reason why I think these audit events are very valuable to administrators is that you can look in the audit log from time to time to see what's happening. And one of the things I do roughly every month or so is I just use this little snippet of PowerShell to go in, have a look at the audit event to see what new events are showing up.
Because the new events might be new actions that Microsoft is introducing as a result of new functionality, of new features. But even if an audit event like the one for a reactions in Teams, even if it's for old functionality, I still want to know about it because that might give me a way of reporting what's happening inside Microsoft 365, of understanding what's inside Microsoft 365.
So in this case, you can see that there were five Groups added, 19 times a member was added to a Group, and so forth and so on, seven times somebody was added to a distribution group, et cetera, et cetera, et cetera. You can find out a lot about what happens inside Microsoft 365.
Speaking of compliance, we should have a little discussion about it because compliance is where Microsoft is putting a lot of attention. They view it as an area where they have got a competitive advantage, and it's worth discussing how much of their compliance technology is valuable to your organization.
I view this as a further expansion of my administrator who wants to become a unicorn. And the expansion is into Microsoft Purview Compliance solutions, where there are various things that you could take an active interest in. Some of them are pretty basic, like retention policies. I think everybody should know about retention policies. How long do you want to keep stuff? Or do you want to get rid of stuff after a particular period?
Then there's Information Protection, which is all about encryption and rights management, and that's implemented in sensitivity policies and labels. And that's becoming more popular. Two years ago, I would have said probably 1% of Microsoft 365 tenants use sensitivity labels to protect content. Now it's more like 5%.
Why is this important? Well, once you protect content, once you encrypt content, it means that every interaction with your tenant has got to be able to deal with encrypted content. So for example, if you've got a bunch of encrypted documents, how are you going to be able to back up those documents and restore them later on?
Will you be able to restore them to a different tenant? How will you be able to decrypt those documents? And so forth and so on. So Information Protection is a thing that is becoming more popular. I think it will increase in popularity over the coming period. It's just going to become part of what we do.
Data classification, then, is all about, well, how do we keep track of all of this information? Do we need to have any formal records? Record management is a big thing in certain industries, especially those industries that are heavily regulated like the finance industry or the health industry.
So if I have documents which are stored in SharePoint or OneDrive for Business which are relating to a particular matter which is under regulatory control, how do I stop people interfering with that content after it has been finished, after it is done, no further edit? Then we get into the area of things like records and records management.
The thing that you have to be wary about with compliance is that Microsoft requires an E5 license or an add-on license such as Microsoft 365 E5 compliance to be able to use many of their features. There's a basic line in the sand that Microsoft has which says any sort of automation in terms of its compliance functionality requires an E5 license.
And that comes down to even such basic things as adding a default sensitivity label or a default retention label to a SharePoint document library. That, in Microsoft's eyes, is an automatic action. It's an automatic action because every new document that gets added to the library receives a label. Now, I don't think that's an E5 type of feature, but I don't get to make the rules of the game. Be very, very careful here about the licensing requirement.
So which brings me to some specializations that admins might like to think about. Well, not everybody is going to want to do some of these things, but you need to have people who know how to do this stuff. It may not be you. It may be another person on your team. And I have listed a couple of stuff, a couple of areas to think about.
Licensing, definitely. People pay too much for licenses in general. They waste licenses. So that's a very bad thing. That drives costs. Make sure that the right people have the right licenses. Make sure that you're not overbuying licenses. Make sure that you return licenses to Microsoft when you don't need them.
But that means you've got to understand what's going on. Who's got the licenses? Are those licenses in use? Et cetera, et cetera. Now, you can depend on the standard stuff that's in the Microsoft 365 Admin Center to give you that information. But I think if you're going to specialize in licensing, you're probably going to build your own tools. Are you going to buy some third party tools to help you with it?
Advanced Identity Management are things like conditional access policies, privilege identity management, privilege access management, et cetera, et cetera. Again, these are features that require extra licenses, Azure AD premium licenses, but they're very, very, very, very good things to have, particularly conditional access policies.
Intune, then, are another mobile device management platform. I mean, basic Intune is built into Office 365 E3 and above, but you probably want to have some more advanced MDM, especially if you're operating a BYOD facility.
Defender for Endpoint, Microsoft Sentinel, and Purview eDiscovery are other areas that tend to be very, very specialized. Microsoft Sentinel because it's not just a matter of getting stuff into the log spaces, but it's also a thing about using this Kusto Query Language-- KQL-- to interrogate the data that's stored in those log spaces to make sense of the data, to make the data usable, to make it active for your purposes. And that, I think, is a pretty specialized activity.
In terms of eDiscovery, it's totally specialized, especially premium eDiscovery, what used to be called advanced eDiscovery. That is something that if you're not into the eDiscovery world, you're going to need to spend probably a couple of weeks getting up to speed on it.
Now, programming. To be our fabled unicorn you have to be a master of all things, and that means you're going to have to do a little bit of programming as well. I know that that is not popular with some admins but, unfortunately, to get information out of Microsoft 365 and make that information available to you, you're going to have to do a little bit of programming because you're going to do automation.
You don't want to do boring tasks. Boring tasks take away valuable time. Boring tasks are boring. You will make mistakes when you're doing boring tasks time after time after time. If you go and code the task, then anybody could do it. You can give it to your sidekick and they won't make a mistake because it's all coded, right?
Microsoft runs Office 365 on PowerShell. Now that's an oversimplification, but there's a lot of PowerShell behind Office 365 and Microsoft could not run a service of the size and complexity of Office 365 if it didn't have PowerShell behind it. Now, you should have that same type of attitude.
How can I automate as many of these management operations as possible using my preferred tool? It may not be PowerShell. It may maybe Power BI. It may be Power Apps. I don't care. But just think about and have that attitude, let's get automation in to remove errors, to improve the quality of administrative work, and to get work done faster.
The methods-- PowerShell, clearly. My note here is to keep modules up to date because they change all the time. I think about the Microsoft Graph. It changes monthly. Teams changes monthly. SharePoint changes monthly. And there's no point in using outdated modules, so you have to keep them up to date. I got a complete list of modules here, which I think should be in the toolkit of every administrator.
And you notice at the bottom I've got, in the Other Modules section, I've got some modules that don't come from development groups. They come from other groups inside Microsoft, like Orca, or they come from people outside Microsoft.
And two in particular that I'm going to call out here-- ImportExcel, which allows you to import and export information from Excel worksheets, which is pretty important when you're generating reports. Yes, you can do CSVs in standard PowerShell, but Excel is so much more powerful. And PSWriteHTML, which, as the name implies, gives you the ability to generate really nice HTML reports directly from PowerShell.
Then the two other ways, we got the Graph APIs and Power Automate. Now, the Graph APIs would take a complete presentation to talk about, and I'm not going to do a complete presentation about the Microsoft Graph APIs, but I will say this.
The Graph APIs allow you to turbocharge PowerShell. They allow you to get work done faster because if you go and retrieve information with the Graph APIs, it's going to be a lot faster to get information back from Microsoft 365 than it will be from the standard commandlets in PowerShell modules.
So the trick here, of course, is to pick the right tool for the job, not to get too focused and say, we're going to do everything in PowerShell. Or we're going to do everything in Power Automation. That's bad. That's a bad idea. Use the right tool for the job and use a range of tools to get work done.
Let's talk a little bit about knowledge. Because if there's one thing that we know about Office 365 and Microsoft 365, that since Microsoft launched Office 365 on July 30th, 2011, there has been incredible change in the ecosystem. Just incredible.
Satya Nadella, a few years ago, he said that there'd been over 400 changes inside Microsoft 365 in a year. Now, that's a lot of change. I think he underestimated it. I think is his people told him that there were only 400 changes. I think there were more. Because what's a change? Is a change to, for example, a PowerShell commandlet a change that somebody like Satya Nadella would know about? Or is a change a massive new feature that Microsoft is introducing?
But you know what? It really doesn't matter, because what matters is that change happens all the time. And so anybody who wants to be our fabled unicorn has got to be prepared to acquire knowledge all the time. This is an ongoing quest.
So in terms of knowledge acquisition, where do you get it? How do you keep on top of things? Let's throw out a few things here, a few ideas. Firstly, it is important to keep an eye on social media. Why? Because people talk about new stuff. People love talking about new stuff. So you'll get a heads-up, you'll get-- people have noticed something inside Microsoft 365. They will share information about it.
Leaks will happen out of Microsoft. They'll come through in social media and you'll get a heads-up about new stuff that'll happen. You'll also be told about stuff that you may have overlooked. So keep an eye on social media, but do spend time refining your feeds. Don't follow everybody. Because if you follow everybody, your feeds will be an incredible mess of absolute crap. So don't do that.
Do think it's important to keep an eye on the Microsoft Technical Community, including the Microsoft product group blogs, because that's the formal route of Microsoft will publish information and now. They've really centralized around the Microsoft Tech Community, so keep an eye there.
There's the Message Center in the Admin Center, where notifications are published as new features are introduced. Now, a couple of years ago this wasn't very good, but now Microsoft has got a lot better in publishing the notifications. So keep an eye there.
It's also a good idea to keep an eye on reputable blogs. Now, the reason why I say reputable-- also, of course, Practical 365 is the most reputable of all blogs-- is that there's a lot of absolute rubbish published on the internet. I can't tell you of how many ways there is to describe a feature in Microsoft 365, all of which are badly phrased, badly written, poorly constructed, and wrong. So make a selection of what you consider to be reputable blogs and use them as sources of information.
You can't do everything. You really can't do everything. Even the best unicorn in the world can't do everything. But understanding the fundamentals, understanding the foundations, understanding the basics of what Microsoft 365 is all about will give you the capability to keep on growing, and that's the most important thing.
People that stay static in the cloud-- I don't know. Maybe they become raindrops and fall. The people who keep on growing are the ones that will survive and thrive and prosper, OK? That's what you've got to keep on doing.
So in conclusions, it is possible to be a Microsoft 365 unicorn, but it takes a lot of hard work. The work doesn't stop, it's ongoing effort, but it's absolutely possible.
Is it good to be a unicorn, or should you should you be one of these specialists that we talked about? I think it's possible to have an overlap. It's kind of like doing a college degree, where you have some majors and minors. Your major may be to be the unicorn, and your minor may be to do-- you're the go-to person for Microsoft Sentinel.
It's up to you. Everybody's different. I can't dictate, but I can tell you that this is possible, and I can tell you that it's going to take a lot of effort. And now it's over to you.
[MUSIC PLAYING]
OK, now that I've bored you all with all that stuff, have you got any questions?