Unpacking the 2025 Microsoft 365 Benchmark
In this latest episode of “Guardians of M365 Governance,” MVPs Christian Buckley, Joy Apple, and I were joined by fellow MVP Richard Harbridge from ShareGate to dive deep into their latest Microsoft 365 benchmark report. What we discovered might surprise you — and it definitely challenges some conventional thinking about migration and governance in the modern workplace.
📈 Core Growth Lever: Retention & Operations
The primary focus of this video is on operations and retention through a lens of governance and security in Microsoft 365. The speakers repeatedly emphasize that while companies are migrating to the cloud for new features like Co-pilot (acquisition), they are running into significant challenges with data security, sprawl, and compliance. The core message is that if you don’t govern your data properly, you will not retain the value of your new tools. The discussion also touches on internal change management and user adoption, which are key to operational success and long-term retention.
⚙️ The Repeatable System
The “machine” described in the video is a continuous data governance lifecycle, not a one-time migration event. It’s an ongoing system that relies on three core components:
- Assessment: Continuously assessing the environment to identify gaps in data security, organization, and compliance. This includes understanding what data is being created and where it resides. The speakers note that most organizations, even with cloud-first strategies, are failing at this step, often relying on manual scripts instead of purpose-built tools.
- Remediation: Taking smart, quick, and repeatable action to fix the identified gaps. This involves automating processes to correct security misconfigurations, clean up data sprawl, and apply consistent policies. The video highlights that this is a critical step that cannot be done effectively with native, out-of-the-box tools.
- Education & Culture: Fostering a culture of shared responsibility and proper tool usage. This means shifting the mindset from a one-time migration to an ongoing change management process. The speakers mention the risk of “shadow knowledge management,” where users, out of fear of oversharing, create silos of data in personal drives, which ultimately undermines the value of AI tools like Co-pilot for the entire organization.
💰 Hidden Costs
The video reveals several hidden costs and risks associated with a lack of a proper governance strategy:
- Time & Team Size: Relying on manual scripts and built-in tools is time-intensive and requires a larger, more dedicated IT or governance team. The video indicates that only 1% of organizations are using purpose-built tools to solve these problems.
- Tech Debt: Poorly managed migrations and data sprawl create significant tech debt. This manifests as security vulnerabilities, difficulty in scaling new technologies like Co-pilot, and an inability to track data lineage.
- Churn Risk: While not explicitly about customer churn, the video highlights a significant risk of platform and data value churn. If users are not confident in the security and accuracy of the corporate data, they will use external, ungoverned tools (Shadow AI), which defeats the purpose of the initial investment. This also leads to poor decision-making due to incomplete data sets
- Direct Fines: Although not stated directly in the provided transcript, the speakers hint at the risk of regulatory fines and penalties due to non-compliance when they mention auditing and being brought in to “get things back on track” after a company has incurred fines.
🗓️ 90-Day Execution Plan
This plan is focused on building the foundational systems and culture necessary for scalable growth.
- Week 1-4 (Validate):
- Secure the Perimeter: Conduct a rapid audit to identify and lock down critical security and access control gaps. Focus on external sharing policies and permissions.
- Map the Mess: Use an assessment tool to get a full view of your current data sprawl. Identify and categorize data based on sensitivity and ownership.
- Align the Stakeholders: Form a small, cross-functional “Governance Task Force” from IT, legal, and key business units to review the audit findings and prioritize initial remediation efforts.
- Week 5-8 (Scale):
- Implement an Automated System: Deploy a purpose-built governance tool to automate remediation of identified issues. Start with a small, high-impact area, such as a specific department or project team. The video suggests a team-based piloting model for success.
- Start the Conversations: Launch a change management campaign. Communicate with employees about the risks of Shadow AI and the benefits of proper data management. Frame governance as an “efficiency driver” that empowers them to get better results from new technologies.
- Clean and Consolidate: Begin the process of consolidating data from legacy systems and personal drives into governed, shared locations within Microsoft 365.
- Week 9-12 (Optimize):
- Measure and Report: Regularly report on key governance metrics to the Governance Task Force. Show progress on reducing sprawl, improving security, and increasing data visibility.
- Iterate the Process: Use the feedback from the pilot team to refine policies and automation rules. The video emphasizes that this is a continuous process, not a one-time event.
- Expand the Program: Begin rolling out the governance program to new teams, using the success stories and learnings from the pilot group as a blueprint for scaling.
🚩 Red Flags
- Over-reliance on Native Tools: The belief that Microsoft 365’s built-in tools are sufficient for governance is a critical red flag. The video makes it clear that they are “not sufficient for our needs” when it comes to scalability and automation.
- Lack of a Single Owner: If no single leader is accountable for governance, the project will fail. Without a strong executive or IT sponsor, the initiative will lack the necessary budget and buy-in to succeed.
- Treating it as a “Project,” Not a “Product”: Viewing governance as a one-time migration project with a defined end date, rather than a continuous operational product, is a guaranteed path to failure. The video explicitly states that it is an “ongoing change management activity”.
📈 One Metric That Matters
If you track nothing else, track this: % of corporate data residing in governed spaces.
This metric directly addresses the central problem discussed in the video: the tension between consolidation and data sprawl. A rising percentage indicates that the business is successfully migrating data from legacy or personal silos into a governed, shareable environment where it can be leveraged by the entire organization and new technologies like Co-pilot. It is the leading indicator of success for all other objectives.
Watch our Discussion on YouTube
Listen to our Podcast
Talk to us at HanseVision about your requirements and questions about Power Platform, M365 Governance, Copilot (Studio) and Agents Governance!
Find my Calendar here and check out our OnePager about M365 Governance.
