Transforming change management at Microsoft with Microsoft 365

|

A businessman using a laptop in a conference room.
The shift to Microsoft 365 as a service prompted our IT managers to rethink their approach to change management.

Microsoft Digital storiesWhen Microsoft 365 became a service, the way IT managers needed to think about change management had to change, and dramatically so.

“We were no exceptions,” says David Johnson, principal product manager architect, who leads the team that governs how Microsoft 365 is deployed across Microsoft. “Microsoft 365 started changing every day, and we needed to figure out how to keep up.”

The transition to living in this new Software as a Service (SaaS) world was further complicated by the global pandemic and ever evolving work style changes. The ongoing pandemic and its uncertain duration meant that organizations had to remain agile and responsive to the shifting needs of their workforce. IT teams had to continuously evaluate and implement new technologies and cloud-based solutions to facilitate remote collaboration, enable seamless communication, and maintain productivity. As a result of remote work, employees embraced asynchronous workflows, allowing for flexibility around when and where work could be completed.

Now with the help of generative AI, employees can utilize products like Microsoft 365 Copilot and Teams Meeting Recap to reduce meeting fatigue and prioritize workloads.

To learn more about generative AI improving the employee experience, check out our spotlight on the digital transformation series.

The pressure on IT administrators at Microsoft and everywhere increased tremendously.

It’s a hot topic for customers—how do I decide what I’m going to turn on for my company effectively? From an industry perspective, this is a fairly important conversation.

—David Johnson, principal product manager architect, Microsoft Digital

Johnson poses outside in front of an ocean view; he is smiling towards the camera in a navy-blue polo shirt.
David Johnson is guiding Microsoft’s change management approach to deploying Microsoft 365 products internally. (Photo by David Johnson)

“This was a lot to absorb for an industry that had previously thrived on consistency, reliability, and predictability,” says Johnson.

Change became the new constant, and dealing with that level of change is something everyone is still getting used to.

“It’s a hot topic for customers,” says Johnson, whose team has been at the forefront of both the industry shift to the cloud and the tech demands of a new mobile workforce. “How do I decide what I’m going to turn on for my company effectively? From an industry perspective, this is a fairly important conversation.”

Microsoft Teams alone has hundreds of new features and changes in development at any given time. The rest of the Microsoft 365 suite—which includes Microsoft Office apps, hosted email, and the Microsoft SharePoint glue connecting it all—has also seen rapid changes.

Johnson’s goal was to handle the change management for all Microsoft 365 products in the same way. His team’s approach falls along getting three things right: initial triage, putting guardrails in place to allow innovation, and staying current on the latest news.

Triage for an upcoming change

IT administrators largely control what changes become available to employees, who in the workforce can see those experiences, and how to configure for them. Sometimes updates are relatively easy to deploy, such as adding the ability to raise a virtual hand in a Microsoft Teams meeting. Other times, they might involve trickier issues such as artificial intelligence or data mining—and then the concept of triage becomes paramount.

Broadly speaking, Microsoft’s internal triage involves two basic concepts: developing a posture—a set of IT principles for your company—and ensuring that features or change management fit within that posture. A posture could define the levels of security and data privacy needed, for example Microsoft 365’s compliance capabilities, such as data loss prevention (DLP), information protection, and eDiscovery, allowed major financial institutions to align their IT environment with their defined compliance posture. They implemented robust data protection measures, including encryption and access management, to safeguard sensitive financial information. Additionally, they used advanced threat protection features to detect and respond to potential security incidents proactively.

When that posture is in place, triaging against it becomes easier. The first step is to evaluate what’s coming and determine how significant the change is, then run the change through a series of questions that reflect a company’s IT posture, such as these:

  • Does this need a security review?
  • Do you need to run this by your privacy experts?
  • What are the legal implications of turning this feature on?
  • Does your human resources team need to be involved?
  • Will the workers council or union need to be involved?
  • What is the IT manageability impact? Are there any IT resource impacts?
  • Are there employee experience implications that you’ll need to communicate?

[Transforming Data Governance at Microsoft with Purview and Fabric. Discover implementing a Zero Trust security model at Microsoft. Explore how Microsoft creates self-service sensitivity labels in Microsoft 365. Unpack upgrading Microsoft’s core Human Resources system with SAP SuccessFactors.]

Guardrails to encourage innovation and collaboration

Microsoft spends a lot of time talking about privacy and security, but just as crucial to the company are the creativity, innovation, and collaboration that take place within its workforce.

One of Microsoft’s most important postures is maintaining the sometimes tricky balance between protecting employees and allowing them to chat freely and to share files and collaborate across multiple platforms. To keep that balance, the company relies on the concept of guardrails that maintain security and privacy while giving people room to move.

One way to test the balance between security and innovation is by using an internal ring structure to deploy change management. There is a natural first ring of testers comprised of the engineering and supporting teams that worked closely with the solution. The internal ring structure allows the people who are most familiar with the solution to validate it before it’s shared with the second ring.

The second ring of initial users is where some of the most important testing takes place, and as a feature matures, it gradually sees broader distribution. At Microsoft, a group of employees who are enthusiastic about new features has signed up to see early deployments. That group, called Microsoft Elite, often comprises one of the earliest rings.

The ring structure can be used for any IT department that wants to slowly roll out changes and monitor the effects prior to impacting users on a broad scale.

“The team that manages the deployment of Microsoft Exchange internally at Microsoft uses rings to try out new features before they are broadly deployed across the company” says Nate Carson, a senior service manager who helps manage the company’s internal use of Microsoft Exchange.

“It lessens the impact to the broader company by doing it this way,” Carson says.

Using rings to try-it-before-you-deploy-it also gives security and data privacy teams more time to assess the impact of a new feature. That’s crucial for change management in the era of relentless hacking, ransomware, phishing, and other security attacks.

Companies need to be more aware of software features that are being released and understand how they might impact digital security.

—Lee Peterson, principal manager, Microsoft emerging technology standards and assurance

“There is an explosion of data and really an explosion of hackers trying to get at your data,” says Faye Harold, principal program manager for information protection services on the Digital Security and Resilience (DSR) team in Microsoft Digital. She spends most of her time thinking about hackers and trying to outwit them. Because the end user is the last line of defense for information security, she also watches how those users respond to new features. “It’s mind-boggling how many attack vectors there are, and it’s all centered on people and their identities,” Harold says.

“Microsoft has a set of security principles it has shared with product groups”, says Lee Peterson, principal manager in DSR for emerging technology standards and assurance. There are expectations around data protection, and when a change or new feature is coming down the pipeline, he watches to see how it might impact the company’s security posture.

“Companies need to be more aware of software features that are being released and understand how they might impact digital security,” he says.

Staying on top of the news

The events of the pandemic show how quickly things can change for companies of all sizes. That’s why it’s important to be aware of the latest communications from software and service developers. Microsoft relies on a Microsoft 365 Message Center to keep customers aware of changes that impact the Microsoft Office 365 environment. It’s a link on the left side of the admin portal, and it provides important news, detailed information, and visual indications of items that require an administrator’s attention. It can describe the specific actions that administrators need to take for change management and the timeframes for those changes.

“Another way to stay current on products and features is by checking in with the docs.microsoft.com site” says Darren Moffatt, senior service engineer for Microsoft 365.

“It’s pretty much our encyclopedia of everything Microsoft,” Moffatt says. “It can be super technical, but it can also have good documentation on simply how a feature works from a visual perspective. So my advice is: if there are customers, especially admins that have not made reviewing docs.microsoft.com part of their cadence or made a habit of checking it out and going to it as their reference, do that.”

Microsoft has made it easier for organizations to handle their Message Center with the help of Planner. By bringing the Message Center and Planner together, companies can now evaluate if a message could potentially affect their operations. This integration allows them to quickly assess the importance of each message and assign it to the right person for further review if needed. With Planner’s assistance, the triage process becomes smoother, ensuring that all relevant messages are carefully examined and addressed promptly.

Learn more about staying on top of important announcements from the message center with Microsoft Planner.

The changing face of IT

As the modern workforce continues to shift productivity and resources to the cloud, IT is no longer just focused on tech support. It’s now deeply involved in business enablement and improving the bottom line.

IT historically was separated into silos. The Microsoft SharePoint people were in one, and the Microsoft Exchange people were in another, and everyone had their distinct roles. But those boundaries have come down as software has enabled more collaboration. Now, working in IT means having knowledge across disciplines, and Microsoft wants to immerse employees in different areas and give them experiences that help build broader skill sets and handle change management, Moffatt says. So, when change comes at you fast—as it often does—more of the team is ready to respond.

“Microsoft has also really pushed everybody so that every quarter you don’t just get to sit on your laurels,” he says. “You do have to be very clear about how you’re going to learn and grow as an employee.”

Employees don’t see the boundaries between the services, according to Johnson. They see the boundaries across scenarios, and those scenarios are now starting to blend.

“All of these services converged because our employee scenarios converged,” he says. “Collaboration doesn’t start or end at a meeting. Voice call is no longer just a voice call; it’s now a chat and files that you’re sharing. That’s why you converge a lot of these experiences to enable effectively a more complete package for your employees.”

In a broader context, continuous improvements in change management, security, and collaboration facilitated by Microsoft 365 can indirectly contribute to enhancing AI experiences. As organizations adopt efficient change management practices, stay updated with the latest features and updates, and strike a balance between security and innovation, they create an environment that is conducive to leveraging AI technologies effectively. This allows organizations to embrace AI-driven solutions, streamline processes, and deliver more personalized and efficient AI experiences to their users.

Key Takeaways

  • Evaluate upcoming changes ahead of schedule. Consider factors like security, privacy, legal compliance, HR policies, and IT manageability to ensure a smooth transition.
  • Stay informed about the latest news and updates that impact your service environment.
  • Gradually deploy changes using a ring structure, starting with internal testing and expanding to a broader audience.

We'd like to hear from you!
Please share your feedback with us—take our survey and let us know what kind of content is most useful to you.

Related links

Recent