Office 365 is not enterprise ready, it’s a consumer product
Four years ago Microsoft went global with its all-in bet called Office 365. At this time Microsoft introduced also its new strategy called CloudFirst and tried to push everyone to its new strategy. Sometime later, the strategy had to be renamed to CloudFirst, MobileFirst. On the same time Yammer has been bought and suddenly everyone recommended to roll it out. Beside the strong strategy commitment from Redmond, surprisingly Microsoft Partners and consultants all went into the same delirium off pointing out how amazing, how great and how successful those new cloud services are.
Four years later, we are sitting here and the service is still not enterprise ready and it’s getting even worse. After thinking and wondering why this happened, I finally realized that Microsoft is using all his energy to compete against Google and Apple, which basically reduce all their innovation power to consumer based products.
The Single-Sign-On lie
Microsoft is announcing everywhere single-sign-on to Office 365. Unfortunately instead of providing really single-sign-on, which means a user is signed in without doing anything, a new definition of Single-Sign-On is provided. That means being forced to enter the e-mail address is called Single-Sign-On.
A company can setup the full Microsoft stack with ADFS, DirSync and users are still regularly asked for their e-mail address. After entering it, they are redirected to the ADFS server and automatically logged in. How Microsoft recommends to implement this properly is the usage of smart links.
All this workaround result in the case that in an enterprise scenario large extra effort to educate and to support end-users needs to take.
Here are all the details and ugly workarounds: http://community.office365.com/en-us/w/sso/358-using-smart-links-or-idp-initiated-authentication-with-office-365.aspx?Sort=MostRecent&PageIndex=1
The Yammer desaster
Yammer is not integrated into Office 365, neither into SharePoint Online or SharePoint on-premises. Even if somebody tells something else, it’s not true. See the common setup scenario: https://support.office.com/en-ca/article/Yammer-App-for-SharePoint-Add-a-Yammer-feed-to-a-SharePoint-page-8023e402-5ca3-4ef4-a2da-37215aa75f49
Multiple examples can proof this point:
the security of a Yammer group is not connected to the SharePoint team site security. That means you can have access to a Yammer group without beeing able to access the related SharePoint team site, or vice-versa. The new approach of using Groups, makes it even more in transparent.
for Yammer has still to be implemented separately. That means you need to configure two times ADFS, once for Yammer and once for Azure AD / Office 365.
- SharePoint / Yammer integration
Yammer feeds are integrated into SharePoint sites with an IFrame. This means sizing and reasonable design is impossible. Not to mention that on a mobile phone, you should even not consider to use it.
- Alerts are enabled by default and this can’t be changed
If you rollout your enterprise on Yammer, the alerts are setup by default and you guarantee that all your employees will get some spam into their inbox. There is no API or other possibility to turn it off. See: http://community.office365.com/en-us/f/176/t/197533.asp
- File Sharing
Finally it’s possible to share files on Yammer, SharePoint Team sites and Groups. Users will need a training to know where is the right place to share.
- Mobile device integration
Yammer can not be used in combination with mobile device management tools, because there is SDK integrated. Not to mention that the Windows Intune SDK is also not integrated, right now. That means Yammer can not be secured correctly when using one of the leading MDM products.
Yammer is still not running in the same data-center as Office 365. At least in May 2015 its moved to Microsoft data-center in the US. See: http://community.office365.com/en-us/w/yammer/5920.yammer-datacenter-migration-and-downtime-on-may-16-2015.aspx
- Discontinuation of Yammer App
Suddenly it has been announced that the Yammer App will be discontinued. The recommended way to integrate Yammer into SharePoint survived 2 years.
Microsoft is changing Office 365 very rapidly, which means every three month or even faster you get new features.
- User Interface Changes
That means in an enterprise environment, documentation, training materials and support know-how has to be updated on a six month pace. In addition all employees need to follow-up and will get some additional stress / workload by a steady changing system.
Some new features are just pushed out, and there is no choice if an enterprise want’s to use those or not. For example the new Group feature had been enabled in Outlook Online without any choice and somewhere the information go published that new groups can be turned off by PowerShell. See: https://support.office.com/en-US/Article/Disable-Group-creation-cf0889c0-b287-4f45-bce7-42e30963f1f3?ui=en-US&rs=en-US&ad=US
Another example Microsoft gave enterprise two years to move away from public sites (See: https://support.microsoft.com/en-us/kb/3027254/), and normally this means in Microsoft terms that there will be no change, bug fix and very limited support for it. Each and every enterprise planned with the feature got the information some weeks before it has been turned off for new sites.
Azure Active Directory Sychronization
this has never been tested with a normal enterprise setup and seems to be designed for small business.
- Proxy server authentication
doing the setup for proxy with authentication is very complicated and needs a lot of special know-how. It’s even not sure if the setup is really supported. This is due to the fact that the setup is not asking for the account which will be used to run the service and the command line parameters for doing it, are not working right now (bug).
- Already that there is a support article for anonymous proxy tells a lot: https://support.microsoft.com/en-us/kb/2517393/
- In this post the recommendation is to install a third party open source software called CNTLM in between. This is highly not recommended on such a sensitive part of your infrastructure: http://blog.kloud.com.au/2014/12/19/using-a-proxy-with-azure-ad-sync-services/
- One way of doing it, is changing the service account and encryption key, but this is rather complicated and not comments from Microsoft: https://jorgequestforknowledge.wordpress.com/2014/09/25/changing-the-service-account-andor-security-groups-for-azure-ad-sync-services/
- No group filter
it’s not possible to sync only users belonging to a specific Active Directory group. Only filters based on certain Active Directory attributes can be set, unfortunately not the “memberOf” attribute. When you are located in Europe and sync all users to the cloud you can end-up in a financial risk of up to 2% of the annual worldwide turnover of your company. The GDPR is still in development. More details http://en.wikipedia.org/wiki/General_Data_Protection_Regulation
- No preview for attribute filter
the setup of the attribute filters is rather challenging and at the end you don’t really know if it works. A preview of what will be synchronized as for example the Excel PowerPivot import is providing would be a big step ahead. Otherwise it means with a high probability that an enterprise firstly synchronizes unwanted data to the cloud and then the GDPR challange is again there: http://en.wikipedia.org/wiki/General_Data_Protection_Regulation
Unclear Throttling limits
There is not too much information of when SharePoint or OneDrive will stop working and reply with a 429 status code for a certain user. This will result in challanges across all systems, as when throttling is activated the requests will be dropped for a certain amount of time. On a StackExchange articles somebody is stating that 1 request per second continously will activate throttling (http://sharepoint.stackexchange.com/questions/116639/api-calls-limit-for-office365-rest-apis-sharepoint-onedrive). It’s unsure how third party application are currently implementing this things, but normal analayzing tools are sending more requests. The official Microsoft statment is even more imprecise: https://msdn.microsoft.com/en-us/library/office/dn889829.aspx#BKMK_Whycantyoujusttellmetheexactthrottlinglimits