Welcome to the second part of my series on mergers and acquisitions (M&A). This part focuses on how to enable secure communication and collaboration in your environment. My last article went over the importance of preparing for your Day One and taking care of identity management. Now let’s discover the next four steps!
As per my last article, there are six key items you need consider to ensure a successful merger. And, as always, the cloud is here to help! Let’s find out how.
Once you are done with the identity exercise, we need to focus on the collaboration elements between organizations. Collaboration here is a broad term. It covers the following:
Let’s briefly go through each of the above.
Yes… still king. Even with the recent availability of new communication tools (Slack, Teams), e-mail still has a special place in business. People will likely complain if that channel is not properly handled.
So that’s where we need to start. You will likely inherit two sets of separate email systems. Be it on-premise or in the cloud, it is unlikely that you’ll want to merge them on Day One. Why, you ask? Because e-mail migrations are complex, and we have much to accomplish on Day One. So, the first thing you need to deliver is address book synchronization. This let people can find each other in directories. By the way, it might surprise you to learn that Office 365 still does not deliver address book synchronization in the cloud. Luckily, there is an easy solution: use Microsoft Identity Manager Synchronization Service! It is free! Not all people know about it, but the synchronization engine of MIM is included with the Windows Server license, and you can use it.
Microsoft Identity Manager (MIM) is a tool that handles the following:
You don’t need other tools. MIM is available, free and proven to accomplish this task.
This one is easy. It is built into Office 365 and provided as a service for Exchange on-prem. It only requires configuration on both sides.
This one is a bit tricky, and I can’t prescribe a solution in this article. Why? Because every situation is a little different. What you need to consider is the following:
This is not a complex task, but it does require some planning.
Now that we’ve taken care of e-mail, we can move on to document collaboration! In most M&A cases, you wont need full document access on Day One. (i.e. access to all file shares and libraries). The one requirement that we often see is one for a shared space accessible to users on both sides of the M&A.
With the identity scenario already solved with Azure AD, you are left with one easy-to-deploy option: SharePoint Online.
Keep in mind, this doesn’t need to be a full SharePoint deployment. You can create a shared space in one of the tenants of Office 365 or establish a tenant related to one of Azure AD’s for document collaboration.
From an access perspective:
Access management-wise, Office 365 with Azure AD B2B are proven to be a reliable way of establishing secure access before you fully merge the environments.
When it comes to Azure AD B2B (we will get back to it in a moment), there is one requirement that you need to cover: invitations (or synchronization) of users across tenants for B2B collaboration.
Here are two things that simplify this:
There is a chance that you may not have, or want, SharePoint Online. Or still, you may have existing SharePoint on-premises and want to use it for collaboration. What to do then?
Our scenarios still apply. They make it easy and fast to establish collaboration because we have Azure AD:
We can use two additional elements to enable people to work in on-premises applications scenarios:
If you’re wondering how to synchronize Azure AD B2B guests to your on-prem AD, then you probably already know the solution: use MIM’s synchronization engine. Synchronization of B2B guests is one of the built-in scenarios in this tool.
With these elements, you have enabled users to:
You get all this without even touching on-premises networking or establishing trusts in AD on-prem. Fast and easy!
Sounds good, but what if we need to have some services that touch the network on both sides of the M&A? You’ll need to think about the following:
True. Sooner or later you will come to a point where you will need to establish network connectivity between organizations. But you don’t need to do it at the network infrastructure level, which might be tricky (think about network addressing, DNS namespaces, firewalls on both ends, etc.). We consistently find that using Azure IaaS networking will quickly establish network access. This simplifies and accelerates the whole process and provides a good level of control and security.
Azure provides all the required networking elements as a service. You need to complete the following:
This approach is much faster compared to an attempting to deploy a new configuration with the network team and infrastructure on both sides of the network
Remember, the above steps enable you to spin up an early “Day One” environment and services and enable your M&A entities to collaborate early on in the process. The authentication and access layers are defined in Azure AD, as well as the the services you’ve deployed. Now it’s time for the hard work to migrate all users, mailboxes, and lastly, the one that causes all the issues – services and apps.
But with all the steps covered by this article, you are in good shape for it!
Once you have your early environment stood up using cloud services, it becomes much easier to manage data and users across the M&A. As for the users, nothing changes. They still access things in the same way. We just changed their location!
On-premises tools and migration process are well established. If you need to migrate and merge Office 365 – that’s a different story. There are many tools out there that make that whole process easier. But with proper planning, it can be done smoothly (we know! We’ve done it already!
M&As are not hard, but they require lots of planning and execution with a strong focus on end-user experience and making changes with little disruption of services.
What might not be obvious is that cloud solutions make this whole process a lot easier. Keep the following in mind:
Don’t forget: if you need help with this process, you know whom to call? (No, it is not Ghostbusters!)
Your ticket time resolution is taking too long, new issues are coming, but you are tied by a pile of incidents that are ...
I covered security in GitHub last time. But some of you likely use Azure DevOps for building your products, so let’s t...