2021 marks the 10-year anniversary of Microsoft 365 (M365). Over the past decade, the service has become more complex, evolving as the number of M365 capabilities has expanded. As a result, M365 security has become broader as the number of capabilities has grown considerably in the Security & Compliance Center.

As the number of M365 users continues to increase at a rapid pace, complexity for both users and admins will increase as well. To break it down, in April 2020, Microsoft had 75 million daily active users. In just the past year, that number has shot up to 145 million daily active users, officially making Teams the most dominant workplace video/messaging app. While this sounds positive on the surface, this rapid adoption also brings new challenges, including the potential for service outages and security gaps – making Teams an appealing target for bad actors. Essentially, the more features that Microsoft adds to meet the needs of its growing user base, the more difficulty there will be across the board when it comes to using, deploying and troubleshooting.

Success brings attackers

To maintain its success long-term, M365 will need to continue evolving their solutions to meet new security needs at all levels, allowing organizations to continuously monitor all services in use. Users have an important role here as well – being knowledgeable and implementing updated security practices and tools from start to finish around infrastructure, application and user security.

This is nothing new for Microsoft, as there is already an abundance of layers in place to defend against phishing, ransomware, malware, and other advanced threats. However, as a result of the rise of serious breaches over the past few years including Colonial Pipeline, JBS Foods and even Microsoft Exchange, we should see increasing investments in machine learning features to improve end-to-end security. The benefits from these new investments will go far beyond security – they will inevitably help IT teams protect against known and unknown problems before they hit the end user. For example, any cloud migration protection features will aid in moving IT workloads with little to no disruption to end users.

As challenges continue to evolve with digital acceleration, it is difficult to know what the next decade will hold for M365, but based on the ever-changing needs of businesses changing customer demands, we should expect to see:

• Accelerated Productivity. Much like Microsoft Teams ushered in a new standard for application integration across several M365 workloads (e.g. SharePoint, Exchange, OneDrive), we will see a continuation of application integration in the M365 ecosystem, which will fuel more end-user productivity
• Automation. The capabilities and applications in M365 such as Power Automate will continue to evolve as the amount of data is growing faster than ever. As a result, the ability to automate and customize M365 applications to streamline business processes will accelerate.
• Custom Built Apps. Due to highly-specific customer needs, the app development experience in M365 – led by Microsoft Teams and SharePoint online – will continue to get easier and more powerful. Consequently, we will see more customizable apps developed by enterprises and citizen developers which solve specific business problems.

Microsoft has a lot to think about when it comes to security, but it goes beyond just Microsoft. Any organization can be vulnerable to a supply chain attack – even when its own defenses are solid, as attackers are exploring new methods to infiltrate organizations by targeting their suppliers. This isn’t a small number of cases. In order to compromise targeted customers, attackers focused on the suppliers’ code in about 66% of reported incidents. Recent attacks, such as the SolarWinds and Kaseya, underscore that we are all only as secure as our weakest link in the supply chain on all levels. All in all, the supply chain is a critical function of security and it's important for businesses to ensure each vendor/business is following security best practices.

As security concerns continue to grow over the next decade, Microsoft will have to diligently manage its own supply chain of external dependencies used to build and deliver M365 cloud services. However, companies can make their use of M365 more efficient by knowing what they have access to through careful management and inventory maintenance. If the next 10 years are anything like the previous 10, we can expect a lot of exciting momentum as capabilities are expanded to meet the specific needs of customers.