Solutions for improving efficiency

Efficiency, Security, and ROI: Three Areas to Improve Your Large M365 Tenant Management

Doug Hazelman
© Shutterstock / Andriy Giryak

For many companies, having a single M365 tenant is a benefit – it creates one uniform environment where an organization can easily manage, collaborate and share information. Historically, enterprises struggle with large M365 tenant management in three key areas – efficiency, security, and ROI.

Over the past year, the traditional way of working has evolved dramatically. No longer will you see a company require all its workers to sit in the same building while using carefully configured PCs to do their work from 9:00 am to 5:00 pm. The necessary prioritization of remote work, digital transformation, and underlying IT changes create challenges for CIOs that need to manage their hybrid IT infrastructure. The evolution of the corporate IT infrastructure generates more network traffic, more data movement, and ultimately, a much more complex IT network.

One such challenge that often occurs as the Microsoft 365 (M365) environment becomes larger and more complex is managing a large single tenant. For many companies, having a single M365 tenant is a benefit – it creates one uniform environment where an organization can easily manage, collaborate and share information. However, for an organization with over 5,000 employees working in multiple geographies and departments with different needs, running on a single tenant can limit visibility, create operations inefficiencies, and introduce risk. Historically, enterprises struggle with large M365 tenant management in three key areas – efficiency, security, and ROI.

SEE ALSO: “There will be an increased focus on automation for ITOps”

Leveraging Automation and Delegation to Improve Efficiency

There are multiple opportunities to automate tasks in any M365 tenant but even more so in large ones. Automation or workflows not only save time but also ensure that corporate IT standards are followed. Automation can also include approvals, so a task is only completed once approved by corporate IT or by a department manager. Onboarding and offboarding employees is one of the most common use cases for automation but it can include other things like creation of new Teams channels or even updating user properties based on the output of a report.

Being able to delegate these automated tasks can also save corporate IT a lot of time. Why should corporate IT need to be involved if a local admin or department leader can be delegated the ability to run workflows. Being able to delegate responsibilities and enforce standards through automation means corporate IT has more time to focus on more strategic projects.

Securing a Larger Attack Surface

The second area every organization should look at when managing a sizeable M365 tenant is security. The larger the tenant, the larger the attack surface; however, there are simple ways to reduce risk and make the large tenant more secure.

One of the easiest ways is to limit the number of Global Administrators in M365. Large Microsoft tenants make it challenging to gain a clear understanding of which employees have access to critical data and applications. A lack of transparency opens the organization up to not only insider threats but also cybercriminals who steal credentials gain entry into a company’s “crown jewels.” Microsoft recommends that businesses mitigate these risks by limiting the number of Global Administrators to four or less for any organization.

Another way to reduce security risk is to understand and educate employees about the dangers of Shadow IT. In a remote work environment, sharing information via platforms and applications outside of an organization’s controlled M365 environment is a common yet dangerous practice. Each application used outside of a company’s approved corporate system and security posture presents a new vulnerability. IT teams must gain insight into any and every application connected to a corporate M365 tenant to mitigate this risk.

SEE ALSO: Things to Watch Out for in Low-Code Process Automation

Actualize ROI Through License Management

Good license management is an easy way to increase ROI on a corporation’s M365 tenant. However, to realize significant ROI, enterprises must address two common licensing issues.

The first is a bit more complex for those managing a large tenant, but outside solutions, like SaaS management software, can help resolve it efficiently. Many organizations purchase E5 licenses for employees since it is all-encompassing and is considered the premiere M365 license. Often, this license provides more apps and services than what is needed for employees to complete their day-to-day tasks — leading to many programs and services going completely unused. To cut back on these unnecessary expenses and manage license costs, organizations should take a detailed look into license usage over time to identify if IT admins would be better served provisioning an E3 or E1 license. While visibility into license usage over time might be challenging to do when you have a large M365 tenant, SaaS management tools can measure and manage M365 licensing for enterprises.

The second challenge is being able to minimize the number of inactive licenses your organization holds. It may seem like an obvious task, but many organizations get into the bad habit of purchasing a new license for every new employee due to the lack of visibility in large tenants. If not managed correctly, this can lead to many inactive and unused licenses eating away at the CIO’s bottom line. To stop this cycle, IT teams should implement a process for removing and documenting licenses within the employee offboarding process – that way, a business can minimize the number of new licenses it purchases each year and maximize its investment.

A Microsoft environment can be wildly beneficial in this new era of work. Even though it may be an IT challenge, managing a large tenant will help power the remote and hybrid workplaces of the future. By proactively focusing on efficiency, security, and ROI, IT teams can ensure their M365 environment is delivering significant value to the entire business.


Doug Hazelman

Doug Hazelman is Senior Vice President and Chief Evangelist at CoreView. With over a decade of experience in the enterprise software industry, Hazelman plays a strategic role in establishing CoreView as the technical standard in the market and communicating that to its global enterprise clients and sales prospects.

Inline Feedbacks
View all comments