Upload
johnconnected
View
316
Download
1
Embed Size (px)
Citation preview
Webinar: O365 Groups- Best Practices and SolutionsPresented by AvePoint
John PelusoAvePoint
Sr. VP of Product Strategy
@JohnConnected
Agenda:
• What’s a “Group” anyway?
• What’s to worry about?
• What is Microsoft Doing?
• What should YOU do?
• Demo
• Live Q&A
©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc.
From Tahoe to today.
Deloitte
Technology Fast 500
Inc. Magazine
Hire Power Award
Ernst & Young
Entrepreneur of the Year
Windows IT Pro
Best SharePoint Product
©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc.
All-In
On-Premises
Hybrid
88 Countries 6 Continents
15,000Customers
5 MillionCloud Users
©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc.
©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc.
Different groups have different needs
Co-Creating
Content
Mail &
Calendar
Voice, Video
& MeetingsChat-based
Workspace
Sites & Content
Management
Enterprise
Social
Today’s Challenges
Siloed Apps Friction across applications – multiple logins, difficulty sharing and discovering information
Shadow IT Incomplete toolset can lead to inconsistent security, compliance and risk
Wasted TimeContext switching between different apps drains attention and time
©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc.
Office 365: Designed for the unique workstyle of every group
Complete Collaboration SolutionOffice 365 addresses the breadth of
collaboration needs across your company
Integrated ExperiencesOffice 365 Groups and Graph enable
integrated experiences that facilitate
effective collaboration
Security and ComplianceOffice 365 delivers the security,
compliance and manageability
required in today’s workplace
Co-Creating
Content
Office 365 ProPlus
Mail &
Calendar
Outlook
Voice, Video
& Meetings
Skype
Chat-based
Workspace
Microsoft Teams
Sites & Content
Management
SharePoint
Enterprise
Social
Yammer
Office 365 Groups
©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc.
Office 365 GroupsSimplifies Collaboration
Today
Request DL for messaging
Get SharePoint Site for files
Create project plan
Manually manage permissions on content
Ramp up new team members based on previous group discussions
Apply & manage policies on content
Manually manage membership and access on DL
Benefits for IT
Group identity & assets created in a single step
Centrally managed as a single object in AAD
Simplified permissions and access structure
Benefits for end users
All group assets created in a single step
Easy to manage independently
New members onboard quickly
CollaborationIn the Past
Self-service group in application of choice
Office 365 Groups is a membership service
User creates new group
for collaboration
Office 365 Application
Group experience
populated in app of choice
Office 365 Application
One IdentityAzure Active Directory (AAD) is the master
for group identity and membership across
Office 365 (Exchange, SharePoint, etc.)
Federated ResourcesO365 services extend with their data
(e.g. Group messaging, SharePoint
TeamSite, OneNote, Planner)
Loose couplingServices notify each other of
changes to a group (e.g., creation,
deletion, updates).
Group identity created
Azure Active Directory
Identity, Resource URLs,
Owners, Members
©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc.
Calendars
User mailboxes
Planner task comments
Group conversations
Group mailboxes
MS Teams Chats
Instant Messaging
S4B Broadcasting
Internal Networks
External Networks
Sites, Lists, Libraries
User OneDrives
Planner attachments
MS Teams attachments
Group notebook
Group Files
O365 Video Portal
Yammer Notes and Files
Classification
Recertification
Granular
backup/recovery
Information
Lifecycle
Administrative
Policy
Enforcement Provisioning Usage and ROIMigration &
Restructuring
Plans
Buckets
Tasks
Planner
… …
… …
Risk Management
©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc.
User confusion: What O365
service to use and when?
Trying to navigate to Groups
and Group Resources is painful
and disjointed
Balance: cool new tools for
end users with ability to
enforce corporate policies
Same old problems: “Owners”
have too much power
©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc.
https://techcommunity.microsoft.com/t5/Office-365-Groups/Curious-Are-you-allowing-all-users-to-create-O365-groups-or/m-p/37908#M1662
©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc.
https://techcommunity.microsoft.com/t5/Office-365-Groups/Curious-Are-you-allowing-all-users-to-create-O365-groups-or/m-p/37908#M1662
©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc.
©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc.
To Enable Modern Team Collaboration Experiences
Dynamic
Membership
Privacy type
conversion
Multi-domain
support
Creation policies
in Azure AD
Mobile
application
management
Data classification
and extensible
policies Usage
guidelines
Exchange Admin
Center UI for
upgrading DL to
Groups
Hybrid guidance
& improvements
Audit log report
SharePoint site
usage report
Groups activity
report
©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc.
End UserCreate group
Set as public/private
Add members & admins
Add/remove external members
Delete group
Tenant AdminPull reports on group activity
Control who can create groups
Establish dynamic membership
Set naming & retention policies
Master permissions for groups
Admin Tools
> Get-UnifiedGroup #create/update/view groups and their settings
> Get-UnifiedGroupLinks #Manage members, owners, and subscriber list
> Get-MsolSettings #Manage tenant-wide group settings
Admin UI
Office 365 Admin Center
Office 365 Admin app
Azure AD Admin Portal
Exchange Admin console
PowerShell
Execute against Azure AD as
primary
Synchronous notification/update in
Exchange/SP
*-UnifiedGroup / *-MsolGroup
*-UnifiedGroupLinks
*-MsolSettings
©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc.
Naming policySet on display name during create/change
Blocked word list, pre-/post-fix based on AAD attributes
IT admins can override
Only applies to Outlook (web, desktop, mobile) endpoints today
Dynamic membershipDefined in Azure AD Admin Portal or via PowerShell, see Using attributes to create advanced rules
Hidden membershipMembership is only exposed to members
Configure using REST API today and via PowerShell in the future
Group creation permissionsAzure AD policy can restrict some users from creating groups anywhere in O365, see Manage Group Creation
Does not prevent users from using groups
IT can still create groups
©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc.
https://www.avepoint.com/blog/technical-blog/how-to-manage-office-365-groups-natively/
©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc.
Naming policy
Banned words and profanity checking
Deletion recovery (soft-delete)
Expiring Groups
http://fasttrack.microsoft.com/roadmap
What’s Next?
©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc.
Office 365 Groups becoming a primary focus
BenefitsEasy to provision by anyone
• Include all necessary team resources- Security Group- File storage- Calendar and group mailbox- Notebook- Discussions- Task management
• Microsoft continuing to invest
• Interfaces are user friendly
Risks• Sprawl
• Oversharing is hard to avoid“Public” by default
• Group artifacts are spread across Office 365 services
• Only basic features planned for recovering artifacts “Soft delete”
• Only basic lifecycle story“Expire and delete”
©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc.
Archiver
AvePoint Online Services for Office 365
Governance
Management
Backup & Recovery
Compliance
Insights
Priced to appeal competitively for SMB customers against Metalogix / ShareGate
Contains: Administrator, Content Manager, Replicator, Deployment Manager, Policy Enforcer, Identity
Manager, Report Center (Does not include Cloud Insights)
Priced to appeal to enterprise customers as value beyond the management workload.
Contains: Governance Automation Online and Management for Office 365 package
Priced competitively to existing Backup and Recovery vendors for Office 365
Contains: Backup and Recovery for Office 365 including Exchange, SharePoint, OneDrive for Business, Groups, and
Teams
Priced based on demand from regulated customers, suggested packaging with GAOL for lifecycle management
Contains: Archiver for Office 365 including SharePoint and OneDrive for Business
Ensure your data is protected throughout Office 365 with all-in-one scanning, reporting, and built-in issues
resolution.
Contains: Compliance Guardian Online
Provides Office 365 Administrators and Content Owners with the intelligence they need to make more informed
resource allocation and data management decisions.
Contains: AvePoint Cloud Insights
©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc.
Provisioning with approval
of the requestsAutomated policy
enforcement
Recertification of key attributes
and permissionsAutomated site and
content lifecycle
©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc.
Native options“Build Your Own”
The Good:
Can align with corporate
processes
The Bad:
Requires constant effort to
develop, support, and
maintain as MSFT innovates
rapidly. Primarily focused
just on the provisioning –
doesn’t solve ongoing
lifecycle management
The Ugly:
You will need to repeatedly
invest to stay current with
Microsoft’s pace of innovation
Native Options
The Good:
Self Service Group creation
allow users to create new
Group objects easily
The Bad:
Few, difficult to scale controls
and policy restrictions
The Ugly:
You are bound to end up with
sprawl, redundancy and
oversharing in groups
AvePoint’s Solution
FrameworkNo-code configuration of
provisioning, permissions
and ownership, and lifecycle
services – extensible via
PowerShell and REST APIs
Full auditing and reporting
of requests and approvals
with admin and ROI
dashboards
Monthly feature and bug-fix
releases, 24/7 support
provided
©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc.
Flexibility in creation
• Multiple classifications for tracking
• Gathering of organization-specific
details about the requested Group
• Requestor-driven dynamic membership
• Organizational roles and permissions
for stewardship and change
management
• Divisional or departmental provisioning
policies
• Request approval where necessary
Management and lifecycle
• Periodic recertification of owners,
members, permissions and classification
• Merge/separate Groups and their data
• Inventory and tracking of Groups and
their activity
• Policy-driven restrictions for
membership within Groups
• Control over ownership and options for
end-of-life decisions
©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc.
Native options Access Permissions
Who can do what to the
stuff in here?
Does Bob still need his
access?
No native solutions for
periodic permission review
and certification
Data Ownership
Who is responsible for the
stuff in here?
Are they still here and
willing to own it?
No native solutions for
ensuring data ownership for
Office 365 content stays
current
Classification
Tell me about the stuff that
lives in here…
Is it sensitive?
Is it important?
No native solutions for
ensuring content is properly
classified
©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc.
AvePoint’s Office 365 Groups strategy
TodayGovernance of group creationBetter, role-based control of who can request a group
Mandate options like “private” and “unsubscribed”
Require approval for group request to reduce sprawl and redundancy
Manual and automated group lifecycle Set appropriate group lifespan based on business purpose
Extend or delete when expired via configurable approval process
Granular move/copy/restore of group files and mailbox items
TomorrowSingle pane of glass for Group management• Group creation permissions, naming and guest access
• Backup, restore, archive and movement of a group’s content and artifacts
Enhanced lifecycle for groups• Expire groups based on access patterns
• Archive rather than delete when expired
Recertification for groups• Membership
• Classification
• Ownership
Thank You for Joining:
Office 365 GroupsPresented by AvePoint
For More Blogs, Videos, & Webinars, Check Out:
www.avepoint.com/office-365-groups