Skip links

Getting security and governance right during tenant-to-tenant migrations

Getting security and governance right during tenant-to-tenant migrations

Last Updated on

No two tenants are ever identical in their deployment of features, functionality and settings. A big part of tenant-to-tenant migration is reconciling these security and governance differences to create a robust, secure and compliant tenant at the end of the day. 

While opting for the lowest common denominator is an all-too-common “solution” to this challenge, some areas are less forgiving of this approach than others. Security and governance is a prime example. 

Here are just a few of the security- and governance- related challenges that often crop up during tenant-to-tenant migrations, along with some of the potential pitfalls – and opportunities – they create. 

Common security and governance differences to look out for in a tenant migration

Licensing 

Microsoft’s various licence tiers come with very different security features and facilities. That means two tenants with different Microsoft licences will almost never have the same cyber security and information management elements at play.  

Rather than simply opting for the more comprehensive licencing (and potentially overpaying for functionality you don’t need) we suggest taking the time to reassess licence requirements within the target tenant’s context. That means compiling a comprehensive list of the features and functionality necessary to meet your specific regulatory and governance requirements, and then selecting the licence that best fits these needs, regardless of what was in place before. 

It’s a great way to make sure you’re getting full bang for your licencing buck, and have exactly the right level of control and flexibility in your new environment.  

Security settings & information management policies 

Even if your tenants have identical licencing, chances are they’ve deployed the various features and settings quite differently. These variances (usually driven by different regulatory/governance environments and/or information management maturity) are commonly found in:  

  • Identity and Access Management 
  • Authentication Protocol 
  • Mobile Device Management 
  • Teams Administration 
  • Internal/External Sharing Policies 
  • Labelling and Retention Policies 

Choosing which security and governance settings and policies to carry over during a tenant-to-tenant migration is a delicate process that often has knock-on effects to user experience. (Just finding all the tools and options available can be daunting if you don’t know Microsoft’s various admin centres and interfaces backwards.)  

A professional partner can be invaluable in this process for a number of reasons, including: 

  • Hands-on knowledge of best practices within various industry verticals 
  • Deep knowledge of all available settings and the wider impacts they may have 
  • The ability to recognise and highlight potential policy shortfalls 
  • The ability to drive conversation between IT and business for effective decision-making 
  • The experience to knit project teams together 
  • A comprehensive understanding of user experiences and proven techniques to assist in change management 

Security and governance is at the heart of everything we do

With so many different – yet interrelated – elements at play, finding the right balance between source and target tenant security stances can be a real minefield. The consequences of getting it wrong can be catastrophic, which is why we strongly recommend using a professional partner to at least lay a strong security foundation for your target tenant. 

At Cloud Essentials, we offer a Security Baseline Workshop that will: 

  • Review your current security posture 
  • Review your data governance and privacy policies 
  • Highlight any gaps in security or policy 
  • Activate and optimise all relevant security settings 
  • Advise on security best practices 
  • Recommend next steps to improve security and data governance in future 

It’s our way of helping you to make best use of the options you have available to you while plotting an achievable roadmap for future improvements to get your security and governance posture where it needs to be. 

Get in touch to find out more.