It often feels like IT has to choose between giving end users the freedom to work the way they want and ensuring that company data is secure. But it doesn’t have to be one or the other. Read on to discover how you can facilitate end-user productivity and security in the cloud.
With more and more organizations embracing a remote or hybrid work environment, IT is playing a bigger role in how end users collaborate and do their work—for better or for worse.
Some IT leaders choose to lock down end users, hoping this will prevent data leaks. Oftentimes, this leads to their IT team getting buried under a mountain of end-user tickets. Or, if people feel like they can’t do their jobs, they start using shadow IT, creating bigger security risks.
Other IT teams enable self-service and let their end users work the way they want to, but end up spending countless hours manually scripting policies, enforcing them, and monitoring their environment trying to stay on top of security and trying to mitigate sprawl.
Neither of these situations is ideal. And at ShareGate, we truly believe you can have the best of both worlds, end users that can be productive and compliant, without bogging down your IT team with end-user tickets or tedious manual tasks.
Table of contents
How to encourage end-user productivity in Microsoft 365
Microsoft has been pushing self-service for the past few years, for good reason. By allowing your end users to have some control in Microsoft 365, they’ll be able to work the way they want to, when they need to.
Rather than creating a ticket asking IT to make a new team for them, self-service enables end users to simply create teams themselves. This prevents bottlenecks and lets end users start creating and working in teams right away.
It also saves IT time because they don’t have to spend their day responding to tickets for tasks end users could be doing themselves.
We recently hosted The evolution of IT, a panel discussion with three Microsoft MVPs, Marc D. Anderson, Maarten Eekels, and Jasper Oosterveld, about how the role of IT is changing. They all agreed that embracing self-service is one of the best moves IT leaders can make for their teams and their organizations as a whole.
And Marc added, “While IT is extinguishing fires, they’re also managing to stay in the way.”
Of course, if you enable self-service and end users don’t know how to create, use, and manage their resources in Microsoft 365, it can lead to sprawl or even security risks (which we’ll address in the following section). So, while we encourage you to turn on self-service, we also believe that you need to lay some groundwork before you toggle that button.
The main points all three MVPs agreed on? Communication and education are key. Make sure your end users understand how to work effectively in Microsoft 365. Help them make the most of the tools available to them, Otherwise, they might make a mess or start using the dreaded shadow IT they’re more familiar with.
But communication is a two-way street. End users need to listen to what you have to say about Microsoft 365 and IT needs to listen to end-users to find out if there are ways they can help them do their work.
This was one of the points that Jasper emphasized during the panel discussion.
Whether it’s with a committee dedicated to communicating new IT guidelines, features, and updates or regular seminars on how to use the tools IT is providing, there are lots of ways to establish that communication between IT and end users. And that’s essential to increasing end-user productivity.
And for remote teams, Microsoft’s modern workplace offers an enhanced experience by providing comprehensive collaboration tools and streamlined workflows.
How to keep your Microsoft 365 environment secure while enabling self-service
One of the main reasons organizations avoid self-service is because they’re worried about potential security risks. The fear is that, if IT opens up their environment for end users to work more freely, end users might leak company data.
There’s also a concern that enabling self-service will make it harder for IT to keep track of all their cloud content. These concerns are fair, but they’re not as cut and dry as they may seem.
The truth is data leaks are plausible when self-service is enabled or disabled. End users often turn to shadow IT when they can’t work the way they want to, and your organization’s secure content can just as easily be exposed externally because of shadow IT.
And while it can be harder to monitor your self-service-enabled environment manually, there are solutions, like ShareGate, that can help you get visibility into your tenant so that you can properly track and report on it.
So, if security is your priority and there are security risks with both enabling and disabling self-service, what do you do? We recommend enabling self-service and putting guardrails in place so that your end users can work openly within the limitations you’ve set.
During the MVP panel, Marc summed it up perfectly:
Once you set up policies to ensure your organization’s data will remain secure, you need to educate your end users. Make sure they know about the tools you offer, how they work, when to use them, and so on.
👉Free course alert! Get advice on how to mitigate shadow IT by optimizing security and adoption.
5 Microsoft tools to secure your tenant
Looking for some specific policies that can help you secure your organization’s data? These are our 5 favorite security measures that Microsoft offers:
- Enabling multi-factor authentication (MFA) to ensure that only authorized users can access your environment.
- Configuring Azure Active Directory (AD) Identity Protection to monitor for and detect potential security threats such as suspicious login attempts.
- Using Azure Information Protection to classify, label, and protect sensitive data.
- Keeping your software and devices up-to-date with the latest security patches and updates.
- Using Microsoft Cloud App Security to monitor and control access to cloud apps and services.
Everyone in IT knows that security is a continuous process and has to be reviewed and updated regularly. Thankfully, ShareGate, the out-of-the-box management solution for Microsoft 365, can help with that.
How ShareGate automates end-user collaboration and compliance for you
So far, we’ve discussed the benefits of enabling self-serve for end-user productivity as well as some of the ways you can manage and secure your self-service environment. But staying on top of your Microsoft 365 tenant manually is a lot of work.
As Maarten put it, “Self-service is not a synonym for great or easy UI.”
When IT teams try to do it all on their own, they often end up in reactive mode rather than proactive mode, putting out fires as they arise instead of feeling like their tenant is under control and they can work on value-add projects.
Marc suggested that this might be one of the reasons why organizations disable self-serve and lockdown their environment: they simply don’t have the time or resources to communicate with their end users and create a strategy for their tenant. But this ends up costing them more time and resources in the long run.
Fortunately, utilizing smart monitoring and analytics for stellar end-user management like ShareGate, is a one-stop solution.
With ShareGate, you can get visibility into your environment, monitor it from our user-friendly UI, and get custom and pre-built reports to track what’s going on. You can also set up automations to help keep your Microsoft 365 environment organized and secure.
You can even share some of these responsibilities with your end users. For example, ShareGate will automatically detect inactive teams in your environment and then ask the owners of those teams whether they should be kept, archived, or deleted. ShareGate does the same for orphaned teams, externally shared links, and guest access.
This saves your IT team time. They don’t have to try to find that old or potentially risky content, and the owners—the people who actually know whether or not it’s still needed—are the ones who act on it, lessening IT’s burden even further.
In our experience, end users are happy to take on this responsibility. According to ShareGate’s user data, of all the instances that inactive teams were kept, archived, or deleted, team owners performed 70% of those tasks, not IT.
At lots of organizations, that percentage is even higher. Neda Illic, Senior Product Owner Microsoft 365 at BCAA said that with ShareGate they were able to remove 26% of their inactive teams, 33% of their external sharing links, and 10% of guest users within a month. Best of all? End users performed 92% of those Teams management tasks. BCAA was able to declutter and secure their environment, without overburdening the IT team.
“For me, the biggest benefit of using ShareGate is that it frees up IT time for other value-added activities. I don’t have to babysit my environment because the governance guardrails are in place,” said Neda.
To discover how ShareGate can help you keep your environment organized and secure while boosting end user productivity and collaboration, talk with one of our experts today!