Thank you so much for reading my blog about: How to build your modern workplace with Microsoft 365. In this article I've written a high-level approach of an implementation and shift from a more traditional organization towards a cloud focused organization. I would love to receive feedback in the comments, on LinkedIn or Twitter.

This blog describes the strategic, high-level possibilities of Microsoft 365. Also read the high-level technical implementation of M365 and The value of Microsoft 365 E3 and E5.

Strategy and vision

Welcome in 2021! The world has changed since the last pandemic. Organizations are struggling to anticipate better on their workforce to help and achieve their ultimate goals.

To collaborate better, to get in contact differently than before, a more modern approach is necessary — change is required.

It is a huge challenge for CIOs, CTOs and IT Managers since the world has shifted into a new era. Working differently has become a new standard. And the change driver is from the outside towards inside. It is happening — there is no way not to accept the signals. There is no way not to change to stay relevant, to stay in a leading position in a disruptive market.

When mapping these challenges on the real technological needs I've summed up some topics that will come back in this article later on. The main challenges are:

Companies are working differently than before. And I truly believe that the one that is most adaptable to change will survive.

"It is not the strongest of the species that survives, nor the most intelligent that survives. It is the one that is most adaptable to change."

The traditional corporate infrastructure is isolated from the outside world

As you can see in this picture brought by Microsoft in the Zero Trust concept — organizations did build great solutions in their datacenters on their premises. Decentralized redundant datacenters with everything in place to have their DRP and failover working great. I'm not bashing on smart people who did a great job fixing these massive complex integrations to keep everything running 24/7.

Traditional corporate infrastructure — isolated on-premise datacenter
Traditional corporate infrastructure — isolated from the outside world

The problem is, the solution is… Organizations did a great job on their premises to get everything working great. But the world has changed.

Disruptive cloud organizations as Microsoft, Amazon and Google came with scalable and relatively quick-deployable solutions. Solutions that didn't require the technical need of the on-premise or 'self-owned' infrastructure. SaaS solutions that were isolated from these corporate environments with plug-and-play capabilities — and this is the most important aspect of it all. Solutions for organizations, to achieve more. To get to the ultimate goals of these organizations. Non-technical driven scenarios, business cases and business scenarios.

Imagine a new Office 365 customer in a cloud scenario with Exchange, SharePoint, Teams and mobile device management. They can start after some hours of implementation in M365. Imagine this setup on-premises. How long will it take? Perspective = everything.

A new concept of layered approach which kills the fish tank within corporate infrastructure

In the picture below you will see the corporate datacenter with all servers running in a virtualized state, segmented with additional security solutions. Segmentation on networking, storage and many more services. It's so extremely complex. One mistake could impact everything. Next to mistakes: ransomware, targeted attacks, phishing attacks, and all other bad actors took this opportunity to infiltrate and bring this infrastructure down.

Zero Trust layered approach — Identity, Devices, Services, Data, Network
Zero Trust layered approach — Identity · Devices · Services · Data · Network

Microsoft didn't invent the layered approach when it comes to Identity, Devices, Services, Data and Network. It's no new model nor real solution that fixes any problem. No, it's a way of understanding and integrating your assets to bring them in a layered solution where each layer cannot touch the asset next to it. The right conclusion: Layered approach.

Building your foundation identity management solution

Almost every organization started with Microsoft Active Directory Servers/services with Windows 2000 or Windows Server 2003. Cloud solutions came disruptively like BPOS, Office 365 — and we integrated our current infrastructure with Identity federation solutions like Microsoft FIM to provision on-premise active-directory accounts towards Azure Active Directory. Later the process was well optimized with Azure AD Connect.

Azure Active Directory is different from Active Directory on-premise. It has more features and a better security baseline. The options are there to start with a better secure platform. Building blocks. Easier for activations — for example: Azure AD Security Defaults. Maximum value, less complexity, faster implementation speed.

Azure Active Directory — foundation identity management
Azure Active Directory — the foundation of your modern identity platform

Enterprise hybrid cloud solution to extend to Office 365 and Azure

Before 2020 a lot of organizations shifted workloads from their on-premises infrastructure to Office 365. The most common workload was Exchange On-premise to Exchange Online. Later these workloads shifted across the Office 365 landscape:

As you see — once the biggest workloads are migrated on paper there is nothing left except application servers, other e-mail systems, voice solutions and other solutions. Old legacy — phase it out, migrate to different solutions. Focus long-term. Focus strategic.

Enterprise hybrid cloud — on-premises to Microsoft 365 and Azure migration path
Enterprise hybrid cloud — workload migration path to Microsoft 365 and Azure

Endpoint devices and future-proof device management

Microsoft Endpoint Manager is a combination of SCCM + Intune — to get the best of both worlds. Manage workloads from cloud and on-premises. The possible scenarios for managing your endpoint devices:

Microsoft Endpoint Manager — SCCM and Intune co-management overview
Microsoft Endpoint Manager — hybrid co-management and cloud-only paths

I'm a total fan of going for Endpoint Manager in the cloud-only world. Because if you're new to modern management you have the opportunity to use your hybrid identity (from on-premises) and your cloud-only joined Azure AD Windows 10 workstation. Here's why:

When to choose Co-Management? When you're not in a hurry moving to full-cloud and have defined a shift in e.g. 2025. Or when you have big task-sequences and software deployments not yet movable to Endpoint Manager. If full-cloud strategy is defined — don't invest in co-management.

Services, servers and infrastructure

It's all about responsibility, complexity, standards, governance, and the way of stabilising your business-critical systems.

As you can see — the shift of on-premise servers, appliances and services running Windows Server or different operating systems means ownership is fully in the organisation's hands. The downside in general is security. It's difficult to segment, patch, upgrade, update and keep track of risks in the attack chain.

Microsoft shared responsibility model — on-premises vs cloud
Shared responsibility model — on-premises vs SaaS vs IaaS vs PaaS
"Rehost, Refactor, Rearchitect, Rebuild, Replace" — if you want to shift to a modern approach, redesign to Software as a Service where possible.

Example: Azure File Server, Azure SQL — not Windows Server 2016 running SQL instances. Just a SaaS solution. Easier for technical workers.

Data (documents)

Data maturity. Automatic processing. Automation. Document data is crucial and needs protection. Data is the core of every organisation. And still we are sending documents over e-mail, sharing over third-party solutions that are not trusted. We need a consolidated approach to fix the document data 'problem' and discover security risks and compliance issues. We need to take back control of corporate data.

Microsoft Information Protection — document labeling and data governance
Microsoft Information Protection — data classification and governance

Network

I'm not a network specialist. But what I do know is that because of this 'gap' of IT-Pros, the opportunity for hackers rises. If you are able to shift all workloads to Microsoft 365 the network part — and the network security — will become less important when it comes to information breaches and core infrastructure is gone on-premises.

Every organisation needs stable network, shaping, priorities and everything else to regulate network infrastructure. It is super important. But we need to stop trusting our own networks as much as we did before. Because the silo walls are gone. The crucial organisation data has shifted elsewhere.

Why should we trust the inside network more than the outside over VPN or private connections?

Strategic modern workplace decisions

Strategic long-term definitions are important to set milestones to grow to a real modern workplace. Most of the time we are delivering workplace optimisations for just 20% of the possibilities and needs.

Modern workplace strategic roadmap — Microsoft 365 migration path
Modern workplace strategic roadmap — from traditional to cloud-first

There is no room for traditional workloads when your strategy is to invest in security optimisations. There is no room for traditional Exchange, SharePoint and file servers when you want to be a flexible cloud company.

We have seen the world changing. The choice now is:

"It is not the strongest of the species that survives, nor the most intelligent that survives. It is the one that is most adaptable to change."
← back to terminal 💼 view on LinkedIn ☕ buy me a coffee