How to Succeed with Office 365

This post originally appeared on CMSWire.


Office 365 is poised to be in place at nearly every large organization by the end of 2018. And not just Exchange, but SharePoint, OneDrive, and Office applications as well — basically the full suite of Microsoft Office 365 offerings.

A move to Office 365 will bring value to organizations beyond the obvious benefits of shedding IT infrastructure.

Microsoft's aggressive augmentation of the already substantial information and collaboration capabilities in Office 365 means gains in functionality as well.

But there’s a dark side to Office 365: Without a disciplined, deliberate approach to moving to Office 365, organizations run the risk of, at best, replicating their current information management issues in Office 365 and, at worst, increasing those issues with the move.

An Office 365 Migration Framework

The good news? There’s a way to avoid these problems when moving to Office 365. Organizations can use the following framework to help ensure that they get Office 365 right:

  • Define a defensible migration playbook
  • Close policy gaps
  • Create compliant standard operating procedures (SOPs)
  • Purge stale and junk content
  • Define the Office 365 capabilities required (and not required)
  • Conduct change management

Let’s take a high-level look at what each of these steps entail, and how you can use them to succeed with Office 365.

Defensible Migration Playbook

The first a step in moving to Office 365 — or in moving any content anywhere — is a defensible migration playbook. This defines the “rules of the road” within which the migration will take place. The goal being that in 10, 15, or 20 years’ time, if a lawsuit touches on the migrated content, someone in legal can be deposed in a court of law about the migration and defend the choices which were made.

Think of this as the requirements that a migration must meet in order to be legally defensible.

In addition, the migration playbook would include the controls that need to be in place to ensure source-target integrity (i.e. did all the data you meant to move get moved, and did you move it successfully, with all the same metadata and content), as well as the test scripts to verify the accuracy of the migration and the test results to show how accurate the migration was. Finally, the playbook will include a post-migration read-out that summarizes the results of the migration, i.e. how it went, any issues encountered, how you addressed them, what issues you couldn’t address, etc.

Policy Gaps

Once you've defined your migration playbook, take a hard look at your existing policies to determine whether they support the directives of the playbook. If they don’t, you need to update them to do so. And if you have policy gaps — e.g. for the handling of orphaned or abandoned data or stale sensitive data — you need to write net-new policies to address these areas.

Standard Operating Procedures

Policies and playbooks are great, but without operational procedures to enact them, they’ll be dead letters.

So after getting your defensible migration playbook and policies in order, you’ll need to define the SOPs for migrating to Office 365 that, if followed, will ensure that the playbook and the policies are followed. These procedures need to be detailed and will depend on your organization’s specific circumstances, e.g. the technologies you have in place for file analytics and migration, as well as any line- of-business systems in play that will integrate with Office 365.

Content Purging

Now that the rules of the road are in place, along with the policies and procedures to support them, turn your focus to removing as much content from the migration as possible. After all, the less content you have to move, the lower the risk and the cost.

Given that the shared drives at most organizations consist of 30 to 70 percent junk or stale data, it makes no sense to migrate without purging first; that's way too much irrelevant content to move to Office 365.

Granted, content purging is a daunting task, but nearly all organizations can address some quick wins to minimize their content volume for an Office 365 migration.

First, junk content. Using a file analytics tool, like Varonis, FileFacets, or Nuix, you can easily identify file types that have no business value, typically by finding the files that do have value, e.g. Office documents, PDFs, xml, HTML.

The rest – e.g. iTunes libraries, .DLLs, .EXEs, log files, etc. – usually provide no value. In my experience, this “junk” can account for as much as 30 to 60 percent of your shared drive environment.

Second, stale files. If you have accurate metadata for date created, last modified and last accessed, you can analyze usage for your content and exclude stale content from the migration accordingly. Many organizations have conservative legal and records management cultures, so even if you can’t purge these files, you can at least exclude them from migration to Office 365, holding them in a very cheap Tier 3 archive until you achieve consensus on purging them.

Office 365 Capabilities

Office 365 provides an overwhelming variety of capabilities, both within well-known applications such as Word, Excel, and Exchange, as well as newer applications like Delve, Flow, and Groups.

An organization can’t simply flick the switch and turn all these capabilities on for all users and expect success. Not only would all this functionality quickly overwhelm your users, but the change management and IT support would be unmanageable. Start by determining what Office 365 offers in total. Then determine the specific capabilities your end users (or individual groups of end users) need, so you can enable these (and suppress the ones they don’t).

And keep in mind that this won’t be a one-and-done; Microsoft introduces new features and applications on a monthly (if not more regular) basis, so you’ll need to stay on top of them to ensure that you’re enabling only what your users need, and nothing more.

Change Management

We all know how change management is typically done at organizations: Give users a link to training videos and leave it at that.

Needless to say, this will be a huge fail for organizations moving to Office 365, because this tool will significantly change people’s day-to-day work. In order for your Office 365 implementation to succeed, you’ll need to allocate huge resources to change management.

It starts with communication. Tell end users what they can expect, when to expect it, and what the impact will be upon their day-to-day jobs. It then continues through training. Give users the skills they need to do their jobs in the new Office 365 environment.

A Starting Place

Moving to Office 365 is a complex undertaking that will require massive resources to be successful. And although approaches will differ according to each organization, hopefully this post gives you an idea of the high-level areas you need to address to be successful.


Rich Medina
Joe Shepley
I’m VP and Practice Lead, focusing on developing Doculabs’ InfoSec practice and its applications in a wide range of industries.