Video: Time to optimize: How to Execute an Effective Governance Strategy for Microsoft 365 and Copilot | Duration: 3252s | Summary: Time to optimize: How to Execute an Effective Governance Strategy for Microsoft 365 and Copilot | Chapters: Webinar Welcome Introduction (19.455s), Webinar Format Overview (91.44s), Assessing Governance Readiness (141.87001s), Governance and Performance (317.77s), Copilot Implementation Challenges (519.34503s), Data Access Risks (956.21s), Governance vs Management (1245.79s), Governance and Adaptation (1560.49s), Implementing Effective Governance (1922.5051s), Governance Implementation Guidelines (2212.14s), Implementing Governance Tools (2600.64s), Conclusion and Recap (2846.5352s)

Transcript for "Time to optimize: How to Execute an Effective Governance Strategy for Microsoft 365 and Copilot": Hey, Matt. Hello. How are you? Good. How are you? Excellent. Welcome, everybody. We're gonna give just a moment for people to join the webinar, and then we are going to get started. Thank you so much for being here today. Alright. I'm gonna go ahead and get started while we probably still have some people coming in. But hi, everyone. I'm Tori. I'm our vice president of marketing here at Thrive, and we're so excited to welcome you to our webinar today, Time to Optimize, How to Execute an Effective Governance strategy for Microsoft 365 and Copilot. Hopefully, by the end of the webinar, you'll have a more complete understanding of IT governance and how to get started. So a few housekeeping items. So we're gonna try and keep the webinar today to roughly forty five minutes, and that will include q and a. We are very grateful that you're spending this time with us, and we wanna be respectful of that. We do have a q and a tab that is going to be open during the entire presentation off your right hand side. So please make use of it throughout. You will be answering as many questions as we can get to at the end. And if your question doesn't get answered live today, we will be following up to any questions via email if we didn't get to it today. We will be providing the slides and the recording for today's webinar to you, after the webinar, so you will get both of those things. So we wanted to kick off today's webinar with a few polls, so I'm gonna start sharing those. So our first question is, are you confident in your ability to control access and security for Microsoft 365? We have yes, no, and not sure. And I'll give a few seconds for everybody to answer that. Looks like we've got a good percentage of no's and not shores, which I think is what we were expecting going into this webinar. I'm gonna give a few more seconds for this one as I see some votes are still coming in. Right. We are at the most of not sure, and I I think that is what we were expecting. I'm gonna close this one. I'm gonna open our next poll, and that is, do you treat governance for your Microsoft 365 differently than other IT projects? Yes, no, or not sure? Yeah. Not sure is pulling away here too. I think we also expected that. Give a couple more seconds. Okay. And then our final poll, do you have any defined governance plan in place for Microsoft 365? Another yes, no, or not sure. No is definitely our big leader on this one and Yeah. That surprise you at all? Not at all. We hear this all the time and, yeah. Hopefully, by the time we're through this, we can paint a picture as to why some of that's important and how you can get the jump on that. Absolutely. Okay. I'm gonna go ahead and close that poll. So thank you for participating in those polls. They are going to inform some of Matt's presentation here today. So our agenda, Matt's gonna cover the basics of IT governance, getting started with governance in Microsoft 365, and then tools for managing governance within Microsoft environment. So with that, I'm going to hand this over to our expert, Matt Tabor, who are who's our director of product management for cloud. So, Matt, take it away. Thank you so much, Tori. Okay. So, thank you all for being here today. Hoping that we can provide some really great information and, give you guys, something to to build on as you go forward and work with Microsoft 365. So, governance means a lot of things to a lot of different people. Just, you know, we could get we could talk for hours on this. So I wanna make sure we keep it in, you know, compartmentalized around. Let's use Microsoft 365 as our primary example. There's a lot of, specific things inside of Microsoft 365 that make it the best candidate in the world for a strong governance plan and there's also other reasons why you would wanna treat it maybe a little bit differently than some of the other things that you work with, from from an IT perspective. So we'll keep it and, you know, keep the the the talk around Microsoft 365 and and see where we go from there. Okay? So first of all, let's start off with, a little question here. So, Gartner or KPMG, had had done a poll recently around governance and they got a surprising, answer back that 51% of IT leaders that obviously were a part of this poll, did not see an increase in in performance or profit from the IT projects that they invested in, for the last two years. And that was shocking to me when I found that and, very very interesting piece of information because we keep building these things, we keep modifying things inside of our IT environments and you always expect to see a return on that investment over time. And so, the the obvious question that next would pop in your mind when you read something like that is, well, why? Why? And so before we get into answering the specific why, I'll post another, question that was part of another poll. So within that KPMG survey, they also we also found that 47% of the respondents cited that breakdowns and collaboration were a huge part of the challenge in whatever IT project that they push forward. That really got me thinking as to why that might be and as we keep digging down, through the the data and you can see that the next question that popped up, the answer was, from another survey with Thoughtworks where they said that IT projects fail for one of two reasons and it's the age old the age old problem, too much or too little. Right? So, what they found was that they were they're failing for two reasons. There's either way too much oversight, which makes it very difficult to adapt and to it makes the delivery slower for that project, to the point where maybe some of them never even get completed because there's just too much perfection in it. People wanna control too much. And then obviously the opposite would be too little. Right? There's not enough oversight which ultimately would introduce security risks or poorly designed implementations that are gonna cause problems down the road. I would say with my experience, the second, the latter, the too little oversight is generally the greatest issue that we see in terms of Microsoft Microsoft 365 and there's a lot of reasons for that and we'll cover Microsoft 365 and there's a lot of reasons for that and we'll cover that as we go through here. But just over the last year, Thrive has has worked with our customers on a on a number of projects, specifically inside of Microsoft 365, but I'm sure we've done way more than that for other stuff too. But, talking about three sixty five in in particular, the last year had we've had a lot of conversations around Copilot. Copilot for Microsoft 365. It's been a huge IT project that a lot of companies, wanna invest their time and their money in deploying because they think it'll provide value to the business with that technology. If we just use Copilot as an example in in terms of why IT projects would fail, we're seeing with Copilot right out the gate, typically when when people first start that project, they are slammed in the face with the millions of complexities and components that have to be thought of before you roll this out. We've done a I think we've done a pretty good job here at Thrive over the last couple of years, over the last year of really informing our customers on some of the challenges and some of the issues around Copilot and what to look for and what to expect when you're when you're planning on rolling that out. But the truth is Copilot's really no different than any other technology inside of Microsoft 365. Three sixty five is very different because it's a it's a different way of working. It's not the same as as you would see, a traditional router switch firewall server that we're used to inside of our IT world. It's more dynamic and that's where we get a lot of issues with it. So, from the perspective of Copilot though, immediately, everyone is gonna is gonna be smacked in the face with that decision that I told you about before because you're gonna see all of the rewards that Copilot brings, but there's also all of these risks that are associated with it if you don't build that technology out properly. And so we thought this would be a really great, topic to talk about in a governance conversation because governance issues are the number one problem that we see with Microsoft 365 implementations. Whether they started five years ago or somebody's just thinking about moving to 365 now, it's always governance is the first and most crucial issue, with any of this technology. So, let me keep let me I'll keep painting the picture for you. So, with Copilot, for instance, great feature inside of Microsoft 365, Users are immediately gonna be like, yes, please. Please, please, please give us Copilot. I wanna I want all the benefits of not having to, like, write my own emails and I wanna do this and it'll help me do all my job faster and better and and easier. But then at the same time, if you just go and turn on Copilot, immediately the result of that issue is gonna be, your IT department on the other side is gonna be running around trying to solve all of these little micro issues that are evolving, from just flipping that on because seriously, with Copilot, the only implementation for that tool really is turning on a license to a person and then for once that happens, all of the downstream effects are gonna be or IT is gonna be responsible for everything else that comes to that. So, just breaking down Copilot for anybody that isn't familiar with that technology, there's a huge amount of benefits associated with that technology. Of course, we're gonna we're gonna see things like enhanced productivity. Who wouldn't wanna automate repetitive tasks like drafting emails, summarizing documents, generate generating meeting notes quicker? I mean, we're talking about a tool that allows you to focus on the higher value work and get rid of this minutia stuff, the day to day like, stuff you don't wanna do on a regular basis, right? And then, another another huge part of Copilot really is around having smarter decision making capabilities, right? So, Copilot has access to everything that you have. It's your assistant. It's supposed to have that level of access. It's supposed to work for you to improve your day to day operations, your life or everything, right? So, the smart decision making component of this is great because it can it it'll it gives you access to insights across all of the features inside of Microsoft 365, whether it's emails, chats, documents, everything. So if it's configured properly and you have the right data that it's looking at, it can absolutely give you better informed and timely decisions when you're trying to do your job on a day to day. Also, the perspective of improved communications. I mean, like, I don't know. I've been typing emails for years and years and years now and I still find that I could write them better. I could get them shorter. I could get them more concise. I could get more to the point with stuff. You'll learn from this webinar that I love to talk and I'm probably gonna do a lot of it here. So I can over communicate sometimes, right? So it's great for me, like, I can go and have Copilot trim my email down so it's right to the point. Who wants to read a seven page, you know, seven paragraph email from somebody? It's not gonna happen. You're gonna miss information. So, it'll help the users create better, more professional content, better presentations, better reports. Right? Help them affect, communicate more effectively and also at the same time, it's gonna accelerate the learning, and onboarding of new users and this, I think, is probably one of the things that people don't talk about enough but really is probably one of the biggest benefits of the tool. Especially if we're talking about something advanced like Copilot Studio, which is, centralized knowledge bases that are attached to that AI for for very specific information. So you could basically create an HR agent that has all the information about where to find your benefits, how much we match on a four zero one k, like all those little bits and pieces where somebody could just have a a casual conversation through typing and they're gonna get all that information back. So if you could imagine I know here at Thrive, we have so many people here and sometimes hard to find who the right person to talk to about a thing is. If you could just have a conversation, with your AI agent to say, who should I talk to about this security matter that I wanna and it says, oh, the person that runs security is x y z. Go find them. It's gonna help people find information and do better jobs faster and better and get people up to speed faster. So that's a huge benefit and so we would want this. But unfortunately, like I said earlier, risk and reward and everything in IT is gonna have that age old risk and reward back and forth content to it. So, the risks of Copilot, for a lot of people that we've talked to, have outweighed the reward up to this point because of the amount of effort that they would have to go to get their day to get their environments up to a place where they would feel safe implementing this technology because why? Because governance wasn't our original part of the deployment of Microsoft 365 and we'll we'll tie that in as we kinda go through but that's really the age old issue that we're seeing now with Copilot. It's been what we've looked at for the last year. It's like there wasn't a governance plan when it started and now we have to react to all of these new capabilities and how we secure all these little things that all play into the story of how Copilot can ultimately cause more damage than than help you at the end of the day. So, with that, some of the risks that we'll just say here quickly and so we can move forward, is around data access control. Probably the number one. I would say this is probably the number one thing of all. Data access control is huge because, like I said before in the last slide, Copilot has access to everything that you have access to by design because it wants to help you. It wants to be able to help you find that information that you're looking for, bring it to you quickly, with authority so you can use it and move on to the next thing. With that, if there wasn't governance or strategy in the very beginning, you could have found yourself in a situation where you brought a lot of information into your Microsoft 365 environment. I don't know, the file server was dying and you needed to make a quick move and bring something over or, hey, we just needed to get something into the cloud or, hey, there just happens to be a global pandemic that doesn't let anybody come to work for a year, you know. And we need to figure out a way to get around the VPN and have it easy to use. So these are all things that happened over the last couple of years that could put yourself into a pretty sticky situation when it when you talk about giving an artificial intelligence access to all of the information that anyone may have access to knowingly or unknowingly. So this is huge. You wanna make sure that there isn't unintentional data exposure inside your environment even if it's just innocent. You know, if somebody types in a in a message what are, what are the executive, salaries bonuses for last year and, oh, they accidentally had access to a folder somewhere in Microsoft SharePoint that they never knew they had access to, but it gives them back that information right in front of their screen and then they're like, oh, I shouldn't know this. What do I do now? And then they gotta go walk their way out of it, you know, and figure out how they how they're gonna fix that, you know? Or they just don't tell you and move on with their life because they're afraid they're getting trouble and I don't know which one's worse at that point. So then from an information life cycle management standpoint, this is really huge too and I think a lot of people don't think about this with Microsoft Copilot. It's that that that scenario we talked about before where you've just brought a whole bunch of data and dumped it into Microsoft SharePoint or you've dumped it into Microsoft OneDrive or this is all your historical ten, fifteen year data that you've been working on and collecting, over the years. And so now you have all of this information inside of March and the problem that you're gonna see immediately is that there's gonna be a lot of outdated information. There's gonna be a lot of irrelevant data. We refer to this type of thing as ROT, R O T. It's redundant, obsolete, trivial. Little acronym there And that's a huge problem with Microsoft Copilot is in is having all of this rot data inside your environment, and you may get wrong information. You may find stuff that's incorrect. It may bring you back information because it's it finds the first thing that it comes up with and it's like, oh, it's the answer six and it's really eight because it's version three that it's looking at instead of version five. These are things that you have to take in consideration, in the environment and make sure that you're working against. Another big issue, is security and compliance alignment, right? So, you wanna essentially make sure that your governance policies align with any compliance requirements that you have. So if you're in an environment like a healthcare organization or, financial services of some sort, you're gonna have these, regulatory things that you have to comply to on a regular basis and implementing copilot may cause some rift inside of those compliance, needs that you have. So you may wanna think about implementing things like data loss prevention or sensitivity labels or insider risk management to make sure that you are not outside of compliance the next time the auditor comes in to check and see how we're doing. These are all issues that need to be thought of and considered inside of the Copilot world. And last, quality and context. If you have too much information in there or it's not well structured or it's not organized or it's just not in a way that's contextually rich, you're gonna have a bad experience with with the AI. It's not gonna give you the information that you're looking for and you're going to ultimately have a failed project because you didn't take the time to clean up your data set before you put AI on it. It's basically the same thing, junk in, junk out. You hear that all time with programs, programmers, databases, everything like that. It's the same thing applies to this. If you have a lot of junk data sitting out inside your environment, it's you're not going to get a good experience with Copilot. So, going back to governance, this is where the answer really comes into play. Governance defines how your organization implements and uses that technology. Period. That's really it. I mean, there's a lot of different definitions that you'll hear about governance, but that's really what I want you to think of in terms of Microsoft three sixty five and any other new technology that you're building in. You're thinking about guardrails, you're thinking about controls, measures and and and not just for now but what's coming next because we live in a pretty dynamic IT world right now where every week there's some new technology that's being launched. There's think about how fast AI has evolved in the last two years. Like, we went from like AI'd be cool to wow, AI is kinda everywhere. You know, and it's been shocking because it's like if you've been focused on something else and you woke up one day and you're like, okay, there's a thing called chat g p t that can pretty much answer any question that I have, you know. So it's it's interesting, how how far we've come and this is where I think governance is more important now than it really ever was inside of IT because of the rate of change that we're seeing inside of technology and how fast things are moving. And I I and it's funny because I would have said that three years ago and it's now like 300 times faster than that at this point. So crazy. So if we take that defining governance principle and we look at it, if we look at Gartner who's the shining light of all information inside of, IT and technology, their definition really is is, the processes that ensure the effective and efficient use of IT in enabling an organization to achieve its goals. Okay. That sounds good. I like that. I'll use that. That works good for me. But, unfortunately, there's a lot of confusion around governance, management, proactive, reactive, all all those things kinda play into the same thing and I think what people the big the biggest misconception that I hear from people all the time is that when I say, what's your governance plan and they start talking to me about how they manage their technology. And those are kinda different things. Right? And let's just, but just, you know, for the sake of it, let's let's talk about management for a second in terms of Microsoft 365 and I'll share a little bit of information that for anybody that had the no or, the the the unsure, you know, in those polls, you are so not alone because the Gartner did a survey with all of its various members not too long ago and they felt like look at these numbers right here. 47% of IT leaders have no or little confidence in their ability to manage security and access in Microsoft 365. Only 2% of respondents said that they were very confident with their ability to manage security and access in Microsoft 365 and just to let you guys know, security and access is the most important part of Microsoft 365. Just period. I mean, that's the whole basis of your governance plan is figuring out who has access to what, how you're gonna control it over time and how you're gonna ensure that that access is maintained as they change the platform every other Tuesday. It's a daunting, thing to do, but that's really the heart of what governance is. So this breaks down to the concept of governance and management and just so we're clear, I'm gonna define that right now, as simply as I possibly can. Governance is really focuses on policies, compliance. It's a very strategic thing. You're thinking about planning, you're thinking about setting up the guardrails, setting up the controls, setting up the configurations initially and then being able to check those and maintain those over time and effectively mitigate any changes that you need to make inside of that organization as the technology grows. Whereas management is something that you think of when you're talking about servers and switches and firewalls. It's day to day operations, it's configuring a thing to a specific set and then keeping it that at that at that specific set until you absolutely have to make that change because somebody has now requested access to thing or something else like that, right? It's a very tactical subject in nature. It's it's day to day. It's the operations of stuff. So governance is the preplanning that leads to management and I think a lot of a lot of times when you if we go back one step back to the slide and we see these numbers, the thing is is that like, I think the reason why a lot of people have trouble managing Microsoft 365 is because there's a lack of governance planning and strategic in nature. That's kind of ties those things together and pulls it to a place where you can fully understand that maybe, hey, maybe I'm a little bit, behind on this particular technology because decisions I made through, you know, three years ago are now affecting me and I can't push forward. Right? So it's gonna ultimately affect your management in that scenario. Okay. So we'll jump ahead now to how we can fix that and how we can move that forward, right? Because governance, first of all, this is a big difference between governance and management. In the old world of servers and switches and all that jazz, management meant I'm the IT admin. I'm gonna go set a firewall policy. I'm gonna settle these rules and then if you wanna change it, you have to come talk to me. There's there's I I'm gonna make the rules. Well, I'm gonna work with my executive leadership. We're gonna set our policies and we're gonna that's it. They're defined and that's that's forever. With Microsoft 365 and technologies that are more modern in that respect, they are really more focused around enablement, self-service and user management than the traditional I'm gonna set these configurations, they're hard in stone and they never get changed and all I have to do is just kinda go back and make sure that nobody changed those configurations over time. Okay? So something like three six five, this is why we focus so heavily on governance inside of Microsoft Microsoft 365 because it's not simplistic. Like, I believe me, I don't want to try to under undermine the thought of managing servers and switches and firewalls and routers. That that's that's a hard job and that's hopefully that's why you're working with us to help you with that stuff because we're good at that stuff. But the thing with governance in March is it's way more dynamic than that standard, like, just set it and forget it kind of mentality or just set it and then go back and look at it on a regular basis to see and to make sure nothing's happened. The the governance to Microsoft 365 affects how users really work in their day to day life. So tools that you choose are gonna affect anyone who's working inside of that organization and their job pretty much for the entire time that they're using that technology. So, the first thing that I would recommend to anyone who's developing a governance plan for their organization is just stop and listen. Talk to your users first. Go in and understand, like, what's going on? How are they using the technologies today? What's working? What's not working? What's a what how how do we how do we make it better for you? While also maintaining the compliance and regulatory rules and stuff like that that we need to as a business. But so you're gonna talk to your users first. You're gonna incorporate different teams and different user types in that because a lot of times what we've seen is someone will make a decision high up at at an IT level about we're gonna use this technology and it may work for, like, two thirds of the users in the organization, but there might be, you know, Tori over there in in our marketing team, and she's like, I hate this. This is terrible. Like, the old process was so much better, like, even on I could even do this better in Excel than using your dumb system that you built for me on this. Right? And because maybe it just it we never talked to marketing on that when we built that solution and so they never had any input in it and we're just creating solutions in a vacuum as opposed to talking to people who is who those solutions are gonna affect on a on a day to day basis. The other thing that I would say about listening is training. Right? So, when you develop these tools and you pull them out and you, you know, you release them to users, you don't necessarily just wanna throw them out there. You wanna make sure that everyone fully understands how to use the tools. So a huge focus on training, learning paths, how people use these tools. Whatever you're deciding on, these standards that you're building, they there has to be an ongoing communication around, training and it can't be just a static like, here's how you do it and then you walk away. You gotta continually always be training and always working with your users to make sure that they understand how things work now and as things change in the future. And obviously that just comes into the next line there of communicate broadly. Like, when everyone knows the plan, the plan's gonna work. If only 10 people know the plan, it's probably not gonna work out too well, right? So that's the idea that we're we're working through with that. And and also incorporate all of the feedback that you're getting from these people. Don't just don't just have the meeting and then walk away. You wanna make sure that you're having that meeting, you're running it through and then, you're making changes as as needed. So that gets you into the next pillar of adapt. Evaluate the risks and the requirements at every stage that you're doing. Test changes and phase rollouts. So, from that perspective, we're really focusing on, smaller groups because smaller groups are safe from a securities perspective, but smaller groups also create a buzz when you do it right. If you push out some technology, to the so let's use Tori again in her marketing department here, let's say. If we if we built some new cool technology like Copilot and we we pushed it out to Tori's group and they're seeing all the success and how quickly they can make presentations and how quickly they're communicating and how fast they're finding information. Tory's a talker. She's gonna go tell everybody else that she works with in her office about how well this technology is working for you and before you know it, you've got five or six other groups coming to you and saying, when are we gonna get Copilot? When do we get Copilot? Like, Tory's got Copilot. Why don't I have Copilot? You know? And that kind of thing. And so that's gonna build over time and you're gonna create a buzz around that technology. So when it finally does get launched, somebody's gonna be like, we have Copilot. Yes. And then so now they can move forward and they're more excited about learning that technology and developing that technology because you created that buzz with inside your own org before you even released it to them. So, that's another huge part about, making sure that users involved are involved in the beginning and through the entire process and that's not just specific to Copilot. It's if you're building a SharePoint, intranet, if you're releasing Teams, if any technology that's new that's gonna affect them, if you're building power platform or automations or anything like that, make sure that you're doing it in a way and you're choosing a group that likes to talk and brag about the tools that they have because that will help you ultimately adopt that technology across the organization way faster. And then, of course, you need to review those solutions as the technology and business needs change because not only is the technology gonna change, we know, like I said, every other Tuesday we get something new from Microsoft. Right? But, like, the business is ultimately gonna change too. Think about, you know, economic needs, the way, you know, geopolitical, all these things are all coming together and it's all gonna change the way business works. Your priorities from two years might not be your priorities today. And so, as long as you're maintaining those with the ultimate governance plan, you're safe and secure and you you know you're heading in the right direction. And then, of course, aligning the business priorities with those goals. So, Tori might not get CoPilot at first because maybe there's a bigger bang for the buck somewhere else, for another organization. Maybe we wanna apply that to RFPs. That might be a bigger thing, like, because we get so many of those and we wanna reply back and make sure we have good information and stuff like that and everything in one spot. If you've ever filled out an RFP, you know, it takes quite a long time to put that together. So that might be a thing. Sorry, Tori. We're gonna put you on hold for a minute but we're gonna articulate to you why that's important and how it's gonna make a big difference in our organization there. We'll also complement existing processes and requirements. This is so huge for me and this is probably the biggest thing that I will the secret it isn't a secret that I'll share with you today. Don't throw away old processes just in lieu of modern technology because you're trying to modernize the solution. There may be things that you're doing that work so well and no technology is gonna come in and replace that. There may be there may be situations where it's cheaper to outsource a thing than get Copilot to do it for you. We talked about that on the last webinar that I was on last year with Copilot. The biggest issue with AI is people saying, oh, AI can do that. Maybe not. Maybe it's more expensive to use AI than it is to just outsource that technology to to a group of people somewhere else where you can get cheaper labor and you can do it that way. You know, I mean, who who knows what the answer is but you have to think about everything and don't just throw out those old processes just because you're developing new technology and it's Microsoft 365. There may be ways that you can take those old processes and convert them into an automation or something like that that just makes that process faster but keeps it the same. Those are things to to to look forward to when when you're working with governance. And then also incorporating governance into solutions and processes. So, you know, make sure people understand the reasons why you're doing this or why you're making these rules. So it's not just like, because I said so and you're like, oh, okay. You know, if generally, when you give people a reason for why things are like they are, they they're more accepting and they'll be willing to move on. So, as you're setting these objectives for governance, here are a couple of pillars that I just would like. I'm gonna talk about this quick and just move forward. I think we've mentioned a couple of these things so far but things, the the main objectives for governance are really gonna be things like risk management, compliance, value, performance and security. And each one of these I could talk forever about why they're important, but obviously some of them are pretty pretty self explanatory. Risk managements, compliance and security. Okay, right? So any decision that you're making with IT, you really wanna take those things into consideration. You don't ultimately wanna create a hole or create some kind of problem with that. On the other side, maybe they're a little bit more there's a little bit more into those those components. Value, right? What we were talking about before with Copilot, it can do a lot of things but you have to make sure that it's the right value for you as a business. If it makes sense to outsource that techno the thing that you're trying to do because you think Copilot can do it faster or whatever, Maybe that's the right business decision for your organization and you have to take that into consideration when you're making those needs. The technologies that you implement have to have a greater value than the risk, the compliance issues and the security that you're that you're building. So if you create a pillar around that, value they have to have a greater value than the risks of those things and you have to make sure that all of those things are mitigated before you can release that technology. The other thing is performance. You only wanna implement technologies that will increase the performance of the business. You don't ever wanna put something in place that's going to make someone have to work harder just to use that modern technology quote unquote, air quote, air quote. Right? Oh, I built a form that does this. Okay. Well, it was easier the way it was before or, you know, these are kind of things that you definitely wanna take into consideration when you're building these things out, and they will take you to a good place with with governance. If you think about those five things, you're you're you're doing a great job. No. We're running out of time so we'll I we're almost through this and we're gonna kinda go through here. So, getting started, some of the things to think about when you're building and just some of the workflows in governance, here's a couple of things to to work through. Guidelines for usage. This is huge. Specifically for Microsoft 365, there are so many different features, functionalities, tools, components. There may be five ways to do product project management inside of inside of Microsoft 365. If you think about it, there's planner, you can integrate project, you have lists, you have libraries, you get all this kind of stuff that you could do, right? So, understand what it's gonna be the best thing for your business and then make that the standard. Standardize around technologies and process that fits inside your business rather than just what the next best crazy coolest thing is that's out there. Talk to cross functional groups and identify requirements. We spoke about that before. Please don't do your don't build guidelines in a box in a vacuum. You know, you're gonna make sure that you're talking to multiple groups because if you can solve the same problem in a bunch of different places, it's gonna be there's gonna be a greater value than just going in and solving individual problems for individual groups that you're working with inside your organization. So try to go high level first and then as you're if it doesn't work at a at a at a macro level, then you can get into the micro, solution solving for these for these things that you're trying to build around. Identify other applications and services involved that are integrated in that technology. So you can't just think about three sixty five. Maybe there's an integration with ServiceNow or with your ERP or some other solution that you have in there. So, the governance decisions that you make around that technology have to also include other technologies that work with that technology. It can't just be limited to whatever you're looking at at the time. Also determine what kind of data is being created and stored. This is these are guidelines across the board. Like, I would say specifically, you know, we're talking in terms of three sixty five but even other systems and other things that you might be using, these are all important things that you wanna look at for that. Where's your data being stored? How is it created? I mean, data is gold and you wanna make sure that you protect it at all times, right? So that's an important step there too. Steps for implementation, you want to identify and document end to end workflows and key processes. I can't I can't describe to how important documentation and getting the processes and the procedures down in written format and publishing those to a group of users so that everybody understands and they can find it. Maybe you even use your AI agent down the road to enforce that if once you get there. But that's the whole purpose of trying to get things outlined and shown, because you can use those guidelines to set baseline configurations and settings at a macro level and just push them out. You really don't want to get into a scenario where you are hand configuring anything in this day and age. We wanna go and push things out. We wanna automate as much as possible. We wanna kinda control that and take the human error side of things out of the mix. Not because we don't trust people because it's better, it's more efficient, it's faster to do it that way and when things come up, you can pivot quicker when there are issues when you have automations in place. And then the last part of this really is around monitoring and enforcement of these technologies because it's great. If you have kids, you understand. It's great to make rules but it's kinda silly to make rules that you can't enforce. Right? You know? So and you'll learn that pretty quick, I imagine, if you haven't already. So, monitoring and enforcement is huge, in this. So you wanna make sure that you have systems that can go and check and and be available and can show you what the issues are and and what you need to do and how, if there's an something comes up, you know quick. You don't find out about it three months down the road. You're not, like, just doing manual views of logs. You're like, you've got a tool in there that when something changes, it alerts you immediately and says this has changed. Does it affect your compliance? These are all things that are gonna be super important. So setting up monitoring and then checking the performance of your governance plan on a regular basis are gonna be keys. Governance is not a project, it is a lifestyle. Like, you wanna be able to get to that and you wanna build these governance boards inside your organization and continue to work with them over time, to make sure that you're maintaining these, you know, high quality. Getting done here. Okay. So really quick on this one, defining requirement required policies and procedures, I'm gonna I'm gonna I think we talked a lot about this so far so I'm just gonna kinda highlight these as we go through. For March, the order of operations is really gonna be access management at the top tier. You wanna make sure that you understand who has access to what, how you can control that and when somebody leaves an organization that you can effectively kill that can kill that access and maintain it over time, even when people change jobs and move from things to thing. The next one I would talk about, the second priority would be data protection, because generally if you get the access management right, you're gonna it's gonna flow down to data protection but, once again, you wanna make sure that you have things like encryption, backup strategies, retention policies built into your environment to ensure that your data is protected and secured. Access management will go far but you have to be able to react in the fact that if something goes wrong, you can get it back. Also usage guidelines. So make sure that you have published usage guidelines on how to use the tools. Acceptive use acceptable use policies for Microsoft 365 technologies and that you have a tool that can be used to go and check that, to make sure that the configurations are right and make sure that people are using the tools in an effective way. And then obviously the last one that I mentioned before was auditing and reporting, but I will tell you do not make this a manual process. Don't give someone the job to go every third Thursday and look at the logs and try to figure out what's going on in there. You want something that's proactive inside the mix that's actively collecting information and telling you when something happens so you can quickly react to that or plan ahead if you know a change is gonna happen. Or even check yourself if you make changes and then, oop, now you get an alert because you're out of compliance, you might wanna reverse that pretty quickly but, auditing and reporting, I I can't tell you enough about how important that is, and how you should work forward with that. Okay. So, just communicating and advocating across the organization, you know, do a self assessment. See where you are today with those things that I just talked about, access management, all that. Develop policies around, things that are specific to your organization. You create a comprehensive governance policy on how to make things work and publish it. When you implement it, remember, we're implementing in small chunks, we're not implementing across entire organizations, just in smaller chunks and we're creating, fans inside of that. People that are going to talk about that technology to other groups. Training. We're making sure that we have, proper training in place to ensure that everybody knows what they're doing and they understand the rules and then once again, we're constantly monitoring to make sure that the policies are good, that the configurations are set and then everybody's doing what they're supposed to be doing inside of the governance plan. Super, super important with that and I would also say make sure that you have the tools in place to, you know, for March there's really important tools that you wanna make sure that you have together for this. You wanna make sure that, you're using the compliance center for all of your compliance needs inside of Microsoft 365. It's a wealth of knowledge that kinda helps you understand whether you're in compliance or not based on the settings and configurations that you have, you can see at a glance what you're doing, from an access identity and access management perspective, Entra ID is your is the king of your environment. Like, you wanna make sure that that technology is as good as it can possibly be. You have groups set up, You have, your permissions are all top down. Like, if you've developed SharePoint or you've put a SharePoint environment in, you don't have a scenario where six file folders down inside of SharePoint, you've broken inheritance of that and you now have, like, different people have access to a folder layers deep. Whatever the top layer folder is, everything should follow down and if you need to have information that's separate from that, you need to create a whole new place to put that. Right? That's how that's how you keep SharePoint and Microsoft 365, in compliance with that. You want high level groups where all the permissions roll down so every time you assign someone to that group, you know what they have access to and you can just view that and control that from a top level. I can't stress to you how important that is. That's one of the biggest mistakes that we see when we pick up a new customer and we start working with them. Maybe they have like inherited permissions somewhere deep down in a folder because they were trying to replicate what their file server was like, right? Okay. Intune's gonna help you with device management. You wanna make sure you have that in place, we can help you with that and then this is a big one too that I'll mention real quick. These last two are things that people don't think of when they talk about governance. Third party insight tools. Microsoft does a great job of having all this information together but they do a terrible job of putting it in one spot for you to see it. So an insight tool is gonna allow you to basically create a dash board where all of your logs are gonna be shown. All of your configuration managements are gonna be there and there's tons of third party tools that allow you to do this. We have a couple that we love and use on a regular basis. If you have questions about that, talk to your account managers and we can help you with that. And then the last thing is your learning management system. You wanna make sure that you have a system in place to ensure that people understand how to use these tools and what they're how to use them on a regular basis and that there's adoption is happening. We'll just kick these takeaways away and then I'll turn it back over for questions real quick. So, key takeaways, understand what your overall business goals are, align how you use technology to support your goals, talk to your users. Please don't try to do governance in a box in a in a vacuum. Make sure you keep open and ongoing communications, with the users, lean into governance tools that enforce policies and provide reporting metrics, huge, and then ultimately just set up a cadence and evaluate your current performance and adopt changes as the business or the technology changes. I know I threw a lot at you there today. Thank you so much for sitting through it. You did great. And, hopefully it was helpful. So, Tori, I'll I'll I'll I'll turn it back over to you here. You did great. That was a lot of information. You, you know, said that I like to talk, Matt, but I don't know. I think we just had, forty seven minutes of proving that you do too. I said I like talking in the beginning, so I guess I can. That's right. We both do too. Yeah. I don't wanna take up I know we promised forty five minutes, but this was all really, really good information. And, honestly, I think that as the presentation went on, we did answer quite a few questions that were at the beginning that we got in the q and a. But I do just want to remind people that, yes, a copy of the presentation will be shared, and, yes, you will also get the recording of this webinar today. So I I saw that question come through a couple times, so I wanted to make sure to answer that again. Okay. I think there are a couple that you maybe wanna answer, Matt, and then we'll answer any other ones that we don't get to. Yeah. I I saw a bunch in here that were, were really good. I and like I said, I think I think we answered a couple of them here. Yeah. We did. And as we were going through, but I think, here's a couple of them that I thought were really, really smart. Here here's one, not that they weren't all smart. They're all smart. I'm not saying that people people don't have smart questions. I'm just saying ones that, like, struck out to me as, like, oh, that I don't know if I covered that. So one of them here was what's the difference about governance for Microsoft 365 versus something on prem? Okay. We covered a little bit of that, but I didn't go too far into that, so I'll try to keep it high level. I think the biggest issue with Microsoft 365 is it is a user centric system. Right? So with the olden days of of infrastructure and stuff like that, it was more like you were focused your governance policies for that would be more focused around, like, perimeter based controls. Like, what do I need to keep inside the firewall? As opposed to, like, with 365, it's really the main focus is identity based control. Like, because you're not like limiting them to a specific area. Like, they don't walk into the office and then have access to Microsoft 365. Generally, you've got access to it from wherever you are. You can create those kind of controls with, with different policies, but for the most part, most of the customers that we work with are are pretty broad with how they release Microsoft 365 out to their environment. So perimeter based controls shifts more to identity based. Traditional on prem environments are very static. I did talk about that a little bit. They they did set them and, you know, minimal changes have to happen over a regular basis, but, you know, Microsoft 365 is dynamic and it's constantly evolving and Microsoft's pushing pushing new changes in there as well, that you may have to keep up on. So that's another reason why the monitoring is really important because they may release a new feature that breaks something that you set and you may have to go back and fix it. So that's huge. IT admins kinda controlled everything inside of, inside of the old, on prem networks whereas, like, you're it's more of a shared responsibility across business units for who controls what, like SharePoint has site owners that people can give access to. You can give your own access to somebody to something inside your one drive. So it's it's a little bit different from a access management perspective there and I think, you know, traditional on prem, we were looking more at like reactive audits. Okay. We're gonna go and audit the whole environment because there was a lot to it. Whereas with March and governance around that, we really are looking more for proactive policy driven automation to kinda make sure that things are happening the way they want and it works more like software than hardware and I think that's probably the biggest thing. So when you're thinking of March, you're really thinking of it in terms of software development and software management as opposed to like configuring a box that does a thing, if that makes sense. Okay? Jeez. Let's see. Let's see. I think we have one more that maybe we answer and then, we will get to the other questions. One did come in about, the access that Copilot has. Is it only to SharePoint and OneDrive? Or anything? See that. Yeah. So so Copilot, does Copilot only access data in SharePoint and OneDrive or does it can it have have access or or does can it have access to anything? So basically, the way Copilot works in by default, when you first turn it on and you and you assign a license to somebody, Copilot will give you access to everything that that person has access to. So it doesn't have access to everything in the environment, but say for instance, if I am somebody with an elevated sense of level of control, like, for instance, your chief financial officer or the head of IT, that person could have quite a bit of access across the entire environment. So, you can now and this is as of like a week ago. Like, Copilot, the next the latest version of Copilot just came out last week. There are some significant controls that they've put in place they didn't have for the first year. It still is a default configuration of everything that you have access to. The cool thing thank you so much Microsoft for finally listening to us about Copilot. The cool thing about Copilot now is that you can go in and restrict access to specific document libraries inside of SharePoint, OneDrive, Teams, But just to answer your question, specifically, yeah. Copilot, if you just go in and assign a license to somebody, SharePoint, Teams, OneDrive, email, calendar, everything that they have access to inside of three sixty five, all of their components, planner data, everything, it sucks everything in through the graph, but you can do it is a little better now, as of, you know, this week, you can now make more RBAC based controls where you can say I'm gonna give you access to these five libraries but not this library over here. You can still do that with purview too even if you wanna create rules that restrict Copilot. So there's definitely ways that you can control Copilot better than you could a month ago, but it's still things that you need to think about when you're gonna implement that technology. Hope that answered your question. Alright, Matt. I think we're gonna take any other questions offline. We'll we'll respond to the rest of them via email. I don't wanna Okay. I don't wanna take up any more time of anybody. So, I really appreciate everybody joining us today. We will get your answers out to you. I promise. And I hope that you've taken away some really useful information. So thank you again, Matt, so much. This was a Sure. Really great presentation. And thank you everybody for joining. K. Take care everybody. Bye bye. Bye.