Office 365 deployment abroad: take the time!

While the desire to bring together all Office 365 collaborative services can truly assert itself within multinational companies, it will nevertheless come up against many obstacles that sometimes call into question a rapid deployment. Having participated in several generalizations of the Office 365 solution in recent years in relatively consistent international environments, I would like to review the main difficulties encountered, which, in retrospect, tend to appear systematically in these scenarios. The knowledge of the latter should enable you to identify the main areas of reflection and anticipate the work sites to be organised before any deployment.

2 What is Office 365 Deploy?

If we consider only the technical aspect, Office 365 deployment could go through the following three major phases:

  • Service activation;
  • Directory synchronization;
  • Customer deployment.

But to consider only these three steps would be extremely simplistic, because Microsoft’s Cloud offering cannot be limited to the most well-known functions, namely:

  • Exchange Online – Exchange Online
  • Skype Online – Skype Online
  • Office Suite – The Office Suite

Office 365 is a Cloud offering that is particularly rich in features, in constant motion and with multiple options. Also, reducing the deployment of the 0365 environment to a simple technical project is a mistake not to commit! In reality, the deployment of the 0365 environment is larger and will raise many questions within the project team.

The first question concerns the functions you want to activate, in relation to user populations. The planned result must therefore take into account the technical and environmental prerequisites that your company will be able to deploy within the time allotted to the project and that are necessary for the proper functioning of the above-mentioned applications.

3 Determining the Functionality

The study of the technical aspects is of no use if you have not previously determined the functions you want to make available to users. In most Office 365 projects, the functional options can be distributed as follows:

  • Major functions: These are the ones that will be deployed for all users. You’ll naturally find the Office suite, messaging and collaborative aspects such as Sharepoint, Outlook and of course Skype (Presence & Instant Messaging).
  • Minor Functions: These are those that will be deployed or activated on a case-by-case basis depending on technical capabilities (Skype Video, Stream) and specific functions such as BI or Powell for smaller populations.

The choice of tools being guided by the acquisition of licenses, these will naturally condition the technical prerequisites that you will have to determine. It is also fundamental to consider these choices in relation to the multiple local environments that each remote site represents.

In addition, if the company has chosen to acquire all the licenses from the beginning of the project, it is likely that its management will expect a rapid deployment of these same functionalities.

But beware, this haste can be incompatible with the time it takes to deploy the prerequisites!

The functions selected will also have a more or less significant impact on the transition phase. Indeed, the more functions there are, the more important the change is. This is because the transition (data transfer and transformation of services) and the support of users will thus prove to be consequent.

4 Estimate the prerequisites

The deployment of Office 365 services will require a number of technical adaptations, which will mainly concern:

  • The network
  • DNS resolution modes of remote sites
  • Security and traceability of accesses.

For having to explain them several times, depending on the functionalities you decide to activate, these will have different impacts on your networks.

4.1 DNS resolution modes of remote sites

The most common consequence of deploying office 365 services is the DNS resolution of remote branches and sites. Each user of these sites must be able to be geolocated via local DNS services in order to allow the connection of customers as close as possible to an Azure Office 365 point. Otherwise, your remote clients may have relatively long access times, which will inevitably affect application responsiveness.

4.2 Networks and their evaluation

The company networks, when they concern international companies, are varied because the offer and possibilities of connection, according to countries or continental plates, are also varied. From the MPLS complex to the simple VPN connection, the usage, capacities and characteristics of the connections will have to be closely examined with regard to the application requirements (Bandwidth, latency etc.).

The aim here is to ensure that the services envisaged will function properly through these links and for which population groups. Network evaluation is therefore one of the most important tasks that your technical teams will have to perform.

4.3 Access security and traceability

One of the most neglected issues in Office 365 projects is security and access traceability. With regard to safety, it is not uncommon for these projects to be abruptly slowed down by safety requirements that would not have been taken into account at the beginning of the project. The most common points raised were as follows:

  • Authentication: How does client authentication (workstations and mobiles) on the Microsoft environment work?
  • Securing connections: What are the protocols used and the data sent to the various authentication services, whether basic or modern, based on a delegation of services (Federation) or not?
  • Encryption: What types of data will require additional protection, such as additional encryption?
  • Conditional access: Is the username/password pair sufficient to guarantee access to sensitive data in a mobile environment?
  • Proxy Service: How to track client accesses through proxy services without compromising infrastructure support and guaranteeing geolocation?

So many questions that you will have to answer sooner rather than later and that you should discuss with the security teams right from the start of your migration project!

5 Propose a governance model

Migrating all the workstations of a large company will lead to the standardization of tools but also the arrival of a centralized administration. Previously distributed over the various sites, maintenance responsibilities in operational conditions and service levels of the various software solutions were thus the preserve of local teams, close to their users and specific constraints often related to the business lines.

The advent of a single platform, however efficient it may be, will therefore upset these organizations and bring new organizational needs to the forefront

It is then essential to ask yourself some questions:

  • Which teams will be in charge of the platform’s administration?
  • What will be the privileges of the local teams on the organization’s leader?
  • Who will be responsible for the financial part of the solution (license management, service consumption etc.)
  • What will be the account creation processes (provisioning) and reporting?
  • How to organize the re-invoicing of services within the various subsidiaries?
  • How is technical support organised in case of problems accessing the platform?

These aspects of governance must be taken into account at the earliest in your migration project. Indeed, you understand that these subjects raise sensitive issues because they touch on the question of responsibilities, which, by their very nature, can take longer and be more difficult to resolve.

6 Involving safety

Security teams must obviously be an integral part of the project from the start, because implementing an Office 365 solution means mobility, connecting to the host and storing data in the cloud, with partial replication on workstations.

Ignoring safety means taking the risk of stopping the project from the very first phases of the pilot. It is therefore crucial to discuss their requirements and recommendations with them, so that you can propose possible solutions or additional functions such as Multifactor authentication or the possibility of using a company-specific encryption key (Bring Your Own Key).

Some adjustments are likely to be necessary in particular to strengthen the protection of mobile devices, such as conditional access to the 0365 platform, which would require prior enrolment of the Mobile Device Management (MDM) type.

In general, you will therefore need to demonstrate that the transition to Office 365 services is not detrimental to the security and confidentiality of information.

7 The legal aspect

Deploying Office 365 means above all entrusting your data to an American company. Most of these data will be stored on two data centers on the same continental plate. These centers can be located in Europe or in Microsoft infrastructures around the world.

Microsoft takes data storage issues outside Europe (GDPR) very seriously or vice versa (the problem of data storage outside the USA for US subsidiaries in particular), but its offer still has some limitations that you must take into account. And some business constraints may lead you to accept that certain services remain locally on remote sites. In experience, getting the legal department of a large company to give the green light to centralize data outside the country of origin takes time because the process is usually complex and sometimes new. You should address these points as soon as possible.

As you will have understood, apart from the organizational aspects, the generalization of O365 services within international distributed companies and therefore subject to local constraints is not so simple!

The resulting problems are sometimes far removed from the world of technology but nevertheless remain structuring for this type of projects.

Precise knowledge of the 0365 offer, adapted support and a consistent methodology should thus constitute an additional weapon to face these questions and guarantee the success of your O365 deployment projects!

Laurent TERUIN

Votre commentaire

Choisissez une méthode de connexion pour poster votre commentaire:


Vous commentez à l’aide de votre compte Déconnexion /  Changer )

Photo Google

Vous commentez à l’aide de votre compte Google. Déconnexion /  Changer )

Image Twitter

Vous commentez à l’aide de votre compte Twitter. Déconnexion /  Changer )

Photo Facebook

Vous commentez à l’aide de votre compte Facebook. Déconnexion /  Changer )

Connexion à %s