Deployment Strategies
Start with one feature for many users; e.g. SharePoint Online, Application Single Sign-On
Migrate Exchange and Skype For Business/Microsoft Teams by business unit.
Controls generally remain
“on-premises” until halfway point
Windows 10 and legacy Office application compatibility
Hybrid Considerations
Plan for at least 24 months of hybrid deployment
Lack of cross platform tooling drives third party selection
Focus on consolidated monitoring and management process and technology
Set user expectations early for response time changes
Network Visibility
Internet edge becomes a critical path element for all user collaboration functions
Insight into internet performance is critical – remote and corporate network
Express Route can alleviate some load, but Microsoft support for this scenario remains variable
Microsoft network rate throttling – inbound and variable between users
Archiving and eDiscovery
Legal teams do not find Office 365 eDiscovery to be a viable choice. Leveraging existing capabilities
Office 365 archiving is robust, but does not cover non Microsoft platforms
Unlimited storage is becoming a negative for legal and compliance teams
Data Classification Protection
Azure Information Protection vs Bolden James, Titus
AIP one label per ‘document’ model does not meet many business requirements
Combined approach with Bolden James Classifier and Azure RMS protection
Email Protection
Advanced Threat Protection vs existing capabilities
Most companies have remained with existing capabilities due to ATP maturity
Convergence of ATP and Security & Compliance Center still a “work in progress”
Exchange Online delivery challenges
Device Management
Broad adoption of Intune device and application management
Intune application management limited by application support for required
Some companies offering a mix of existing solutions (e.g. AirWatch) for company owned and Intune for BYO
Data Loss Prevention
DLP functions traditionally performed at internet edge
Office 365 DLP is effective, but offers little to no coverage of third party platforms
Most companies remain with existing DLP solution
CASB often used to provide third party DLP coverage; e.g. Box.com
Single Sign-On
Immediate user convenience and security benefit
Broad user coverage with minimal setup time
SSO to other cloud providers; e.g. AWS, GCP, Workday