Microsoft 365: How Microsoft’s Evolving Strategy Impacts Your Future

Observations

Key Findings

• Information governance is a critical security issue, especially when enterprises roll out the software in a large environment. CIOs confront such roadblocks when going in the direction of building a support model for information governance.
• Even with Microsoft 365 integrated into the organisation, there is a consensus that sub-programs, such as analytics initiatives, are still essential to working out inherent risks. For instance, Power BI is viewed as constantly divorced from the overall Microsoft 365 journey.
• Structuring administrative roles further down other departments is crucial and takes time, especially when putting information governance and ownership on top of other priorities.
• Microsoft’s reference architecture, which is highly comprehensive for both security and analytics, involves massive implementation, which can discourage organisations from moving forward. A simpler roadmap is required.

Microsoft Wields its Licensing Power

It was noted that Microsoft has recently begun discontinuing at least some add-on options for E3 licensing. In the past, it was possible to add licensing for a specific service or feature (generally security related) to E3 licensing, rather than paying for a complete uplift to E5. During the panel session, it was revealed that Microsoft had refused to offer one such add-on for a client, effectively forcing them to either drop the use of the feature (thereby adding new risk to the organisation) or upgrade to the full E5 stack.

This highlights a concern for Microsoft’s clients: the recurring licensing model creates not only a lock-in (which Microsoft has arguably had for decades), but also strong pressure for licensing increases over time.

Microsoft also amended its licensing conditions in October 2019 in such a way as to make running virtual machines (for example, for virtual desktop infrastructure) on its main Cloud rivals uneconomical. Effectively, Microsoft took out the provision to run virtual machines on hyperscale Cloud services (AWS, Google, Azure) but then offered licensing options for Azure.

In addition, many of the critical Office services are actually part of the Azure ecosystem (e. g. much of Power BI, Azure Active Directory, Microsoft Information Protection and so on).

In short, Microsoft is leveraging its 365 subscription licensing, coupled with bundling, to create a dominant technology stack from the desktop up into the Cloud’s largest data centre services. It is a strategy that has every indication of succeeding.

But It’s Not Really About You

Despite clients’ weakening bargaining position with Microsoft, many also recognise that Microsoft’s real strategy is a long-term agenda of cannibalising third party solutions. Offering bundles of good-enough services to displace existing solutions within its client base isn’t new for Microsoft. Previously, they have employed similar tactics against Novel, Netscape and more recently (and still in progress) an attack on Zoom (with Teams) and Symantec (with its various security services in E5).

By leveraging its near monopoly in Office productivity, and bundling aspects of third party specialised products to stretch access to its licensing model, Microsoft compels users to drop other solutions and buy up to the next licensing level.

The good news is, this strategy can benefit Microsoft clients. It greatly reduces the number of suppliers, and therefore the complexity of the application ecosystem and procurement. It also potentially reduces the overall spend on software services. Microsoft still earns more from each client, but it comes at the expense of clients dropping third party products and services. Clients spend less money overall, while Microsoft makes more.

What to Expect From Microsoft?

• Microsoft will continue to develop its bundling strategy, spreading features in such a way as to draw organisations up to the E5 licensing. These new features will be in the areas of:
  • Security, identity management, and data governance (well underway)
  • Business analytics (well underway with Power BI)
  • Low-code (less mature with the Power Platform)
  • Federated knowledge management (fledgling, but expect to see a strong push in this space)
• In addition, it is expected that Microsoft increasingly limits add-on licensing options for E3, while also decreasing the cost difference between E3 and E5 bundles, as demonstrated with the recent price increase for E3 which disproportionately impacted smaller to mid-sized organisations. This will further place pressure on organisations to step up to the next licensing level.
• Microsoft will begin to introduce additional licences for new features that sit on top of E5 licensing. For example, it now charges a licence fee for organisations to obtain analytics dashboards for Teams-based voice services. Many of these add-on licences will sit within the Azure licensing structures, rather than 365.
• IBRS predicts that one such product that will require additional licensing will be a federated enterprise knowledge management solution. This solution answers a critical and growing problem for organisations using the 365 environment – the sprawling knowledge ecosystem that 365 enables. Microsoft has the potential to bring together several underpinning Microsoft technologies, SharePoint, Graph, ML based auto-classification, and the Power Platform to provide a modern, manage in place, electronic document and records management solution (EDRMS).

The above points may seem grim: a relentless push for more licensing fees from existing customers. However, when compared to a complex mix of best of breed solutions from multiple suppliers, requiring multiple skills sets and integrations, the Microsoft environment can provide more value at an overall lower investment.

However, for this value to be realised, organisations need to step back, take stock, and re-calibrate their 365 journey. Office 365 is not a replacement for the Office Pro suite. It is a core business workplace architecture.

Gaining the Best Value From Your 365 Journey

Ideally, when deciding on a level of licensing, organisations need to adopt a plan of clarity and rigour, and not just on cost. It must expand the software capability matrix to realise its full potential, as well as evaluate which O365 or M365 tools are indispensable to each employee category in the organisation.

IBRS recommends conducting an exercise to understand if the current software capabilities overlap with the 365 environment. Armed with the information from this activity, organisations can project investments forward 3 and 7 years (a full licensing cycle, plus a second cycle) to determine which 365 licensing model will provide the best value while factoring in third party products. It may be more economical or simply more practical to retain third party products that overlap with services offered by Microsoft E5 licence, or it may be worth preparing a project to introduce E5 licensing and then decommission overlapping, third party solutions.

IBRS notes it is important to have a plan to decommission such overlapping software, as these represent not only a licensing cost, but an operation cost as well. Too many organisations are procuring E3 licences, while not taking advantage of the services provided, effectively paying double for twice the trouble.

When considering the above, organisations also need to consider the level of maturity of Microsoft’s offerings. Microsoft’s maturity in its strategic areas also offers a structure for implementation priority and extracting value from 365, in a manner similar to the following:

1. Security: Microsoft currently has a strong focus on developing its security portfolio. It already has a more-than-good-enough offering of zero trust security services over the entire enterprise workplace ecosystem. As a result, security services should be the first area organisations explore for drawing more value from 365 licensing.
   1. Within the realm of security, adopting (or integrating with) Azure Active Directory (ADD) and Microsoft’s identity and access services is the first, foundational element.
   2. Multifactor and Single Sign-On (SSO): are features of AAD. These should be considered essential capabilities to be deployed as soon as possible. The key licensing consideration will be the need for SSO to custom solutions, though IBRS has not seen examples of where this has become an issue for Australian organisations. For most businesses, the decision will be what to do with existing identity and management (IDM) solutions, such as SalePoint, Okta, and Jamf. While most of these third party services offer more than just IDM, and generally provide a smooth login experience for staff, this must be considered against the services that Microsoft provides within its existing licensing.
   3. Office Endpoint Protection: Microsoft’s ecosystem for endpoint protection is evolving. Recently, Microsoft introduced Defender for Office 365 (aka, Defender) that offers three levels of licensing:
      1. Exchange online protection (EOP): that addresses broad, volume-based, identified attacks. EOP is included with all editions of Office 365.
      2. Defender Plan 1: which works to secure email and collaboration (Teams) from malware and business email compromise. Defender Plan 1 required a licensing upgrade (read add-on) for 365 E3 licensees. However, it is included with 365 E5 licences.
      3. Defender Plan 2: which includes post-breach investigation, hunting, and response, as well as automation and simulation (for training). Defender Plan 2 is included with 365 E5 licences.

      The structure for the above is cumulative, so organisations will need to first implement EOP then Defender Plan 1 and finally, (if required) Defender Plan 2. Since EOP is bundled with all 365 licences, it should be utilised as a matter of course, unless a third party email protection solution is performing similar tasks. However, the decision to adopt Defender puts an organisation on a clear path towards E5 licensing, since protection without forensic capabilities is problematic and hinders cyber incident responses.

   4. Data Leakage Prevention (DLP): organisations with E3 licensing can explore Mircosoft’s DLP services for email, potentially offsetting solutions such as Mimecast. However, to use Microsoft’s DLP with Teams requires an E5 licence. This is an example of Microsoft’s approach to cross-level bundling of features to drive upward pressure on licensing.
   5. Microsoft Information Protection (MIP): Formally Azure Information Protection (AIP), offers file-level encryption and conditional access. In a collaborative world, it is essential to adopt zero trust all the way to the file access level. MIP provides a solid solution that is not readily available from other providers – at least, not in a manner that is as transparently integrated with the Office ecosystem. MIP comes in two plans. Plan 1 (included in E3 licensing) which offers the essential elements to classify, encrypt and grant access to protected files, and plan 2 (included with E5 licensing) which includes automatic classification of information based on policies established by the organisation.
   6. Security Information and Event Management (SIEM): Sentinel is Microsoft’s entry into the SIEM space. Despite it being a relatively immature product, it has gained interest among organisations that have committed to the Microsoft ecosystem (i. e. they have been investing in E5 licences and are drawing heavily upon Microsoft’s security services).
2. Device Deployment and Management: Microsoft is promoting the use of Autopilot and Intune to deploy and manage devices. The days of system centre configuration manager (SCCM) and tiered approaches to desktop deployment are numbered (though will remain for a decade at least). The Cloud-based zero touch approach to device management will dominate within a decade. While security should be the first area of focus for drawing new value from the 365 environment, leveraging Microsoft’s new approach to endpoint management should follow shortly after, or be run in tandem.
3. Business Intelligence and Analytics: Microsoft has been promoting Power BI heavily as detailed in Power BI is Driving Data Democratisation: Prepare now. However, the value to Microsoft in Power BI sits within Azure data services. There are a myriad of Azure services, far beyond the services offered by E3 and E5 licensing, that come into play when an organisation decides to go all in with Power BI. These include: Power BI Report Server, Dataverse, Synapse, Azure SQL DB, Dataflow, Azure Active Directory, and so on. Start with analytics architecture. Rather than committing to Power BI as an endpoint for analytics, IBRS strongly recommends developing an analytics architecture. However, Microsoft’s reference architecture for analytics caters for large organisations with an end-to-end approach. In many cases, it is overkill for mid-sized Australian organisations. Instead, develop a more limited approach, focusing on initial business needs and end-user adoption.
4. Power Platform: Microsoft’s low-code environment has been bundled into the Power Platform. This set of services – ranging from eforms and workflow, to AI services – is expected to see strong adoption in the coming years. However, organisations report a great deal of confusion around how the Power Platform is licensed, and where and how it can be used for internal and external facing processes. Based on discussions with organisations, there are differing opinions as to the value the Power Platform delivers compared to third party products such as Nintex, UIPath, Appian, etc. While IBRS sees strong potential for the Power Platform, there is a lot of competition in the low-code everything space, and significant investor capital is going into this area. In the near-term, it may be better to consider the Power Platform as a lower priority in the 365 journey, outside of specific pockets of the business and use with Microsoft Dynamics.

The above is a highly condensed summary of how an organisation may approach its 365 journey and draw more value from the platform. It is clear that security should be the first port of call on this journey. Enterprises need to look at interdependencies and learn to report back to senior leadership to build a solid business case along the journey. This constitutes developing a strong support model and complementing it with structuring the organisation to align to the goals that were put in place.

Microsoft’s 365 Naming Convention

Microsoft has a broad set of licensing options under the 365 umbrella. For example, the term Microsoft 365 E3 has a very different meaning from Office 365 E5. In short, the licensing name conventions are broken down into several terms:

• Office vs Microsoft
  • The Office prefix denotes that the licensing covers Office productivity tools and services: email and calendaring (Exchange and Outlook), spreadsheets (Excel), work processing (Word), collaboration (SharePoint and Teams), and so on. Conceptually, Office 365 correlates to the persistence Office Professional licensing, but includes services (as opposed to servers) for Exchange and SharePoint.
  • The Microsoft prefix denotes that Enterprise Windows and related deployment features are added to the licensing mix. Conceptually, Microsoft 365 correlated traditional Windows with Software Assurance licensing, plus Office Professional.
• E vs F vs A
  • E stands for Enterprise and indicates that the licensing includes both online services and device-based clients.
  • F stands for Frontline (or field) and indicates that the services are for remote, mobile workers and focus on online or mobile access. F services are limited in scope, but significantly (roughly 25 %) of the cost of the next comparable Enterprise licence.
  • A stands for Academic and indicates that the licensing is calculated with special dispensations and pricing for qualifying educational institutions.
• 3 vs 5
  • The numbers post-fixing Microsoft’s licensing denote the level (number of bundled features) of the licence. However, there are subtle nuances to Microsoft’s bundling options. For example, an Office E3 licence includes data leakage prevention (DLP) services for email via Exchange, but an E5 licence is needed to enable DLP for Teams, even though an organisation will have both Exchange and Teams services included in its E3 licensing. It is this uneven distribution of features that allows Microsoft to draw organisations up through its licensing model. It is also a significant reason why organisations can easily find themselves unwittingly out of compliance.

Comments From the Peer Network

Licensing Complexity

• It is difficult to move out of the Microsoft suite once the enterprise has already transitioned its email, collaboration systems, and data to the Cloud.
• The added security products of E5 licensing are being used as safe links to cover security risk management. However, users are forced to upgrade to the full security suite since it does not offer standalone solutions anymore.
• Microsoft’s attempt to replace third party products could be a good strategy if its impact is centred on reducing complexity. However, there are nuances in moving up to higher licensing, which is important for mid-sized organisations being affected by the recent licensing price hike.

Microsoft vs. Third Party Solutions

• Microsoft would also have to develop supplementary products – likely under the Azure banner – to get to the full range of benefits they’re offering and drive enterprises away from other vendors’ products.
• There are other products in terms of team collaboration that far outweigh the benefits of Teams. But enterprises are forced to take advantage of it because it is already bundled into the suite and integrated with other Microsoft products.
• Organisations are still not as receptive to Microsoft 365 Business Voice compared to their older voice platforms, mainly because of their resistance to change involving their long history with existing systems (such as Cisco’s unified communications solutions as cited by one participant). In addition, the transition to Business Voice entails huge investments and a steep learning curve.
• The transition to telephony services from Microsoft requires E5 licensing, which adds to the cost of their subscription. Users are still weighing it against the financial value that it can deliver with long-term use.
• Microsoft will also need to catch up with other vendors, such as Google and Cisco, whose products offer real-time analytics that are already built into the product base. Users find that Microsoft has introduced a similar feature recently, but users may resist use until the new feature is proven.
• In terms of low-code development, Microsoft is aggressively pushing for Power BI, but it still isn’t as advanced relative to other platforms. One participant revealed that there was minimal information received from Microsoft on how to use it to their best advantage.
• On the other hand, Microsoft Forms falls below expectations in terms of offering added value to enterprise operations. The same holds for Microsoft Access, which contains fragmented information. Users end up with pockets of valuable information that is separated and hidden from core systems used by other departments in the organisation.
• Panellists at the roundtable shared concerns that information management is becoming unwieldy within the Office 365 platform. They remain conservative as of this time, given their previous experience with other Microsoft products.

Security

• Security identity is a vital component in the Microsoft environment and is well-entrenched. As soon as organisations enter into collaboration and unified communications, information governance issues crop up. However, Microsoft has unveiled products to solve this issue, but these are still far from becoming a holistic solution, being fragmented in their purview of analytics governance, for instance. This is because elements such as centralised and decentralised records, and systems of records of truth, come into play. Identity management is crucial in this sense, and Microsoft needs to own it to be successful in its overall strategy.
• Organisations implemented more robust security measures during their transition to Microsoft 365, because more products constitute greater security complexity in the entire lifecycle management process.

Building a Business-Oriented Roadmap

• While organisations believe in the ease of integration of Microsoft tools, they are still in the process of observing how to best leverage their Microsoft Power Platform and related services software to optimise workflow and leverage automation features. Getting the Power Platform into the enterprise roadmap means mapping the value of processes and measuring tangible productivity improvements.
• Product crossovers can impact how organisations catch up with adoption. Some employees are struggling to adjust to changes and the capabilities being unloaded in their workflows.
• Ownership of the technical administrator role largely depends on business administration involving the transition of responsibility on the new platform. There is a need to look ahead at these administrator roles and get them bedded down. The challenge with it (and not just Microsoft, but other vendors as well) is the constant addition of new capabilities to their environments that require a new administrator every time. Looking at it from the perspective of a business domain administration, and then down to technical administration support, will be the most generic approach organisations can take.
• A change of culture is still an issue when introducing new tech products such as Microsoft 365. One participant admitted that it is a tough challenge to go against third party solutions that are already approved by senior leaders and are already being well supported.