M365 Feature deployment order

Alex Mags
Page content

M365 landscape by By Aaron Dinnage “M365 landscape by By Aaron Dinnage”)

From the excellent feature licensing chart by Aaron Dinnage, you can see the Microsoft 365 suite has so many productivity and security components. It’s difficult to know where to start. I’d like to suggest a roadmap for implementing M365 features and getting value out of M365 licensing. The roadmap would be based on dependencies (you need X before you can deploy Y) and it should be prioritised on business value. I also wanted to experiment with the MermaidJS library for creating dependency diagrams.

Results:

  • As an experiment with MermaidJS this was a complete success!
  • As a way to visualise M365 feature deployment order, not so sure. Even after splitting one giant diagram into six.
  • Unable to zoom on complex diagrams within the blog site template.

Overview

WorkspaceGovernance in this diagram refers to processes and tools to manage SharePoint/Team workspace lifecycle from provisioning to deletion. Automated provisioning with correct config, tracking workspace owners, membership access reviews.

flowchart TD Start --> HybridIdentity HybridIdentity-->EndPointManagement subgraph "Endpoint managament and M365 Apps" EndPointManagement-->DiskEncryption-->M365DesktopApps EndPointManagement-->MAMProtectedO365MobileApps end subgraph "M365 Online Services" HybridIdentity-->O365ExchangeOnline --> O365RetentionPolicy HybridIdentity-->O365SharePoint --> O365RetentionPolicy HybridIdentity-->O365TeamsChatAndCalls --> O365RetentionPolicy HybridIdentity-->WorkspaceGovernance WorkspaceGovernance-->O365SharePoint O365TeamsChatAndCalls --> O365TeamsCollaboration O365SharePoint-->O365TeamsCollaboration end %%WorkspaceGovernance-->O365TeamsCollaboration --> O365RetentionPolicy O365RetentionPolicy --> O365Backups

Hybrid Identity

This underpins all M365 services and must be configured first.

flowchart TD Start --> AADConnect %%subgraph "Hybrid Identity" AADConnect --> HybridDomainJoin subgraph "Azure AD Premium Plan 1" ConditionalAccess MFA SSPR PasswordProtection SharedAccountPasswordRollover ConditionalAccess-->TermsOfUse end subgraph "Azure AD Premium Plan 2" IdenityGovernance-->PIM IdenityGovernance-->AccessReviews IdentityProtection IdentityProtection-->RiskBasedConditionalAccess %%ConditionalAccess-->RiskBasedConditionalAccess end HybridDomainJoin --> ConditionalAccess HybridDomainJoin --> SSO AADConnect --> PIM AADConnect --> GroupBasedLicensing ConditionalAccess --> MFA SSO --> MFA MFA --> IdentityProtection MFA --> SSPR %%end

Endpoint Management

Required to secure data downloaded to PCs and phones. Required to deploy, configure and update M365 desktop apps. For PCs this could be a combination of Intune (device compliance) and traditional config management such as SSCM, Group Policy.

flowchart TD Start --> HybridIdentity --> IntuneEnrolment %%subgraph "Endpoint Management" subgraph "Windows Enterprise E3" DiskEncryption-->DiskEncryption IntuneEnrolment-->DefenderAntivirus IntuneEnrolment --> DeviceCompliancePolicies IntuneEnrolment --> MobileDeviceManagement IntuneEnrolment --> MobileApplicationManagement MobileApplicationManagement --> MAMProtectedO365MobileApps IntuneEnrolment --> MobileOSUpdatePolicy end subgraph "Defender for Endpoint p1 or Windows Enterprise E5" IntuneEnrolment-->DefenderForEndpoint DefenderForEndpoint-->BlockAtFirstSight DefenderForEndpoint-->EnhancedASR DefenderForEndpoint-->TamperProtection end %%end

M365 Apps (desktop software)

Applications deployed to PCs, configured and maintained.

flowchart TD Start-->HybridIdentity --> GroupBasedLicensing --> Office365Package HybridIdentity --> SSO --> Office365Package subgraph "M365 Apps" Office365Package Office365Package --> Office365SoftwareDistribution IntuneEnrolment --> Office365ConfigManagement Office365SoftwareDistribution --> ManagedDesktopApps Office365ConfigManagement --> ManagedDesktopApps ManagedDesktopApps-->Word ManagedDesktopApps-->Excel ManagedDesktopApps-->PowerPoint ManagedDesktopApps-->Outlook ManagedDesktopApps-->OneNote ManagedDesktopApps-->Teams ManagedDesktopApps-->Project ManagedDesktopApps-->Visio end GroupBasedLicensing-->Teams GroupBasedLicensing-->Project GroupBasedLicensing-->Visio

Office 365 Online Services - Exchange Online

Secured email services.

flowchart TD direction TB Start -->HybridIdentity --> GroupBasedLicensing GroupBasedLicensing --> ExchangeOnline EndpointManagement-->MAMProtectedO365MobileApps --> ExchangeOnline %%subgraph "Office 365 E3" RetentionPolicy-->eDiscovery eDiscovery-->ExchangeOnline ExchangeOnline --> TeamsMeetingCalendar ExchangeOnlineProtection-->ExchangeOnline %%ExchangeOnline-->DLP %%end ExchangeOnlineProtection-->DefenderFor365 SensitivityLabels-->DLP-->EndpointDLP DLP-->InsiderRiskManagement eDiscovery-->AdvancedeDiscovery ExchangeOnline-->VivaMyAnalytics subgraph "Office 365 E5" DefenderFor365 AdvancedeDiscovery CustomerLockbox InsiderRiskManagement VivaMyAnalytics EndpointDLP DefenderFor365-->AdvancedMessageEncryption DefenderFor365-->AntiPhishing DefenderFor365-->SafeAttachments DefenderFor365-->SafeLinks DefenderFor365-->PhishingCampaigns end

Office 365 Online Services - Collaboration

flowchart TD Start -->HybridIdentity --> GroupBasedLicensing HybridIdentity --> GuestAccountGovernance GroupBasedLicensing --> Teams GroupBasedLicensing --> SharePointSites GroupBasedLicensing --> OneDrive %%subgraph "Office 365 E3" Teams-->TeamsChatOnly Teams-->TeamsCollaboration Teams-->TeamsAudioConferencing Teams-->TeamsMeetingCalendar Teams --> VivaLearning TeamsCollaboration-->Planner SharePointSites-->Delve %%InformationProtection-->DLP %%OfficeMobileApps RetentionPolicy-->eDiscovery eDiscovery-->SharePointSites eDiscovery-->TeamsChatOnly eDiscovery-->OneDrive SharePointTenantConfig--> SharePointSites SharePointSites-->SharePointSitesInternalOnly SharePointSites-->SharePointSitesExternal SharePointTenantConfig--> OneDrive OneDrive-->SyncOneNoteToMobile OneDrive-->TeamsMessageAttachments SharePointTenantConfig--> TeamsCollaboration SharePointSites--> TeamsCollaboration TeamsCalls --> TeamsAudioConferencing %%end GuestAccountGovernance-->SharePointSitesExternal Teams --> TeamsTelephony Teams --> TeamsDLP eDiscovery --> AdvancedeDiscovery subgraph "Office 365 E5" TeamsTelephony AdvancedeDiscovery CustomerLockbox VivaMyAnalytics TeamsDLP end eDiscovery-->AdvancedeDiscovery