Office 365 Privileged Access Management: Too Flawed and Too Exchange?

Poor Fit and Finish Within Office 365 at Times

Yesterday, we discussed Microsoft’s decision to withdraw their plan to send email to Office 365 end users after receiving strong feedback from customers. Today’s Petri.com article discusses the introduction of Privileged Access Management (PAM) for Office 365. In writing the article, I wondered if some of the effort expended by Microsoft on plans that customers have never asked for might not be better used to refine some of the obvious flaws in important systems like PAM.

It’s at times like this that I wonder just how well the fabled DevOps model really operates when it comes to creating solid software. Almost every day, I seem to run into something inside an Office 365 application that doesn’t work as well or as smoothly as it should. The fit and finish of Office 365 can be pretty bad at times – the infamous tendency of the Office 365 Admin Center to barf because of cookie problems is just one example of what I mean. It seems like the rush to deliver features is all-encompassing and the need deliver quality is of secondary consideration.

Although Microsoft must take the majority of the blame when the standard of their software slips, customers are also at fault because we accept the problems. Or at least we don’t protest as much or as often as we should.

The Future of PAM

Getting back to PAM, I like the idea of controlling elevated access very much and think it’s good that Microsoft is introducing some of the experience gained from their internal Office 365 operations into the product. What’s not so good are some of the flaws that are obvious, most of which I am sure Microsoft will move to eliminate now that they’ve been highlighted. More strategically, I wonder how the current Exchange-centric model can be brought forward to cover the rest of Office 365 when applications don’t have the rich RBAC control system that’s been developed for Exchange for nearly a decade.

I’m sure the developers have plans for progression and it will be interesting to see how PAM expands to deal with SharePoint Online, OneDrive for Business, Teams, Planner, Yammer, and anything else that comes long. We’ll see in time.