Comprehensive software reviews to make better IT decisions
Noncompliance in O365 or M365 With Microsoft Is as Easy as Counting From One to Three
There is a common myth surrounding Microsoft licensing in the cloud that license compliance becomes an issue of the past. Unfortunately, it’s not that simple.
As organizations purchase or renew into O365, there can often be two or more user licensing profiles. Multiple profiles can optimize both cost and functionality for the organization. Organizations can choose from Firstline (F1, F3), O365 (E1, E3, E5), or M365 (F3/E3/E5). Add-on security products can also be cause for concern.
While some functionality can be easily managed and controlled on a per-user basis, other features, according to Microsoft, “are not currently capable of limiting benefits to specific users.” These are controlled on a tenant basis and if enabled could cause serious compliance concerns moving forward. While Microsoft hasn’t currently audited for cloud functionality, it could start to do so once we return to normal, post Covid-19. This would enable it to recuperate the large amount of revenue that was left on the table due to additional discounts, promos, or free trial licenses for Teams.
If you are wondering how we have gotten to this point, Microsoft seems to have taken a page out of Oracle’s licensing book. Oracle has been known to not use license keys, as it would slow down an organization’s ability to deploy and use software. Similarly, Microsoft’s verbiage around functionality limitations now reads, “This will help avoid potential service disruption to your organization once targeting capabilities are available.”
Those looking to understand the level a particular product is provisioned/deployed at, can find further information found here. For organizations looking to develop an action plan, Microsoft has a section for each product named “How can the service be applied only to users in the tenant who are licensed for the service?” Most solutions listed are to configure by groups, and others by policies or role-based access. There are still, however, a number that do not have workarounds and are provisioned/deployed at a tenant level. These are the ones to be the most careful with, as they will be the first Microsoft will look at in an audit.
The following 22 products are being provisioned/deployed at a tenant level and should be reviewed:
- Azure Active Directory Identity Protection
- Azure Advanced Threat Protection
- Office 365 Advanced Threat Protection
- Office 365 Cloud App Security
- Microsoft Cloud App Security
- Microsoft Defender ATP
- Information Protection
- Information Governance
- Records Management
- Office 365 Customer Key
- Office 365 Customer Lockbox
- Privileged access management in Office 365
- Office 365 data loss prevention for Exchange Online, SharePoint Online, and OneDrive for Business
- Communication Data Loss Prevention for Teams
- Information barriers
- Office 365 Message Encryption
- Office 365 Advanced Message Encryption
- Communication Compliance
- Insider Risk Management
- Conditional Access policies
- Advanced Audit
- Examine your environment sooner rather than later for functionality that is currently being used at a tenant level and could pose a risk.
- Build an action plan for functionality that can be changed from tenant level, through policies, role-based access, or groups.
- Determine whether the organization will assume the risk on tenant level products that remain unchanged.
- If you are adding functionality or licensing to the environment at renewal time, be sure to check how the product is provisioned/deployed.
IBM is changing the terms of its ubiquitous Passport Advantage agreement to remove entitled discounts on over 5,000 on-premises software products, resulting in an immediate price increase for IBM Software & Support (S&S) across its vast customer landscape.
Firstline worker licenses can be a cost-effective licensing vehicle but could reduce your discount tier or disqualify you from an Enterprise Agreement.
The reality of our new world is finally sinking in, with COVID-19 sprawling across the globe. The actions you take now will determine how well organizations will weather this economic shutdown.
On January 23, Microsoft announced a change to Office 365 Pro Plus. This change will make Bing the default search engine in Google Chrome.
Fluid Framework, unveiled in May at Microsoft’s Build 2019 company conference, lets developers rally the help of near real-time coauthoring, reusable mix-and-match document components, and digital assistants like translator aids in the content creation experience at speeds and scale not available before.
Modern business continuity planning is complicated. Ideas from chaos engineering can help test resiliency, but only if you have a mature BCP.
K2 Software, a major player in the business process management (BPM) space, has partnered with Dropbox, a trailblazer in cloud storage and collaboration solutions. The partnership aims to streamline how business groups using different systems manage information together.
Zerto has enhanced its Azure integration to reduce achievable RTOs and recovery cost. Specifically, Zerto’s latest release leverages Azure’s native Virtual Machine Scale-Sets to reduce overhead, speed up recovery, and minimize additional costs incurred during recovery.
Zerto now provides a DR and backup solution with the addition of long-term retention (LTR). This puts data protection on a continuum from short-term retention (to enable very short RPOs for DR) to LTR (to meet traditional backup requirements).