Office 365 and The Downside of “It Just Works” 

For a tech guy I am rather practical about my technology. I’ll take reliable no-fuss technology any day of the week over something better I have to tweak and fiddle with. That’s how I became an all-in Microsoft Office 365 and Azure guy…with an iPhone and an iPad. They just work!

Of course we all know some of the tradeoffs with our phones…whether it’s Google or Apple, part of the bargain to get that “just works” phone is handing over your location, your contacts, your habits, your search history, likes and dislikes and more on a 24x7 basis to the smartphone makers. If you knew that much about me, you could probably help me out with a few things too…

And so it goes with Microsoft Office 365. Well not quite the same. Microsoft… and I can’t believe how the tables have turned in my 20+ year tech career, is in the position of being one of the more trustworthy big tech vendors. But they are not totally innocent here. Office 365 “just works” out of the box. Literally anyone could get it set up for a business with a credit card and following the prompts. Some executives have done that before us IT people arrive.

The secret of the “just works” in Office 365 is that everything, and I mean literally EVERYTHING to do with reducing security, data sharing, or easy access is turned ON. For a cloud service, that means a lot. Share company data with anyone, let them log in from around the world with just a password, allow everyone to invite any guests to access the company, or let employees authorize 3rd party applications to access their account without a password. It’s all possible, and it all “just works” because in Office 365, every feature and every box is checked for you already. It’s a beautiful thing!

If you sense a problem with that…well you are very sharp. If every sharing feature is enabled, no company using Office 365 needs to make any decisions on what to allow. Our CEO over here calls it “Swiss Cheese” but I don’t even know what that means. What I think he’s getting at is it’s full of holes or something. Why would Microsoft do that? It’s simple really… initial customer satisfaction is far more important than security. If it doesn’t work right out of the gate without fiddling, the customer might go elsewhere, or simply perceive the product as difficult. And we just cannot have that.

Microsoft has made a lot of noise about securing Office 365. There is a “security score” rating, reminders and pop ups to administrators, and a whole host of half-baked “Artificial Intelligence” features to keep the baddies out. Most of it ineffective. Oh we all know what would be effective…uncheck some of those boxes by default, maybe start with the “share the HR files with Ukraine” box. But Microsoft will never do that, ever. Nothing that possibly challenges the “just works” will be allowed.

And so here we are. IT departments are stuck trying to keep up with every feature, every setting. And trying to get management to sit down and make a few decisions about “do we need this?” once in a while. Mostly it’s: Wait until you get hacked, then uncheck the box that let the hackers in. At Rx-IT we’ve been unchecking the boxes for a while. We’ve developed a Wellness Check process to go through your Office 365 and Microsoft Cloud, answer all the questions, and turn the features on and off based on the company policies, risk profile and workflows. We do it as part of our IT service and the changes we make cost nothing at all, It just needs to be done. I’d like to say this is what our industry is doing but the fact is most new customers we bring on are Swiss Cheese. If you haven’t reviewed your Office 365 settings in detail with your IT dept., you should be demanding they get up to speed on it and come back to you with a plan!