You’re going to get a new job as your org takes Office 365 management more seriously: 2020 Predictions (5 of 7)

Enterprises will finally rethink how they organize their Office 365 administration team to keep pace with its rapid changes and interdependent security model.

In my 5th 2020 prediction, we’ll discuss why the legacy model of Microsoft platform administration doesn’t translate very well to more and more services in Office 365, and we’ll discuss how organizations may align their IT.

Why the old admin model won’t work anymore

As enterprises adopt more and more services in Office 365, they can no longer get by with using their legacy model (.e.g, Exchange admin for Exchange Online, SharePoint admin for SharePoint online) because neither one is very good at managing the overall environment as Microsoft MVP Tony Redmond outlines in this TEC talk video .

Let’s break this down. When organizations first go to Office 365, they move their email – OK that’s the Exchange admin. Then they move their SharePoint – OK that’s the SharePoint admin. Now let’s add in Microsoft Teams – OK that’s the…hmm.

Because Teams brings together so many different services of Office 365, the person administering Teams will have to know a little bit about everything. As Tony Redmond states in the TEC talk video:

"You have to know a bit about Exchange, a bit about Azure Active Directory, a bit about SharePoint, a bit about Planner, a bit about application management. Some PowerShell will be handy. And by the way, if you knew how to program the Microsoft Graph, that would be really good as well."

- Tony Redmond

When organizations start to deploy Teams, they start to think about Office 365 administration as a whole. Teams permissions require Exchange permissions, so this creates a crisis of separation of duties between SharePoint admins (who are often first tasked with Teams management) and Exchange admins. And then, of course, Office 365 groups unifies all of this – crosses the boundaries of services. Office 365 groups underpins all of these services and you have to have admin rights to Exchange Online, SharePoint Online, Teams, etc.

Reduce your AD attack surface

Reduce your AD attack surface.

See where you’re exposed and how to remediate it.

Add in the rapid pace of change of Office 365 administration and services into the blurred administration lines, and you’ve got a lot of chaos in your environment.

Office 365 organizational management models

There are several approaches organizations can take to building out a team model to manage Office 365, but here are the two most common I’ve heard from customers and analysts (feel free to comment if you have other options that work for your organization):

  • The mirror approach. This preserves the legacy approach within Office 365 but adds in a PAM (privileged access management) solution to grant temporary access to those functions that require admin rights within other services (like searching auditing logs that are stored in Exchange Online for one of the other services). Delegation is still an issue, but the PAM solution helps to control the access.
  • Program manager approach. In this approach, you need a program manager, like a release coordinator. You still have your Exchange Online and SharePoint Online admins, but they have to roll up to a new program manager who is tasked with the overall picture, management and security of Office 365. One analyst equated this model to the large-scale SAP implementations of the past with war-room meetings every week, but in these meetings, it’s to review the weekly Office 365 updates across services and discuss the roll-out, impact, and RACI model. There will still be some delegation issues, but in this scenario, the rapid changes in one service that impact another service are shared and discussed on a regular basis (just don’t take a vacation if you want to stay up with the changes).

Even these models are preliminary, and as Microsoft releases more updates and more services, we’ll see it evolve and mature. For now, understand that as a typical Microsoft administrator, your role is changing (duh) and your team dynamics have to change to stay up with the new interdependent security and management model.

Because of the unifying approach of Microsoft Teams, I suggest learning more about managing your Office 365 environment by looking at how to manage your Teams environment. At The Experts Conference , Microsoft Office Apps and Services MVP, Tony Redmond, tackles the topic of managing Microsoft Teams successfully, including governance. Watch the recording of his packed session today to learn more about how to see the full picture and delineate and govern this service.

About the Author

Jennifer LuPiba

Jennifer LuPiba is the Chair of the Quest Software Customer Advisory Board, engaging with and capturing the voice of the customer in such areas as cybersecurity, disaster recovery, management and the impact of mergers and acquisitions on Microsoft 365, Azure Active Directory and on-premises Active Directory. She also writes thought leadership articles and blogs aimed at the c-suite to evangelize the importance of these areas to their overall business. She chairs The Experts Conference, a yearly event focused on pure Active Directory and Office 365 training at the 300 and 400 level for the boots-on-the-ground Microsoft admins and managers.

Related Articles