Migration, Modernization, and Security in 2021
The cloud computing market has always evolved quickly. But the events of 2020 have required organizations to adapt to new challenges at record speed, as employees everywhere transitioned to new methods of virtual collaboration and distributed work. It’s been a year of digital resilience—and Microsoft cloud technology has played a critical role.
ShareGate’s first annual State of Microsoft 365 report highlights the latest Microsoft cloud computing trends, with a focus on migration, modernization, and security in Microsoft 365.
Drawing on data-backed insights, industry surveys, and interviews with Microsoft MVPs, the 2021 report identifies emerging trends to help you understand, and adapt to, the current state of Microsoft 365.
For the State of Microsoft 365 report, we conducted four distinct online surveys between January 28, 2021 and March 5, 2021. A total of 801 IT professionals participated in these surveys, representing a wide cross-section of industries including government and public administration, finance and insurance, healthcare, manufacturing, and information services. Their companies range from smaller startups to medium-sized businesses and established enterprise clients, reflecting a broad spectrum of our clients and the IT industry at large.
In addition to survey responses, we also examined what our customer base of IT professionals is actively doing with ShareGate tools. Anonymized, averaged telemetry data from ShareGate and ShareGate was extracted and analyzed for patterns and trends.
Between December 23, 2020 and March 12, 2021, we conducted 7 separate interviews with both internal and external experts, who provided their own insights, perspectives, and recommendations. Experts quoted in this report include Microsoft MVP and Modern Workplace Consultant Jasper Oosterveld, Microsoft MVP and security expert Joanne Klein, and ShareGate Head of Product and Microsoft Regional Director Benjamin Niaulin.
In this report, we look at SharePoint and Microsoft 365 migration and content management trends, and how COVID-19 has accelerated modernization projects. We consider the meteoric growth of Microsoft Teams during the pandemic, and its impacts on IT management and user collaboration. We examine the increasing shift toward IT self-service, how the security landscape is evolving in the context of remote work, and more. The following are some of our key findings.
- The number of ShareGate users performing on-premises SharePoint upgrades decreased by 19.7% in 2020
- On-premises operations decreased by 60.63%
- Operations to migrate from on-premises to the cloud increased by 37.2%
- Cloud-based operations jumped by 50.1%
- Cloud-to-cloud migrations increased by 67.9% and included the transfer of 144% more terabytes of data in 2020 versus 2019
- 16.1% of IT professionals plan to upgrade to a newer version of SharePoint on-prem in 2021
- Of that group, the top three industries include government and public administration (21.74%), information services and data processing (17.39%), and manufacturing (13.04%)
- 57.3% of organizations completed a SharePoint or Microsoft 365 migration in 2020
- Of that group, 83.6% said their migration project either proceeded on schedule or was accelerated by the COVID-19 pandemic by anything from one month to more than a year
- Nearly 60% of organizations migrated SharePoint or Teams content, or a combination of both, within the same tenant in 2020
- 74% of organizations transitioned almost their entire workforce to distributed/remote work in the past 12 months
- 70% expect their workforce to continue working remotely through 2021
- 92.8% of IT professionals pushed prior modernization plans ahead of schedule by a matter of days, weeks, or months due to COVID-19
- As of February 2021, 43.2% of organizations who didn’t have a plan to “modernize” pre-COVID now have a plan to become more modern
- Teams reached 115 million daily active users by October 2020, a 475% increase since November 2019
- In just 6 months (since the feature launch in May 2020), ShareGate users executed over 25,000 Teams migrations
- Within those Teams migrations, users copied 85,000+ channels and 60,000+ teams
- Among ShareGate users, creation of Microsoft 365 groups (the cross-application membership service behind Teams) rose by 21.5% from September 2020 to February 2021
- 43.4% of IT professionals cited Microsoft Teams deployment as the top motivator to move to modern Microsoft architecture
- At 20.8%, the second top driver for modernization was “seamless/improved integration” with Power Platform apps (including Power Apps, Power Automate, and Power Virtual Agents)
- 43.1% of IT teams had insufficient time to train employees on new tools/processes in 2020
- Regarding Teams training specifically, only 19% provided employees with official training that included extensive training material and activities
- 67.2% of organizations have external sharing enabled in their Microsoft 365 environment
- 64.1% use a SharePoint external sharing setting to verify users
- 25.6% do not require any user verification or sign-in to access shared files
- While 41% of IT teams have a process in place to review/audit externally shared links, 59% do not
- Zero Trust is a business priority, with 86.2% of organizations having enabled multi-factor authentication (MFA) in their organization
- 61.4% of organizations have some form of self-service functionality enabled in Microsoft 365, and 84.4% say that doing so saves their IT teams time and money
- Among ShareGate users, the proportion of entrusted groups (a self-serve feature in the app) increased by 67.55% from September 2020 to February 2021
All the key insights from our benchmark State of Microsoft 365 report in a free, downloadable format!
State of SharePoint & Microsoft cloud migration
In 2020, we watched as the global shift to a distributed workforce accelerated the move toward cloud-based Microsoft 365 environments. This trend was reflected in our own ShareGate customer data, which showed a 33% increase in cloud-based operations in 2020 versus 2019. It helps solidify a feeling we’ve been having for years: the cloud is no longer an eventual possibility for businesses—it is the default solution.
More significantly, the rise of the cloud in 2020 demonstrates the importance of digital resilience. In the case of Microsoft 365 migration, the ability to migrate data within one’s own cloud tenant or tenant-to-tenant will be crucial for a company’s success in 2021 and beyond.
Top takeaways from this chapter:
Increase in Microsoft 365 migrations:
Companies are making fewer on-premises SharePoint migrations while increasingly moving to cloud-based Microsoft 365
Acceleration of on-premises to cloud migrations:
Companies are migrating to the Microsoft cloud more quickly
Rise in cloud-to-cloud migrations:
More companies are running cloud-to-cloud migrations
Necessity of Microsoft Teams migrations:
The ability to migrate Microsoft Teams is now essential
More companies seeking the benefits of cloud migration
Last year was a big year for cloud computing, as the COVID-19 pandemic accelerated digital transformation like never before. Microsoft saw a dip in on-premises product revenue as companies increasingly embraced the cloud-based productivity tools required for a distributed workforce.
For evidence of this acceleration, look no further than Microsoft’s 2020 annual report, which revealed that revenue from the tech giant’s cloud services and commercial products increased by a staggering “$3.1 billion or 12%…offset in part by lower revenue from products licensed on-premises, reflecting a continued shift to cloud offerings.”* (*Microsoft)
Here at ShareGate, we witnessed a corresponding trend among ShareGate users, who made fewer on-premises upgrades. According to internal user data, our customers—primarily IT admins—completed 19.7% fewer upgrades of on-premises SharePoint servers in 2020 versus 2019. Users also completed a total of 60.63% fewer on-premises operations (migration and data management), and migrated 30.27% less data on-premises in 2020 versus 2019.
At the same time, our data shows that customers completed 37.2% more operations to migrate from SharePoint on-premises to cloud-based SharePoint Online/Microsoft 365 environments than they did in 2019, which is consistent with the overall shrinking of on-premises workloads.* (*Cloud storage vs. on-premises servers: 9 things to keep in mind, Microsoft)
In addition to analyzing internal user data for this report, we also sent several surveys directly to our customers. In our migration-focused survey, a majority of respondents (87.3%) identified themselves as dedicated SharePoint admins, IT admins, or IT leads. Of the total number of respondents, 57.7% migrated to SharePoint Online/Microsoft 365 in 2020 versus 26.8% that completed no migrations.
“As expected, there’s a downward trend of people migrating or upgrading their SharePoint to stay on premises. We’re not necessarily seeing them disappear, though,” said ShareGate Head of Product and Microsoft Regional Director Benjamin Niaulin.
In our migration survey, 16.2% of survey respondents said they still plan on migrating to a newer version of SharePoint on-prem in 2021.
Niaulin sees the survey results as confirmation that on-premises solutions will not disappear altogether anytime soon. “In certain categories of businesses such as government and public administration, there are requirements and compliance issues that don’t allow organizations to bring certain kinds of content into the cloud,” he said. “It makes sense to see 16% of respondents—a relatively high number for 2021—say that they’ll continue to upgrade their on-prem SharePoint version, and that they work in those types of industries.”
Several mentioned this specifically in their survey feedback, with one respondent noting: “Data sovereignty forced us to adopt an on-premises solution.”
Acceleration of on-premise to cloud migrations
In 2020, speed was the name of the game. Researchers estimate that “the response to the pandemic has fast-forwarded digital adoption by five years.”* (*Lack of Skills Threatens Digital Transformation, Gartner) In the case of Microsoft, the pandemic accelerated the trend toward remote work, and with it, the push to migrate to cloud-based Microsoft 365 environments.
The 9.0% increase in users conducting on-premises to the cloud migrations in 2020 managed through ShareGate reflects Microsoft’s expected natural growth year over year. What wasn’t expected, however, was the corresponding 50.1% jump in cloud-based operations (cloud-to-cloud migrations and on-cloud management) that our users completed in the same year.
“What this tells me,” says Niaulin, “is that businesses wanted to migrate a lot more data in 2020 more quickly. So, while we see a lot more operations, it’s not necessarily because there were more customers. What we’re seeing in 2020, because the number of operations boosted by almost 50%, cloud migration projects that were supposed to take one year were executed in a couple of months. The COVID pandemic accelerated execution.”
This acceleration was further confirmed by our survey. More than half of respondents (57.7%) said they completed a SharePoint or Microsoft 365 migration in 2020. Of that group, 83.6% reported that their migration project either proceeded on schedule or was accelerated by the COVID-19 pandemic by anything from one month to more than one year.
Pandemic aside, there was already a shift toward the Microsoft cloud,* which corresponds with a steady increase in allowing employees to connect from any device and work anywhere. (*Microsoft) From 2005 to 2017, telecommuting in the U.S. increased* by a staggering 159%. (*FlexJobs). And the trend will continue accelerating this year. A recent survey of 1,200 chief information officers found that “decision-makers expect permanent remote work to double to 34.4% of their companies’ workforces in 2021, compared with 16.4% before the coronavirus outbreak, a result of positive productivity trends.”* (*Reuters)
Companies who hurried to the cloud in the past year now face the challenges of working in a fully digital environment, including how to work with, migrate, and organize data once there.
We saw this in the nearly 60% of survey respondents that migrated SharePoint or Teams content, or a combination of both, within the same tenant in 2020. What this tells Niaulin is: “Companies realized they’ve got to restructure. Many moved to working online during the pandemic, then realized they weren’t set up to work optimally in that environment. So, we see IT teams figuring out that they need to take this data or object and move it to this other place, or bring marketing together in a Team or SharePoint.”
As one respondent summarized the situation: “We’re not completely migrated to SharePoint yet. We had to accelerate our migration in 2020 but only focused on the urgent stuff. Additional data will be moved in the coming months.”
Looking ahead, 39.4% of survey respondents reported that they have no migrations planned for 2021, which accounts for the fact that many businesses already migrated in 2020. Interestingly, almost the same percentage (38.7%) plans on migrating to SharePoint Online/Microsoft 365 for the first time this year.
Rise in cloud-to-cloud migrations
In March 2020, Microsoft rebranded its popular Office 365 productivity suite as Microsoft 365, which includes an array of new AI- and cloud-powered features. Since then, Microsoft 365 has continued its momentum, helping drive the company’s enterprise-cloud revenue past $50 billion in 2020* and making it the largest cloud vendor in the world. (*Microsoft)
Microsoft 365 is now being used globally by more than a million businesses. That translates into an estimated one in five corporate employees* who access Microsoft 365 cloud services. (*TeamsHub)
As the cloud became the de facto solution for businesses in 2020, here at ShareGate, we saw a 67.9% rise in cloud-to-cloud migrations. For this report, we define “cloud to cloud” as migrations from SharePoint Online/Microsoft 365 to another SharePoint Online/Microsoft 365 environment.
According to internal data, the number of ShareGate customers who executed cloud-to-cloud SharePoint migrations increased by 18.6% in 2020 compared to 2019. Those migrations included the transfer of 144% more terabytes of data in 2020 versus 2019.
The increase is understandable, according to Niaulin: “As people will need to migrate less and less from on-prem to the cloud, the only migrations that will be left will be from cloud to cloud. Eventually, everybody’s going to be in the cloud.”
ShareGate in 2020
And the trend was confirmed by survey respondents, 17.6% of whom said that they plan on migrating from one Microsoft 365 tenant to another in 2021. We expect that number to continue growing.
For this report, we interviewed Jasper Oosterveld, Microsoft MVP and Modern Workplace Consultant. Oosterveld shared his thoughts on migration trends among his clients at InSpark, an Amersterdam-based cloud solutions provider and recipient of the 2019 Microsoft Security and Compliance Partner of the Year Award.
“Migrations went hand in hand with moving towards the cloud, to make sure people were able to work from home,”’ Oosterveld said. “Most of our customers still had their content on local servers or maybe a supplier who hosts their data. We definitely saw and are still seeing an increase in requests for data migration.”
In our ShareGate user data, there was a corresponding rise in cloud content management, as IT admins worked to restructure and reorganize within the same tenant or following a tenant-to-tenant move. In 2019 and 2020, about 73% of content management operations took place in the cloud.
Indeed, cloud content management among our users has been on an exponential growth curve since 2017, while the increase in on-premises content management—which represented less than half of cloud content management three years ago—has been negligible.
Necessity of Microsoft Teams migrations
With the global shift to remote work in 2020, the use of Microsoft Teams became integral in how companies worked. Microsoft reported massive growth in Teams with over 115 million daily active users by October 2020—an incredible 475% increase since November 2019.* (*UC Today) In a single day in March, 2.7 billion meeting minutes were recorded. Teams became a “lifeline” not only for remote and hybrid work but also for students and teachers who adopted the collaboration app for distance learning, with some 183,000 tenants in 175 countries* using Teams for Education. (*Microsoft)
ShareGate’s data echoes the jump in Microsoft Teams usage. In May 2020, we launched a new Microsoft Teams migration feature as part of ShareGate, which helps users to migrate and restructure Microsoft Teams data. The immediate growth was notable.
The numbers are impressive, according to Niaulin: “We only released the Teams feature in the later part of 2020, and users have already done more than 25,000 copies, which represents over 85,000 channels being copied and 60,000 teams being copied.”
Digging deeper, he notes that when IT teams moved quickly to the cloud in 2020, “they suddenly had all of these tools enabled … and they needed to merge certain Teams together. The pandemic pushed companies to move to the cloud, and this Teams data shows them reacting and restructuring afterward.”
ShareGate in 2020
To keep up with competitors like Zoom, Microsoft has added a host of new Teams features such as breakout rooms, custom layouts, and automatic recaps. As users’ needs continue to evolve in 2021 and beyond, so, too, will Teams’ enhancements.
“Teams has emerged as a star product rather than an add-on that is bundled within a larger productivity suite,” according to Raul Castanon*, Senior Analyst at 451 Research/S&P Global Market Intelligence. (*Microsoft Teams: How to use it, and how it stacks up to Slack and Zoom, Computerworld)
That said, the rise in Microsoft cloud migration is not without its growing pains as businesses find themselves operating—many for the first time—in a new, fully digital world. Now, the challenge for IT admins is not only how to manage a cloud-based environment but how to effectively leverage its potential for greater agility and productivity.
The future of the cloud is now
In 2020, the future of the workplace took shape before our eyes. The pandemic forced businesses to remove certain constraints and speed up internal processes in order to move to the cloud more quickly. We saw this with ShareGate users, who executed cloud-based SharePoint migrations and data transfers almost 50% faster than in 2019. Remote work is here to stay, and with it, the ability to migrate—and manage—data seamlessly is more critical than ever.
State of Microsoft 365 modernization
The “workplace” has long been under disruption. With the onset of COVID-19 in 2020, the move to distributed work accelerated, making the transformation to Microsoft’s “modern workplace” imperative for IT teams.
What is important now—and moving forward—is for organizations and the IT teams that support them to integrate the tools and processes needed for people to connect, collaborate, and create from anywhere. The ecosystem of integrated apps, tools, and services that make up Microsoft 365 were designed to allow this to happen seamlessly… if IT admins and their teams are ready for the move.
Top takeaways from this chapter:
Necessity of adopting Microsoft’s modern workplace:
Full adoption of Microsoft’s modern workplace is no longer a nice-to-have in 2021
Acceleration of SharePoint/Microsoft 365 modernization:
Companies are accelerating “modernization” plans to support distributed work
Increase in IT teams empowering end users:
More IT teams are leveraging self-service features in Microsoft 365
Necessity of adopting Microsoft’s modern workplace
Microsoft’s concept of the “modern workplace” has been around for years. To summarize, “the modern workplace operates using the suite of Microsoft 365 technologies and productivity applications that harness the power of the Cloud.”* (*A Modern Workplace with Microsoft, IT Lab). When fully adopted, it ideally results in an “integrated, frictionless ecosystem” that is “intuitive for your user-base, and agile and scalable for your business.”
For IT teams to go “modern,” they must make an architectural shift that includes:
- Moving from classic to modern SharePoint sites
- Flattening site architecture and getting rid of subsites
- Connecting modern team sites to Microsoft 365 groups and Teams
We believe that adopting Microsoft’s modern architecture isn’t just best practice, it’s also a move that opens up capabilities and features in Microsoft 365 that make life easier.
As ShareGate Head of Product and Microsoft MVP Benjamin Niaulin described in a Microsoft 365 webinar: “The modern workplace is a theme—it’s a new way of working that Microsoft believes will empower everyone to achieve more. And with the productivity suite in [Microsoft 365], Microsoft has provided technology that enables your organization to benefit from these new ways of work.”
Prior to 2020, Oosterveld said, businesses already recognized the benefits of the modern workplace. “Most companies wanted to move to the modern workplace that’s offered by Microsoft 365 because there are a couple benefits. It’s more cost efficient. You’re able to use the latest updates, so you can innovate a lot quicker. And it’s a lot more user friendly.”
While many companies had only adopted pieces of the modern workplace, with the onset of the pandemic, tools like Teams became a daily necessity. Although an organization doesn’t necessarily need a modern SharePoint structure to use Teams, it is necessary to leverage Teams to its full potential and tap into all its capabilities.
Said Oosterveld: Before COVID, “a lot of companies were in transition or planning to move to the modern workplace, but there was less urgency behind it. It was more like a nice-to-have. The pandemic definitely put more urgency behind it.”
Distributed work is expected to continue in 2021 and beyond
The difference in 2021 is that Microsoft’s modern workplace is no longer a “nice-to-have.” According to a recent Gartner study, 82% of company leaders plan to allow employees to continue working from home at least part-time, even after offices reopen*. (*Gartner) Combined with Microsoft’s ongoing investment in integrations for “modern workplace” structure and tools, switching to the modern architecture is now imperative.
In a February 2021 survey, we asked members of the IT industry about their plans regarding Microsoft 365 “modernization” and the impacts of COVID-19. Given the events of the past year, it’s not a surprise that 74.0% of respondents said that close to 100% of their workforce has moved to distributed/remote work in the last 12 months.
More importantly, about 70% of respondents expect the majority of their workforce to continue working remotely through 2021.
Acceleration of SharePoint/ Microsoft 365 modernization
With the global shift to distributed teams, Microsoft’s modern workplace became an inescapable reality. Microsoft Teams usage exploded as a result, as has been widely reported, which presented many challenges for IT teams. Ideally, you have a management plan for before, during, and after your Microsoft 365 migration and Teams rollout takes place. In 2020, however, many companies didn’t have the luxury of time.
Microsoft described a common scenario in its case study of the industrial automation company Rockwell Automation, which was in the process of switching to Microsoft 365 in 2019 using a phased roll-out, “when an entirely unpredictable disruption of epic proportions hit in the form of the novel coronavirus.”* Overnight, that plan was upended as “suddenly, Rockwell Automation needed to move as quickly as possible to ensure that it could continue to help its customers through one of the most trying times in recent history.”* (*Microsoft)
In response, Rockwell Automation put the “pedal to the metal” on their Teams implementation. The transition was “easier than expected,” and by June 2020, more than 90 percent of the company’s global workforce had transitioned to Teams.
Said Todd Mazza, Rockwell’s Vice President of Enterprise Architecture and Strategy: “That gave us the confidence to open the floodgates and just let people use it whether they were migrated or not. Teams is [now] the main communication and collaboration hub we use all day long.”* (*Microsoft)
In our own survey, 80.6% of respondents said that prior to COVID-19, their organization already had the necessary tools/infrastructure in place to support fully distributed work. However, that leaves 19.4% who said they were not ready—a significant portion.
Companies are going “modern” faster
While surveying, we wanted to know where IT professionals and their organizations fell on the Microsoft 365 “modernization” spectrum pre-pandemic, and whether COVID affected plans to go “modern.”
We asked: How much did COVID-19 accelerate any prior plans your organization had to implement the necessary changes to leverage modern tools (such as Microsoft Teams and group-connected team sites)?
These numbers indicate that while COVID-19 did not impact long-term modernization plans, it did push plans forward for most in the short-term. In this data, we see IT teams pushing modernization plans ahead of schedule by days, weeks, and months.
In the same survey, when asked whether their current Microsoft 365 architecture is in line with Microsoft’s vision for the modern workplace, 73.0% responded “Yes.”
However, the majority (90.0%) of respondents who said “No” did say they had implemented some aspects of the modern architecture. Only 10.0% had not.
Regarding specific architecture changes, half of respondents who admitted to only implementing some aspects of the “modern infrastructure” said the top change they made was moving from classic to modern SharePoint. This makes sense, given that modern SharePoint is integral for many of the enhanced features IT teams needed to adopt, including Microsoft Teams.
Survey respondents were split on whether they had a fully scoped plan in place to move to “modern” at the beginning of 2020. 49.3% said they did versus 50.7% who did not.
This reflects the pre-pandemic mindset, said Ben Niaulin, “because there wasn’t any urgency at that point. Some IT teams were planning to adopt new ways of work, and some were planning to continue working as they were, without any immediate plan to go to Teams and fully modern sites.”
However, as of February 2021, 43.2% of survey respondents who originally said they didn’t have a plan to move to “modern” pre-COVID 19 said they now have a plan to go modern. Together, these numbers suggest that the pandemic prompted many more IT teams than were planning to go “modern” to make the move.
In terms of moving from classic to modern Microsoft architecture, Jasper Oosterveld confirmed that the pandemic accelerated the process. “Companies did it in three to six months, instead of a year,” he said. “The pandemic put more urgency behind it. It also forced companies to make more resources available to do it.”
Microsoft Teams was the top driver to go modern
Our survey findings also aligned with the global increase in Teams usage in 2020. When we asked members of the IT industry what pushed them to make the move to “modern,” the top motivator by far (44.2%) was the ability to deploy Teams/connect to existing SharePoint team sites.
Oosterveld noted: “Our clients basically said, we have to be there now, and my team at InSpark had to help get them there a lot faster than we normally would have. We noticed a huge increase in requests to move to Teams. Customers had been talking about it and planning it, but suddenly, it was necessary to get Teams up and running quickly.” So great was the demand that InSpark created a “Teams in a Day” offering for customers.
To leverage Teams and Microsoft 365 Groups, organizations first needed to “modernize.” In the case of InSpark, after getting clients established “with the basic settings of Teams,” Oosterveld then followed up with Teams governance workshops. “Our recommendations were always: Okay, now you’re up and running. But you definitely need to take these next steps.”
In addition to Teams, the survey results highlighted the importance of other applications to enable remote work. At 21.6%, the second top driver for modernization was “seamless/improved integration” with Power Platform apps including Power Apps, Power Automate, and Power Virtual Agents.
What this tells Niaulin is that “people are looking to automate or reinvent their processes now that they’re no longer working in person together. They’re realizing, ‘we’re not here physically, I can’t just drop by somebody’s desk or give them a paper to sign. I need to do all of that automatically and digitally.’”
He added: “We should expect Power Automate to continue rising this year.”
The challenges ahead
In a separate February 2021 study, ShareGate surveyed the wider Microsoft community about Microsoft Teams usage and challenges. As we’ve already noted, preparedness was an issue for IT professionals, with 42.8% of respondents saying they did not have a clear deployment plan in place prior to implementing Teams.
When asked about the most challenging aspects of implementing Microsoft Teams, the top responses were:
- Preparation and deployment
- Adoption (e.g. helping end-users fully use Microsoft Teams capabilities)
- Security and governance adjustments
We also looked at six months of Microsoft Teams data from ShareGate. From September 2020 to February 2021, the average number of groups in tenants grew by 21.5%. During the same period, the proportion of inactive groups (groups with no activity over a period of 90 days) grew by 66.37%.
This data suggests that there was an early Teams creation boom at the start of the pandemic, during which a lot of unstructured work happened. That yielded many inactive groups, once more structure was put in place, and the Teams that survived were those that continued serving an ongoing need. Obsolete groups and teams, however, continue to impact organizations by creating a negative user experience, hindering the search experience, and creating general disorganization that IT needs to clean up.
With distributed work expected to continue, IT teams now face the challenge of finding a scalable way to maintain a clean and well-managed Microsoft 365 environment. We believe that the empowerment of end-users—who understand their own groups and content the best—will be key to overcoming these challenges.
Notably in our survey, 43.1% of respondents said they had insufficient time to train employees on new tools/processes in 2020. In today’s remote-first workplace, we expect end-user training to become increasingly important. And this presents yet another extra demand on IT that must be accounted for.
Increase in IT teams empowering end users
Microsoft’s modern workplace requires not only an architecture shift, but also a change in mindset toward user empowerment and self-service. As researchers at McKinsey stated in 2018, CIOs should “invest in delivery designs that embed mandatory self-service and co-creation approaches.”* (*McKinsey). This isn’t a new concept, but it’s become more salient for IT teams as Microsoft cited “empowered, self-service collaboration” a central principle of its “reimagined employee experience” in 2020.
Self-service is growing
The self-service model has become more relevant given the explosion in Microsoft teams creation and corresponding administrative challenges. In a modern, distributed workplace, IT teams can quickly become overwhelmed, and an IT-led provisioning model—where users depend on IT to approve the creation of each new group or team—is virtually impossible to manage at scale
According to ShareGate data, as group creation rose from September 2020 to February 2021, so did the proportion of entrusted groups—a self-serve feature of ShareGate. From September to February, the proportion of entrusted groups grew by 67.65%.
In ShareGate, entrusting a group to its owner enables them to make decisions regarding archival, deletion, and external sharing links. It helps IT administrators collaborate with group owners, allowing the owners to be accountable for what they create in Microsoft 365.
This nearly 68% jump in entrusted groups over six months suggests that the need is growing exponentially for users to take responsibility over their data. In this trend, we also see confirmation that the adoption of self-serve features is popular among IT teams who recognize the benefits of a self-service model.
User empowerment is good for IT
By bringing users into the fold and empowering them to create the resources and tools they need without going through IT, users can make the best decisions for their own content. As a result, IT teams can avoid both the constant cleanup of a fully free system and the gatekeeping requirements of a fully locked down system.
In our February 2021 survey, we asked whether the current self-service functionality that IT admins have enabled in their Microsoft 365 environment ultimately saves time and costs on the part of IT. Significantly, the vast majority (84.1%) said yes.
Respondents were also asked to describe the level of self-service functionality they currently have enabled in their Microsoft 365 environment. The results were telling:
Allowing users to create the resources they need is not as scary as it sounds. On the contrary, sometimes we don’t give users enough credit. One thing COVID has demonstrated, said Oosterveld, is that users “are a lot further along than we often think. I think this situation has proven that people are more capable of adopting these new technologies than others would have thought, for sure.”
While Oosterveld admits that form-based provisioning is still an industry standard, he added: “I’m a fan of self-service.” Until Microsoft develops an out-of-the-box solution for Teams, he sees many companies employing a solution that falls somewhere in the middle: a self-service model that also utilizes smart forms and automation to minimize friction while providing flexibility to users whenever possible.
Ultimately, IT wants employees and their colleagues to collaborate. “But they also don’t want to be in a situation where they have to approve every request for somebody to collaborate within Teams,” he said. Semi-self-service “definitely empowers the employees, and it also provides some relief for IT, because they don’t get all those requests.”
With the launch of Microsoft Viva, Microsoft’s new employee experience platform, Oosterveld expects to see an increased focus on the employee experience. “Focusing on people’s well-being and health in a distributed workplace, that’s going to be very important this year.”
Viva, as Microsoft described it in their February 2021 news release, “builds on the power of Teams and Microsoft 365 to unify the employee experience across four key areas—Engagement, Wellbeing, Learning and Knowledge—in an integrated experience that empowers people to be their best.”
Users still need guidance
In a distributed workplace, users need more freedom to collaborate in Teams and other Microsoft 365 apps with less friction. But without some guidance, things can go sideways fast. Self-service enabled tools also need to come with guardrails, governance, and enhanced security, which we will discuss in the next chapter.
State of Microsoft 365
Following the widespread shift to distributed work in 2020, companies are still grappling with how best to maintain security through governance. In a recent BeyondTrust/Forrester survey about the post-COVID era, 83% of respondents “report the rise in remote workers increases the risk of a security incident.”
With users looking for ways to collaborate virtually, Microsoft Teams and other tools are being deployed at a record pace. For IT professionals, this unfettered growth translates into greater potential for security failures, such as accidental sharing and data leakage. IT teams need to implement security strategies that give users the freedom to collaborate while keeping sensitive information secure.
Top takeaways from this chapter:
Companies fast-tracking security to facilitate distributed work:
In the wake of COVID-19, companies fast-tracked security to facilitate the transition to distributed work
New challenges of securing Microsoft 365 collaboration:
IT teams need to balance security concerns with collaboration needs
The need to find a scalable middle ground for security:
Companies must find a scalable middle ground on the security spectrum
Security is a team effort in the distributed workplace:
Security is everybody’s responsibility in a distributed workplace
Companies fast-tracking security to facilitate distributed work
Like many other topics covered in this report, when it comes to security, the COVID-19 pandemic accelerated existing trends. According to an August 2020 report by Microsoft, “54% of security leaders reported an increase in phishing attacks since the beginning of the outbreak.”
Of course, security encompasses not only external threats, but also internal risks related to how untrained users handle and share sensitive data. If distributed work continues as expected,* companies will continue to face threats related to deploying Teams with untrained users who are working outside the company’s network. (*Gartner )
Given the rush to enable remote work in 2020, there is tension between what companies knew they should do and what they actually did regarding security. A Netwrix survey of more than 900 IT professionals found that “85% of CISOs admit they sacrificed cybersecurity to quickly enable employees to work remotely.”
After establishing essential security policies to get remote teams up and running, companies then needed to turn their attention to the other threats inherent to a remote workforce. We interviewed Microsoft MVP Joanne Klein, who said: “the pandemic accelerated or fast-tracked a lot of security teams to get up to speed with everything that they need to do to protect their organization.”
In terms of data security, “they were then thinking, ‘we need to step up the game right now and get in front of this problem because it’s not getting any easier and our workforce is now out there in the wild. How are we going to manage this?’”
In March 2021, we surveyed IT professionals about a variety of security-related issues. Not surprisingly, more than half of respondents (67.2%) said they allow employees to use personal devices for work. All respondents had some amount of confidential data stored within their Microsoft 365 environment—data which users are potentially accessing with unsecured personal devices.
“The challenge here,” said ShareGate Head of Product and Microsoft Regional Director Benjamin Niaulin, “is that because…the company doesn’t manage those personal devices, there’s a higher risk of the data being stolen off those devices.”
“It’s not a bad thing that employees are using personal devices,” he added. “It’s common and it’s necessary, especially with distributed work. I would imagine that for a lot of companies, [allowing personal devices] was what they had to do to enable remote work. The question now becomes how are they controlling the data?”
Zero Trust is now a business priority
With rising concerns about data protection, many companies have implemented or accelerated Zero Trust projects* during the pandemic. (*Security Magazine)
A Zero Trust security framework, according to Forrester, is “a security framework built around the concept of ‘never trust, always verify’ and ‘assuming breach.’” Zero Trust stands in contrast to traditional security models, which are based on the concept that anything inside a corporate network can be trusted.
Based on the principle “never trust, always verify,” the Zero Trust strategy protects organizations by maintaining security through the continuous authentication of identities, devices, and services.
Zero Trust gained traction in the early days of the pandemic when IT teams struggled to keep up with the surge of new, potentially unsecured devices as employees logged into corporate networks from home.
Said Andrew Conway, Microsoft’s General Manager, Security Marketing, in Microsoft’s August 2020 report, “Zero Trust shifted from an option to a business priority.” As a result, “51% of business leaders are speeding up the deployment of Zero Trust capabilities. The Zero Trust architecture will eventually become the industry standard, which means everyone is on a Zero Trust journey.”
In our interview with Klein, she underscored the importance of Zero Trust, which leverages technologies such as multi-factor authentication (MFA) to manage user access based on continual verification.
“The Zero Trust principle is what most organizations are going to,” she said. “It’s just a sound practice, and it’s particularly important when organizations are distributed and not contained within a confined network anymore.”
In our March 2021 survey, most respondents (86.2%) said they had enabled MFA in their organization. Niaulin hopes to see that number become a hundred percent in the near future, as multi-factor authentication “doesn’t cost any money, and there’s no extra work to put it in place. It’s a box you check. As soon as you go to Microsoft 365, you should be turning this on.”
In a distributed workplace, business continuity depends on balancing security with the end-user experience. Zero Trust is an example of a user-friendly solution that minimizes employee disruption without compromising security.
New challenges of securing Microsoft 365 collaboration
The rush to enable full-time work from home, paired with the explosion of Microsoft Teams, has increased external sharing, unique permissions, and the number of files shared. In the hands of untrained users, these are all security risks. Teams usage went from 20 million active users in late 2019 to over 115 million by the end of 2020.*(*Microsoft)
This means that some 95 million new users are being managed by IT teams who were not necessarily prepared to tackle all the related issues surrounding Microsoft 365 security.
External sharing is growing exponentially
As the pandemic limited in-person meetings and people were forced to collaborate virtually, we saw a corresponding rise in external sharing. In our March 2021 survey, 67.2% of respondents said they have external sharing enabled in their Microsoft 365 environment.
As for which SharePoint external sharing settings they’ve set, the results were as follows:
What these numbers indicate, said Niaulin, is that “around 64% have a controlled way of working with people outside the company. But the 25% that have no rules in place for verifying users…that’s a high number.”
Microsoft 365 Groups is a cross-application membership service in Microsoft 365. Each Microsoft 365 group lives in Azure Active Directory, has a list of members, and is attached to that group’s related Microsoft 365 workloads, including a SharePoint team site, Exchange mailbox, Planner, Power BI, OneNote—and, optionally, a team in Microsoft Teams.
For this report, we also looked at six months of from ShareGate. From September 2020 to February 2021, the average number of Microsoft 365 groups in each tenant grew by 21.5%.
Along with the growth in group creation, ShareGate data also showed a significant increase in external sharing. The number of groups with active external sharing links grew by 52.62%. And within those groups, the number of external sharing links grew by 73.74% at the same time.
The rise in external sharing shows that users still need ways to collaborate inside and outside their core environment. Despite this increase, many companies have yet to implement a system for controlling what is shared. In the March 2021 survey, 41% of respondents said they have a process in place to review/audit externally shared links, while 59% do not.
“Access review” is the process of periodically auditing shared links, which entails identifying and breaking invalid links. Access review is necessary, said Niaulin, because when employees start sharing anonymous external sharing links, “there’s a risk involved in letting anyone from the outside come in.”
Anonymous external sharing links can be forwarded on anonymously, and they don’t require any authentication to access. Continued Niaulin: “As soon as you open a door, users can use that door to potentially go through another door you don’t know about. And this cleanup process ensures that you reduce that risk.”
Clearly, IT teams must understand where and why things are being shared, as these are potential points of security failure. However, this shouldn’t be seen as a reason to shut down sharing. Rather, it’s an indication that groups need to have permissions that reflect their confidentiality/business importance.
Klein concurred with this sentiment, saying: “The odds are, external sharing is happening whether you allow it, or you want to allow it, or not. My approach is to allow it, but put in the appropriate controls. Because if you can see it and you’re aware it exists, at least you have an opportunity to manage it.”
When IT blocks external sharing and other collaboration tools, users will often turn to unapproved apps and devices—in other words, shadow IT. “If you’re trying to prevent an end-user from doing something completely,” said Klein, “that end-user will find a way, almost guaranteed, and that’s a worse position to be in. I think the pragmatic approach is to allow it, and then try to manage it through controls in the back end.”
Orphaned groups are also increasing
In Microsoft 365, an “orphaned group” is a Microsoft 365 group that has no valid, active/licensed owner. Orphaned groups present a risk because there is nobody accountable for that group’s security, including externally shared files and guest members.
From September 2020 to February 2021, our data showed that the number of orphaned groups per tenant grew by 24.8%, roughly the same amount as overall growth. Per tenant, orphaned groups currently account for 8-9% of all groups. When it comes to lack of oversight, eight to nine percent isn’t a trivial number of orphaned groups per tenant.
The need to find a scalable middle ground for security
As with most decisions in Microsoft 365 administration, security and governance decisions lie on a spectrum. In the case of distributed work, they range from “locked down” to “wide open.” At ShareGate, we see a middle ground where users can access the tools they need, in the ways they want, with some guidance and solid governance.
Self-service features are an integral part of this model because they improve efficiency, reduce costs, and create an environment of user empowerment.
The security spectrum
In comparing a “wide open” versus “locked down” security model, both have their drawbacks for IT teams and companies.
A fully locked down system wherein IT administrators must research, approve, and take responsibility for all decisions, has a major cost in terms of IT scalability. You need people to read tickets, implement changes, etc., and the bigger your organization is, the more bodies are required.
However, when things are wide open, IT needs to constantly manage the cleanup—not to mention the risks—of uncontrolled creation and sharing.
In our February 2021 survey, one question asked IT professionals about the level of self-service functionality that they currently have enabled in Microsoft 365. The results showed that most incorporate some form of self-service, rather than implementing a fully locked down system:
“There’s no right or wrong answer when it comes to self-service,” said Niaulin. “What we believe in [at ShareGate] is to try and find the middle ground where it makes sense.” Large banks, for example, which have thousands of employees and must follow strict regulatory and compliance rules, “aren’t going to enable self-service.”
Usually, Niaulin sees “a little bit of both, depending on the company culture and needs.” You don’t want the needle pointed too far in either direction. “The more you go toward ultra-control, the more your users will turn to unapproved apps. And if your system is too loose and free, there’s more risk of a security breach.” The challenge for organizations “is to place the needle somewhere in the middle.”
When companies first put Microsoft 365 in place, Niaulin said, they typically start “at the edges” of the security spectrum, “then slowly go towards the middle because the edges don’t work.”
If they go to one extreme, “people complain that there are too many processes.” However, “if it’s too much self-service, people can’t find anything and don’t know how to use the software.” The solution, he noted, “is really about figuring out where the friction is and then studying that, seeing what’s not working and trying to bring your processes in balance.”
Finding the right balance
Our findings show IT professionals recognize the benefits of enabling self-service. In our February 2021 survey, 84.1% of respondents said that enabling self-service functionality in Microsoft 365 has saved their IT teams time and money.
The term “self-service,” however, may require a more nuanced definition. In fact, Niaulin thinks “self-service” is often misunderstood. He prefers the term “frictionless guidance.” The goal of IT, he said, should be “about guiding people to use Microsoft 365 without you being a blocker.”
Here at ShareGate, we believe in the benefits of self-serve IT and collaborative governance. By entrusting group and team owners with the power to label their group’s purpose, data criticality, and level of confidentiality, IT can implement policies that keep things running smoothly, without friction, and without locking down the entire system.
Like Niaulin, Microsoft MVP Joanne Klein believes it’s about striking the right balance. “I’m still in support of self-serve. I never want to go back to the world where we were putting up our hands, saying ‘No, you can’t do that,’ and every little thing has to go through a bigger approval process first. That said, we still need to implement some controls so it’s not the Wild West.”
She added: “I think you can allow self-serve, but you need to have some guardrails around that. And that means, for example, you can still have an approval process, but make sure it’s automated, smooth, and quick, and implement a lot of the technical controls in the back end in an automated way.”
The trifecta of security for distributed work
To protect a company’s Teams work across Microsoft 365, IT needs a strategy to keep content secure across platforms and devices.
In our interview, Klein discussed the steps IT professionals should take to protect sensitive data wherever it lives. She shared a recommended “trifecta of security” in the era of distributed work: identity, data, and devices.
- Identity: Use Microsoft tools to identify who is accessing what in your environment.
- Data: Classify data in order to know the nature of the data that is being accessed
- Devices: Identify what company (or personal) devices are being used.
With this approach, said Klein, “security teams can lean into this new modern workplace and better understand how they can govern and control it.”
When it comes to data classification, configuring a team’s security settings in Microsoft 365 according to its level of sensitivity is not an easy feat. In our March 2021 survey, only 24.6% of IT admins said they have a clearly defined data classification scheme/policy in place. That leaves 75.4% who do not currently have a system for classifying sensitive data and making sure only the right people have access to it.
Not all data is created equal, of course, and applying unnecessary blanket restrictions can end up hindering end user productivity. A better solution, we believe, is a tool like ShareGate, which has a “Group sensitivity” feature that enables you to automatically apply custom security settings to your teams and Microsoft 365 groups depending on each one’s level of sensitivity.
Security is a team effort in the distributed workplace
Because IT can’t possibly manage each individual set-up for a remote worker, organizations have shifted from a model of controlling all tasks and security issues “in-house” to decentralization and more empowerment for end-users. If IT teams give more power to end-users, however, they also need to give them more responsibility to keep content secure across platforms and devices.
A 2020 study by the Harvard Business Review and Microsoft examined the impact of digital transformation on data governance. After surveying some 500 global business leaders across industries, the report concluded that “everyone within the organization must understand how to capitalize on the tools and stay up to date on the latest security vulnerabilities and compliance trends.”* (*A Blueprint for Data Governance in the Age of Business Transformation, Harvard Business Review and Microsoft).
Not only is collaborative governance best practice, the report concluded, but it is also good for business, as “leaders are outspending peers in training to heighten awareness of both business managers and employees about the importance of security and compliance.”* (*A Blueprint for Data Governance in the Age of Business Transformation, Harvard Business Review and Microsoft).
ShareGate has long promoted the idea of collaborative governance. As stated in our ShareGate product announcement: “Group owners should be held accountable for the resources they create—and the people they share them with—throughout the entire lifecycle.”
Klein believes this principle is more salient than ever in a distributed workplace. “Security should be more than just a team on your org chart, it’s everybody’s responsibility,” she said. “It doesn’t matter what your role is in the organization. You have a role to play and you need to be aware of the threats that are out there, and then act securely and safely in your environment.”
She added: “Security teams realize this is much more than a technology problem. It’s a people problem, and you need to inform and educate your users so you can protect against this at scale across your environment. Because you aren’t going to be able to solve it with technology alone.”
Although training and education of end-users are critical, it’s not automatic for companies—and when it occurs, it’s not always in-depth. In a survey of the Microsoft 365 professional community, we asked how much Teams training was offered to end-users during rollout. Only 19% said that they provided users (i.e. employees) with official training that included extensive training material and activities.
With an estimated 43 percent of data breaches coming from internal “accidental” leakage,* end user education is critical. (*Intel) In the past, we’ve outlined practical steps IT professionals can take to implement healthy data habits among employees. It starts with understanding which employee habits are putting sensitive data at risk, then educating and empowering users to do the right thing.
Looking to the future
According to the experts we interviewed for this report, one of the top governance challenges for IT teams in the next year will be around compliance. Oosterveld explained that this involves “making sure sensitive data has been classified and that people who should not have access to it don’t. And that’ll definitely become more relevant due to the collaboration with people outside the company.”
As the new world of distributed work continues impacting the security landscape, companies must find ways to stay productive and connected while minimizing risk. We believe that in a virtual infrastructure of virtual employees—whether hybrid or full-time remote—security issues can no longer be the sole responsibility of IT. It’s time to get everyone on board.
Integrating the Microsoft 365 trends in 2021
Whether you view COVID-19 as a disruptor or an accelerator, there’s no disputing that 2020 was a year of massive change in the world of work—and with that, IT administration.
As our State of Microsoft 365 report reveals, many of the cloud computing trends that “emerged” in the past year, such as cross-product collaboration and self-service features, were already well established—and inevitable—prior to the pandemic. Essentially, COVID created unprecedented urgency to adopt them. In less than a year, Microsoft Teams alone saw a 475% increase in daily active users.
As rates of remote work exploded in 2020, migrations to cloud-based Microsoft 365 environments accelerated, adoption of Microsoft’s modern architecture increased, and Microsoft Teams usage soared. During this time, our own customer base for ShareGate—our Teams governance platform—grew by a stunning 4,000%.
While reviewing the research that fed this report, one survey response particularly resonated. When we asked IT professionals whether, prior to COVID-19, their organization already had the necessary tools/infrastructure in place to support fully distributed work, 80% said yes. We read this as a confirmation that Microsoft 365’s powerful, feature-rich productivity suite includes the tools that IT professionals need to support a distributed workforce—now it’s just a matter of implementing these tools and empowering employees to use them in the right ways.
This report also confirms that new ways of work—whether virtual collaboration, full-time remote work, or hybrid models—are here to stay. In this new era of work, a collaborative relationship between IT and the teams they support is more critical than ever. This collaboration needs to be nurtured and built on trust. For organizations to succeed, innovate, and remain agile, it’s our belief that IT needs to lean into more of a “self-service” approach.
This approach encourages growth and empowerment for users, helping them be as productive as possible wherever they work. After all, users know their own content and conversations best. With guidance and advice from IT, they can decide how best to collaborate and communicate while keeping sensitive information secure.
The empowerment of end users—whereby IT acts as a coach, not a guard—is not just good for employees; it also benefits IT professionals and their teams. As Microsoft Teams’ usage soared, some IT admins thought that blocking certain Microsoft 365 features would help mitigate security risks. But this only served as a short-term fix.
In contrast, when IT brings users into the fold, it creates a win-win strategy for the long term. By entrusting users to make decisions about things like group creation, external sharing, and archival/deletion, you share the responsibility. With the right guidance, users can do their part in keeping your Microsoft 365 environment organized and secure. As our own research shows, 84.4% of IT admins believe enabling self-service functionality in Microsoft 365 saves their teams time and money.
Of course, while more user freedom brings huge advantages to IT, it does come paired with other challenges. Fortunately, ShareGate’s tools are designed to help IT professionals manage those challenges without hindering productivity:
Our best-in-class migration and content management tool, ShareGate, makes migrating to SharePoint or Microsoft 365 quick and easy. Powering your process beyond your initial migration, ShareGate includes the tools needed to effortlessly manage and restructure SharePoint and Microsoft Teams content, streamline administrative tasks, and secure sensitive data with built-in and custom reports.
Likewise, when you’re working with Microsoft Teams and Microsoft 365 groups, ShareGate—our automated management and governance platform—helps you guide users towards productive and secure collaboration. With ShareGate, you gain full visibility over each team throughout its lifecycle and can set policies to protect your organization’s data while keeping all your teams organized. Collaborate with owners to understand each team’s purpose and level of sensitivity—without the need for provisioning forms, Azure AD Premium, or PowerShell.
As new ways of work continue to evolve rapidly, we believe IT needs to move toward decentralization and more self-service. ShareGate wants to help you get there. Learn more about our award-winning products and how they can help you leverage the full potential of Microsoft 365 to achieve a productive, scalable, and secure workplace. Start your free trial today.