Do not miss new blog posts! Subscribe to new posts, news, and updates.

Thank you

M365 governance as foundation for innovation

Updated: Apr 9

Information is the new oil - it can be used to add value, reduce costs, manage risks, and disrupt competition. But for many organizations, a lot of their corporate information is out of reach and difficult to find.


Cloud platforms as a game changer


With a hosted architecture, companies often had to buy a myriad of on-premise or software-as-a-service document management, records management, and archiving solution to meet different business needs. According to AIIM research 5-6 years ago, 43% of organizations had at that time four or more information systems in use, more than 70% of organizations had one or more versions of SharePoint, and 62% still relied on file shares. The consequence is that information get lost in silos resulting in poor findability and difficult to ensure security and compliance across an enterprise.

From content silos to a secure and compliant platform

In the cloud era, it is possible to adopt a secure and platform to manage the information, and then enable the business to build or buy solutions on top of the platform while the information is managed in the platform.


Please note that a corporate platform will require corporate standards. If you allow different business units to define their own security and compliance requirements, then this will create a lot of complexity and costs for managing the different requirements in one corporate platform. The corporate requirements should instead cover the toughest local requirements.


What platform to choose?


If work happens now in Microsoft 365 (M365), then this should be the first option to consider to manage your information. M365 then becomes your platform for innovation. It is not a one-size-fits all, - it is instead a corporate foundation for managing the information that enables the business to buy or build solutions on top of the platform to meet business needs. Many companies have therefore started to replace the silos with M365 (see below AIIM research):

AIIM research

Why M365 governance?


If most of the information will soon be in a cloud platform, its then important to not create the same silos as in your on-premise systems.


Ensure information availability, trustworthiness, and completeness:

  • Is it easy for people to find the correct Teams or site to store or discover information? (E3)

  • Is it easy for people to find all relevant information across multiple Teams or sites? (E3)

  • Is it easy for people to trust the information they find in Teams and sites? (E5)

Reduce operational risks and costs:

  • Is M365 compliant with business requirements for defining information ownership, security classification, retention, etc? (E3/E5)

  • Is M365 compliant with regulations like GDPR defining how information about people should be managed, e.g. data minimization and storage limitation? (E5)

  • Is M365 compliant-by-design, e.g. not require users to manually identify, capture, and classify all records? (E5)

  • Is M365 able to replace legacy content management systems to reduce costs and risks, e.g. records management/archiving? (E3/E5)

A lot is possible with the E3 license, but some things require the E5 license (either E5 Information Protection & Governance add-on license, E5 Compliance add-on license, or E5). The cost of this can often be covered by the savings from replacing legacy systems.


Microsoft Records Management is now mature enough to manage records from both M365 and Line of Business Systems. As an example, here is a Microsoft case study about a client of ours that came to this conclusion after testing many of the leading records management solutions.


Based on your goals, we at Infotechtion help you establish an information architecture as foundation for automation.

M365 information architecture

M365 as foundation for innovation


M365 is the foundation, and you need to enable, educate, and empower the business to build or buy solutions on top of M365 to meet specific business needs, e.g. Case Management, Contract Management. Open up for "citizen development" with no code low code solutions, e.g. PowerAutomate to automate tasks, PowerBi to get insights. Let the business buy or build solutions on top of M365.


Try to avoid 3rd party M365 add-on products that do not support or enhance Microsoft security and compliance platform features like record labels, label policies, and auto-classification. These IT vendors offer instead their own way to manage documents and records from M365, and the consequence of this is that you don´t benefit from the ongoing Microsoft innovations and improvements.


Go for M365 add-on solutions are application layers, like Meeting Decisions. They provide apps on top of the M365 platform with security and compliance managed by the platform. This is the type of add-on products that you should consider to meet specific business needs. Let the information be managed by the M365 platform to ensure compliance and security.

To avoid creating a future problem when buying M365 add-on products, ask yourself the following questions:

  • Is the 3rd party storing your data or information about your data outside of M365?

  • Is the 3rd party addendum complimenting or enhancing an existing M365 feature ?

  • Is your data at risk if you ever wanted to discontinue your relation with the 3rd party add-on?

  • Does the 3rd party solution depend on any Microsoft features which will require remediation or upgrade if Microsoft were to change or discontinue?


Why should I get Infotechtion to help me with this?


When you buy software as a service, then information is the lasting asset to manage

  • Microsoft 365 Governance design partners with Microsoft engineering

  • Practitioners in migrating legacy content and records management systems to Microsoft365

Shorten the time-to-value by 50%+

  • Leverage lessons learned to reduce the time it takes to evaluate and implement M365 information governance and records management

  • Design-templates to quickly define required metadata, access, and retention configuration

  • Test environment to allow customers to experience what the design will mean for users and admins

Ensure project success

  • We already know what works/what doesn´t work with M365

  • Focus on aligning people, processes, and technology


Recommended reading




308 views