Q&A

Q&A with Stacy Deere-Strole: The New Governance -- Staying on Top of Office 365

Office 365 has a lot of moving parts, with Microsoft constantly adding new features and deprecating others. It can be a lot for IT teams to keep track of.

• By Gladys Rama
• 08/26/2021

For an organization to get the most out of Office 365, a good governance plan is key. It can help streamline the process of provisioning new components, ensure that content gets securely shared with the right people, keep Office 365 environments from getting too bloated with unneeded apps, and more. The problem: Office 365 has a lot of moving parts, with Microsoft constantly adding new features and deprecating others. It can be a lot for IT teams to keep track of.

Solutions architect and SharePoint MVP Stacy Deere-Strole knows the ins and outs of Office 365 governance. Her session, "The New Governance -- Staying On Top of O365," at the upcoming Live! 360 conference in Orlando, Fla., will address the most common pitfalls and questions that IT teams have when it comes to making an effective governance plan for Microsoft's productivity platform. We caught up with Deere-Strole recently and discussed what makes Office 365 governance more critical now than ever.

Redmond: Why is creating (and maintaining) a governance plan for Office 365 so thorny compared to other products? 
Deere-Strole: Microsoft 365/Azure has its own foundational configuration that includes items such as security. Then you have a number of apps that then sit on top of Microsoft 365 that have their own configurations, requirements, et cetera, such as Exchange, Active Directory, SharePoint and so on. They are all pieces and parts that make up the whole of Microsoft 365, which is much different than before. For example, SharePoint and Exchange were two totally different environments and the only connection was e-mail routing-type things. Above and beyond that, the two teams probably had very little interaction with one another.

Now every decision that affects Microsoft 365 as a whole needs to be communicated to all app owners. A very strong change management process is needed to ensure decisions that are made or configurations that are changed do not impact the other apps.

How would you pitch prioritizing governance to an organization if it hasn't seen it as a priority before?
Biggest pitch right now is, "Have you seen the news lately?" With all of the security breaches, malware and ransomware intrusions at very well-known companies, it should be a slam dunk for any organization. They have seen what those companies have experienced, the money it has cost them and how their reputations have been tarnished because of these actions. If they had governance documented in some format, and then you need to go configure an environment like Microsoft 365, they have clear requirements that the organization must meet -- it's like a checklist during configuration.

In addition, during configuration they are seeing other options for security, features and functionality that then can be brought up for discussion, decided on and implemented to enhance. Then the requirements have now been adjusted and would need to be updated for future configurations.

How do you build in flexibility into your governance plan to accommodate both cloud-based and on-premises applications?
Making sure the place that you are capturing your governance content works for on-prem and cloud and ensuring there is a clear identifier of which environment the content belongs to. For example, if I have built a governance site, the pages I build for cloud content might have a blue banner but content for on-prem might be red. Then, of course, how you're displaying the pages in a Web Part, et cetera, so they have defined separation and there is no confusion.

How should organizations adapt their governance plans for the remote-work era?
For a long time, I have known and tried to convince companies that a governance document is not the best way to capture the data. It can be rather overwhelming in a large company so individuals will skim and miss information or choose not to even bother with it. Remote work has forced companies to find ways to get information out to their users in a fast, more convenient way, and trust that it is the most current information.

With that being said, more and more I am building governance sites and utilizing pages for smaller content areas so you can assign page ownership and utilize search to assist in making the content more prominent when a search is done. Users now are getting governance information in their searches and finding what they need, not even knowing it's actually governance. Meaning, it's just like any other content within SharePoint.

What's the biggest governance misstep that you've seen? 
All companies have governance because they have policies and procedures, guidelines, handbooks, et cetera. The misstep is companies will say they don't have it but what that really means is they have just never gathered their governance content and formalized it and placed it in a way that it can be easily utilized, updated and -- most importantly -- audited.

When it comes to governance teams or departments, do you see an increase in the number of resources needed to create and maintain governance?
My answer would be: It depends on what the company has currently. However, with the new ways to handle governance content, you have the potential to grow your governance team from a few resources to the entire company, and you should join my session and I will explain and show you how.