Case Study Office 365 Deployment Tips

← BACK

OFFICE 365

DEPLOYMENTS

CONSIDERATIONS AND TIPS

DEPLOYMENT STRATEGIES

Start with one feature for many users; e.g. SharePoint Online, Application Single Sign-On

Migrate Exchange and Skype For Business/Microsoft Teams by business unit.

Controls generally remain
“on-premises” until halfway point

Windows 10 and legacy Office application compatibility

HYBRID CONSIDERATIONS

Plan for at least 24 months of hybrid deployment

Lack of cross platform tooling drives third party selection

Focus on consolidated monitoring and management process and technology

Set user expectations early for response time changes

NETWORK VISIBILITY

Internet edge becomes a critical path element for all user collaboration functions

Insight into internet performance is critical – remote and corporate network

Express Route can alleviate some load, but Microsoft support for this scenario remains variable

Microsoft network rate throttling – inbound and variable between users

ARCHIVING AND eDISCOVERY

Legal teams do not find Office 365 eDiscovery to be a viable choice. Leveraging existing capabilities

Office 365 archiving is robust, but does not cover non Microsoft platforms

Unlimited storage is becoming a negative for legal and compliance teams

DATA CLASSIFICATION PROTECTION

Azure Information Protection vs Bolden James, Titus

AIP one label per ‘document’ model does not meet many business requirements

Combined approach with Bolden James Classifier and Azure RMS protection

EMAIL PROTECTION

Advanced Threat Protection vs existing capabilities

Most companies have remained with existing capabilities due to ATP maturity

Convergence of ATP and Security & Compliance Center still a “work in progress”

Exchange Online delivery challenges

DEVICE MANAGEMENT

Broad adoption of Intune device and application management

Intune application management limited by application support for required

Some companies offering a mix of existing solutions (e.g. AirWatch) for company owned and Intune for BYO

DATA LOSS PREVENTION

DLP functions traditionally performed at internet edge

Office 365 DLP is effective, but offers little to no coverage of third party platforms

OFFICE 365

DEPLOYMENTS

CONSIDERATIONS AND TIPS

DEPLOYMENT STRATEGIES

Start with one feature for many users; e.g. SharePoint Online, Application Single Sign-On

Migrate Exchange and Skype For Business/Microsoft Teams by business unit.

Controls generally remain “on-premises” until halfway point

Windows 10 and legacy Office application compatibility

HYBRID CONSIDERATIONS

Plan for at least 24 months of hybrid deployment

Lack of cross platform tooling drives third party selection

Focus on consolidated monitoring and management process and technology

Set user expectations early for response time changes

NETWORK VISIBILITY

Internet edge becomes a critical path element for all user collaboration functions

Insight into internet performance is critical – remote and corporate network

Express Route can alleviate some load, but Microsoft support for this scenario remains variable

Microsoft network rate throttling – inbound and variable between users

ARCHIVING AND eDISCOVERY

Legal teams do not find Office 365 eDiscovery to be a viable choice. Leveraging existing capabilities

Office 365 archiving is robust, but does not cover non Microsoft platforms

Unlimited storage is becoming a negative for legal and compliance teams

DATA CLASSIFICATION PROTECTION

Azure Information Protection vs Bolden James, Titus

AIP one label per ‘document’ model does not meet many business requirements

Combined approach with Bolden James Classifier and Azure RMS protection

EMAIL PROTECTION

Advanced Threat Protection vs existing capabilities

Most companies have remained with existing capabilities due to ATP maturity

Convergence of ATP and Security & Compliance Center still a “work in progress”

Exchange Online delivery challenges

DEVICE MANAGEMENT

Broad adoption of Intune device and application management

Intune application management limited by application support for required

Some companies offering a mix of existing solutions (e.g. AirWatch) for company owned and Intune for BYO

DATA LOSS PREVENTION

DLP functions traditionally performed at internet edge

Office 365 DLP is effective, but offers little to no coverage of third party platforms

Most companies remain with existing DLP solution

CASB often used to provide third party DLP coverage; e.g. Box.com

SINGLE SIGN-ON

Immediate user convenience and security benefit

Broad user coverage with minimal setup time

SSO to other cloud providers; e.g. AWS, GCP, Workday

SOUND FAMILIAR?

HYBRID

PATHWAYS

Controls generally remain
“on-premises” until halfway point