Microsoft 365 Optimisation

Microsoft 365 is a cloud-based service that brings together Office 365 but with advanced device management features, intelligent security, and innovative online services. Microsoft 365 helps drive productivity, collaboration, and communication securely across many devices. While customers often right size the migration to Microsoft 365 initially, and ensure the correct licensing, features, and security measures are implemented, over time customer requirements change, gaps emerge between what companies would like to have in place vs what they currently have, and changes to licensing and features are not realised. If left unoptimized, customer environments often face the following risks: Licensing risks: Licensing becomes difficult to manage when factoring in employee turnover, ongoing licensing management, new license bundle releases and not reviewed, customer innovation changing licensing requirements, duplication of features doubling licensing costs. Administrative risks: administration of users, groups, and privileged accounts not optimally managed leading to increased license usage for inactive users, unused groups (some with privileged access) and privileged account sprawl increasing risk to the business. Security risks: Gaps emerge in security and not governed correctly including a mixed user creation process, degraded enforcement of security features such as MFA, or conditional access policies, weak and non-expiring passwords, and lack of monitored and reviewed privileged security groups. Mailbox risks: Mailbox estate is not always clear, and lead to risks such as mailbox size growth trends not tracked hitting hard limits, lack of backups for mailbox data, connection using unsecure protocols (automated or manual), lack of insight into deprecated or soon to be deprecated authentication. OneDrive, SharePoint, and Teams governance: The introduction of these collaboration tools have allowed teams flexibility to create sites, channels, teams on the fly, which quickly spirals out of control, naming conventions are not adhered to (if any), initial policies, roles and responsibilities have stagnated, implemented controls have not been reviewed since initial implementation, guest access and external sharing policies might no longer be understood and overall governance might no longer be in line with company goals. Intune and Autopilot: As companies move to modern provisioning and management, left un-checked, un-managed or orphaned devices are never cleared, new devices are not associated to autopilot, baselines fall out of date, conditional access policies might not be configured correctly, key configuration such as disk encryption, attack surface reduction or endpoint detection and response policies are not implemented, policies covering BYOD or corporate devices might not be implemented.