Pete is a VP of Technology at ThreeWill. Pete’s primary role is driving the overall technology strategy and roadmap for ThreeWill. Pete also serves as ThreeWill’s Hiring Manager and is constantly looking for new talent to join the ThreeWill Team.
Every business wants to increase productivity. Whether it’s getting a loan approved faster, uploading pictures to process an insurance claim from an accident site, requesting time off, managing partner relationships, improving access to data and processes is what every customer of ours is looking for today. But how can you ensure your business is not increasing risk with all the ways you can share information, access business data, and collaborate with people? You must ensure you enable technology to increase productivity while enforcing policies to reduce risk.
Productivity or Policies – Which is more important?
It’s a trick question. Productivity and policy enforcement are both important. Most people are familiar with Microsoft’s “old” productivity suite, Office. Now, Microsoft 365 extends beyond the creation of documents to a huge array of products and services that enable individuals, teams, and enterprises to be productive, getting things done anywhere and anytime. The past year has proven that Microsoft 365 can increase an organization’s productivity and, “produce” more than ever before. More documents, processes, interactions, applications, partners, and much more. Every. Single. Minute!
New forms of productivity such as collaboration with external partners, or the ease of creating applications and workflows as a “citizen developer”, reveal gaps that can expose your information, organization, and business to new risks. Your current policies and practices are probably not keeping up with the dynamic collaboration and massive amount of content produced in your business every day.
The result? We see productivity and policy reach a stalemate, and the potential business value of Microsoft 365 grinds to a halt, or worse; never gets rolling. Often, IT organizations responsible for enabling technology adoption to increase productivity lock features down, or disable them entirely, out of fear or lack of control. No more productivity!
So how can you increase productivity, enable employees and partners, and be more innovative and competitive, but not lose control? How can have productivity and policy enforcement? Alignment of your business objectives and IT policies, that’s how!
Aligning Productivity and Policy Goals
Businesses adopt new technologies, especially technologies like Microsoft Teams or Power Platform, to derive value from them – e.g. profit, productivity, efficiency, or innovation. IT organizations (classically) are tasked with managing the availability, costs, adoption, growth, security, and risk of technologies the business uses. These objectives can often create friction, in the form of a productivity OR policy enforcement dichotomy. And, it can have all sorts of negative consequences to businesses.
The analogy of a car’s wheel alignment works well here. Improper wheel alignment is dangerous and causes wear to critical parts, reduces efficiency, and increases the potential risk of accidents. You cannot go fast with improper alignment – very bad things can happen! The lesson – if IT and the business are not aligned, IT might be the brakes and slow the car down, reducing productivity. However, if business objectives and IT policies are aligned, everyone can move faster, safely!
Business and IT alignment is a matter of defining your strategy, policies, constraints, communications and training, and then monitoring to ensure technology adoption is possible and provides value. It is hard work, but spending the time to discover what the business is trying to achieve and defining policies that can enable the desired outcomes will provide significant returns.
Define Productivity and Policies
The process starts by getting the business and IT collaborating to define desired outcomes. Then identify the policies, constraints, monitoring, communications, and training necessary to achieve the desired outcomes. During the process, consider metrics that will indicate what success means for the outcome. What policies will the business and IT need in place to ensure productivity can be positively impacted but also mitigate risk? Consider how progress is monitored and identify lead measures to indicate if you are progressing to the correct outcome. Finally, and this is one of the most overlooked steps, identify how you will communicate, train, promote and recognize proponents of the new technology to ensure the outcome is achieved. New technologies can only improve organizational performance and efficiency if people use them!
Let’s use a contrived business outcome as an example. We will use the concept of process automation here, but apps, collaboration, partnering, and other outcomes can also be mapped to this process.
|Outcome: As part of our strategy to improve overall process efficiency, we will enable business users to automate organizational level business processes|
|Scenario||Policy||Constraints||Monitoring||Comms & Training|
|Business user automates an internal organizational process||• Apps and processes must have (2) internal owners|
• Business justification must be provided for each process
• Processes inactive for 90 days will be archived
|• Business apps will be deleted if non-compliant 30 days after creation|
• Applications requiring access to external data must meet InfoSec guidelines
|• Daily inventory updates of processes/apps (IT)|
• Monthly review of performance to outcome (Org)
• Monthly audit of licensing (IT)
|• Internal news posts for apps|
• Monthly “Maker” recognition awards
• Training videos for learning automation
Note: The table above is output from Governance Workshops we do with customers – Contact Us for more information.
The hard work of defining the outcome is done, what’s next? Now the adage “If you’re not measuring it, you’re not managing it” comes into play! Enforcing policies while remaining productive requires visibility into the users, services, applications, and events that are occurring in your Microsoft 365 tenant. To stick with our example above, if the goal is to improve process efficiency with automation but you have no visibility into whether people are creating and using Power Automate Flows, IT may need to apply the brakes. Having tools that provide visibility into your Microsoft 365 tenant’s configuration, operations, and the current state is the key to ensuring you can measure and manage the defined business outcomes.
Measuring and Managing Productivity AND Policy Enforcement
Once you have the strategy in place, it is time to measure and manage to ensure success. We already identified that simply having the policies is not enough. You need visibility into the applications and systems in Microsoft 365. Two great examples of gaining visibility into how Microsoft 365 services are deployed and consumed in your tenant are the Power Platform Center of Excellence (CoE) Starter Kit and Rencore Governance.
Power Platform Center of Excellence (CoE) Starter Kit
The Power Platform has the potential to increase productivity and innovation VERY quickly in any business or enterprise. The Power Platform enables users to build incredibly creative, innovative, and valuable solutions to a myriad of business scenarios. But with great power comes great responsibility!
“The Microsoft Power Platform CoE Starter Kit is a collection of components and tools that are designed to help you get started with developing a strategy for adopting and supporting Microsoft Power Platform, with a focus on Power Apps and Power Automate.” (Overview)
The CoE Starter Kit enables deep visibility into your Power Platform environments. This provides the information and insights needed to increase platform adoption and innovation in the business. The Starter Kit also enables the configuration and control IT needs to ensure your strategy is implemented according to the policies and constraints.
The key phrase here is “starter kit”. Installing the CoE Starter Kit is not the end, but the beginning of increased visibility, usage measurement, cost data, and adoption insights. The CoE Starter Kit is designed to help you get started monitoring, governing, and nurturing your Power Platform environment. The work done to align your business and IT objectives, combined with the deep and actionable insights of the Starter Kit, can ensure productivity and policy enforcement are possible in your business. The Starter Kit comes out of the box with many Flows, Power BI Reports, and Dashboards as a baseline to get started, and you can customize according to your needs. See Microsoft’s Center of Excellence (CoE) Overview for full details.
Rencore Governance is an excellent tool that enables discovering, monitoring, reporting, and automating policy enforcement in your Microsoft 365 environment. Unlike the CoE Starter Kit, Rencore Governance enables you to move from strategy and policy definition to measuring and managing multiple services in Microsoft 365, not just Power Platform.
Rencore Governance provides deep visibility to multiple Microsoft 365 services so you can measure and manage users, licenses, Microsoft 365 Groups, Teams, Flows, Sites, OneDrive, Power Platform, and more. You can inspect the services for usage, increases in consumption, monitor possible productivity changes, and ensure that policies are enforced across multiple services.
Rencore Governance continually discovers the current configuration, status, and events in your M365 tenant. This continuous inventory enables monitoring, measuring, and managing each services’ policy conformity according to several standard reports. While the standard reports are valuable, the policy verification Checks and Dashboards are fully customizable and can integrate with Automation. The full view of a Microsoft 365 tenants’ adoption, usage, licensing, storage, security, and much more, not only provides analytics to track progress but enables proactive governance, ensuring inter-service policy compliance.
Let’s use a different example than our Flow scenario above. Consider identifying an outcome of increasing collaboration with external partners and ensuring that SharePoint files are not shared with external Gmail recipients. Creating a policy Check-in Rencore Governance for these conditions ensures you are enabling the sharing activity and limiting the risk of data exposure to Gmail recipients. In addition, you can take action to email the site owner to remove access immediately, send a Teams notification to mitigate the risk or log the entry to an external audit log for future reference.
Every business can increase productivity and enforce policies. Enabling the automation of a document approval process, instant form and image completion in the field, ubiquitous access to forms and processes, and much more is possible without increasing risk.
Enabling and adopting Microsoft 365 services can improve productivity and increase business innovation. With proper alignment of business and IT objectives, services can be enabled and monitored to get the benefits of the productivity these services provide AND policies can be enforced to reduce exposing your business to unnecessary risk.
One size does not fit all. You will find that there are exceptions to policies, and that’s ok. You now have a process to define, and tools to manage, these exceptions with visibility into their value to the team, group, or organization that uses the services.
Rather than users never even attempting to innovate, enable those Microsoft 365 services you have licensed, monitor them, and adjust or create new policies as needed to promote business innovation, not stifle it.
Productivity and policy enforcement are not opposing forces! Armed with the right strategy and analytics you can empower business users to be superheroes. Let’s say goodbye to the days of IT having to apply the brakes due to poorly aligned business and IT objectives. Today’s techniques, telemetry, and tools can enable IT to say “Yes, and…” instead of “No!”