back to article Microsoft sees sense, will give Office 365 admins veto rights on self-service Power tools

Microsoft has done an about-face on its plan to let folks bypass their Office 365 administrators and purchase Power Platform tools willy-nilly for work. An updated FAQ by the Windows giant announces that, from November 19, Microsoft 365 admins will be able to disable the self-service platform, on a per-app basis, thus …

  1. Invidious Aardvark

    It's a start...

    But how about making it opt IN, since the current status quo is that noone can self serve. That way IT admins are consciously opting in for a service they require, rather than having to jump through some hoops to opt out of a facility they currently do not have and do not want.

    Plus, what happens when MS decide that other products should be self-serve enabled? Based on this announcement I assume that IT admins will need to play whack-a-mole every time MS decide to enable self serve on a new product.

    1. big_D Silver badge

      Re: It's a start...

      Yes. This is a corporate policy decision, so it needs to be opt-in.

      1. Trigonoceps occipitalis

        Re: It's a start...

        It will be "opt-in".

        And "opt-in" after the next update.

        And "opt-in" after the subsequent update.

        And ....

        You get the picture.

    2. Oh Matron!

      Re: It's a start...

      I didn't reaslisethat Micro$oft was so poor, it had to start looking at alternative revenue streams like this.

      Working in a big enterprise, this would have ended up in anarchy.

      End user: Hey, IT, I want this product

      IT: Do you have a business case?

      End user: Not so much..

      End user: Hey, I can buy this myself and expense it....

      Most companies, once they grow above a particular size, do not have the manpower, will, or time to go through every expense claim proactively. It's only after the horse had bolted, been run over by a truck, carted off to the knackers yard, ground up into roadside burger van foods that cost centres would have realised what was going on.

      I still feel this is not over yet. Things have to be OFF by default, unless enabled by IT. Or, at least have IT depts the ability to set *.* to off by default if required.

      1. oiseau Silver badge
        Facepalm

        Re: It's a start...

        ... this is not over yet.

        Of course not.

        Just wait and see.

        This was just to test the waters, so to speak.

        Things have to be OFF by default, unless enabled by IT.

        Indeed ...

        Anything else would be will be chaos, with the tab and responsability for the outcome having to be picked up by the IT chain.

        O.

      2. Mike 137 Bronze badge

        Re: It's a start...

        All businesses, when they grow above a particular size, lose control over the quality and effectiveness of their processes. Once the hierarchy gets deep enough, decision-making falls apart. This seems from my several decades of consulting experience to be a universal phenomenon.

      3. ExampleOne

        Re: It's a start...

        Why are IT asking for a business case? Surely that should all be sorted long before IT are involved?

        It is not the job of IT to make this decision, and the correct response should be more along the lines of “Do you have management approval?”

        1. BrownishMonstr Bronze badge

          Re: It's a start...

          "Well it costs money and we're short on that, yes we acquired that company for a few million squids so it means we're in the red."

          "But it will save me so much time and effort "

          "You just have to work more efficiently"

          "screw this I'll just pay for it myself "

      4. Roland6 Silver badge

        Re: It's a start...

        End user: Hey, I can buy this myself and expense it....

        Most companies, once they grow above a particular size, do not have the manpower, will, or time to go through every expense claim proactively. It's only after the horse had bolted, been run over by a truck, carted off to the knackers yard, ground up into roadside burger van foods that cost centres would have realised what was going on.

        Been this way with telecoms for decades, most companies - because their employees expense mobile phone calls don't actually know their true expenditure on telecoms....

        1. matjaggard

          Re: It's a start...

          What complete nonsense. Why should Microsoft allow IT to stop you buying extra software when almost every other software company in the world would allow a purchase with a credit card? I would be breaking policies by using my company card to buy Adobe Creative Suite for example but I wouldn't expect Adobe to stop me!!!

          1. Anonymous Coward
            Anonymous Coward

            Re: It's a start...

            They are not stopping you, you can create another Microsoft account, like you can with any other company, buy software, like from any other company. You just don't get to link it to your Corp account like you cant with all the other software you can buy.

            If you buy software randomly you don't get support from your IT support, like you shouldn't, IT departments are usually under funded and under staffed, having people buying random crap, and then expecting it to be supported is moronic.

          2. Dave K Silver badge

            Re: It's a start...

            The problem is that if you buy software with a credit card, you usually cannot install it without admin rights/approval. This isn't because IT admins are sulky sods, it's because of various policies around data protection, auditing, security and the rest of it. This original approach by MS would allow normal users without admin rights to buy extra software.

            Ultimately, it poses a gaping hole as it would have allowed employees to bypass rules and policies that are there for both their protection, and the protection of their company. Companies/legal departments should be able to decide these things, not individual users.

  2. redpawn Silver badge

    Power to the Peo.. no wait...

    Think of the poor money. It wants desperately to flow to us. It would be unfair to the money stream and could damage the whole ecosystem. This program has to continue for the sake of business computing and homeless money.

  3. Joe W Silver badge

    Make the process simple

    At our place we have the sets of software: standard software on every machine (browser, email, word processor etc.), standard software that can be requested (like... Mindmanager, some development tools, takes about two business days, on average) and non-standard software (anything you want to request, can take a long time depending on how expensive licenses are, what IT security says, if anybody else is using it already,...)

    Yes, I would like it to be faster at times, but it works well enough. And I use mostly non-standard stuff for my work.

    1. big_D Silver badge

      Re: Make the process simple

      And the big benefit of your system is that the company stays in compliance come the next audit - especially if you are handling data on European citizens (i.e. GDPR compliant).

      1. Lusty

        Re: Make the process simple

        That has literally nothing to do with GDPR compliance.

        1. big_D Silver badge

          Re: Make the process simple

          Yes, it does.

          If you develop a new electronic system to process PII, the data protection officer needs to be included from the planning stage onwards. If they are not included in the process (or even you plan the system, build a prototype and then inform the DPO), you are out of compliance.

          How many people seeing the Power platform will first talk to the DPO about their plans, before pulling out the company credit card and splurging on a set of Power tools? (Of the Microsoft variety, not the DIY ones.)

          1. Lusty

            Re: Make the process simple

            You seem to have confused tools with policies. GDPR doesn't differentiate between electronic and paper - perhaps we should prevent people bringing their own pens and paper just in case they write down some PII? Electronic tools have many uses outside of PII, and it's your job to keep the PII in a secure location, not to prevent people using tools to achieve their goals.

  4. Pascal Monett Silver badge
    Flame

    "we’ve been listening to customer feedback"

    Yes, I bet you have, because this time it's the customers you desperately want to keep : those that pay you the big support contracts and enormous license fees. So yeah, you listened, because those are not the Joe Public nobodies you don't care about when they whine about your craptastic GUI.

    1. This post has been deleted by its author

    2. Anonymous Coward
      Anonymous Coward

      Re: "we’ve been listening to customer feedback"

      They shouldn't need to 'listen to customer feedback'. They should never have allowed this in the first place.

      It's quite obvious there would be push back to this and it shouldn't require outrage to get them to turn around. You would hope there was a meeting somewhere that wasn't populated just by sales bods and marketing bods where someone would say "no this isn't right, it won't work" or "shall we consult with some of our users first to get feedback before announcing it".

      This is the worry, ever since Windows 8 Microsoft seem to have driven a wedge between their thinking and that of their customers. Even their own security guidance and normal rationale is being ignored due to their new thinking.

      To name two - Teams only able to be installed into the Program Data folder and, as well as the security risk, requires a separate copy of the program for every user. Forcing you to have really crappy games even in the Pro version of Windows with no Microsoft option to disable them permanently.

  5. 0laf Silver badge

    "Microsoft 365 admins will be able to disable the self-service platform, on a per-app basis"

    Does this mean that 365 admins will have to continually check for new apps and block them individually?

    I hope I'm reading this wrong and that everything is blocked by default and admins are whitelisting what's allowed.

    But this is MS so no chance really.

    1. DuncanLarge Silver badge

      I'd also suggest that you will have to check periodically to make sure it hasnt turned back on.

      I can imagine this happening if the updated versions of each products is published as separate a separate item. Thus you may have it off till the latest published version.

      1. pikey

        correct and MS has a habit of doing that in Office, turning a function back on you had switched off.

        1. DuncanLarge Silver badge

          Exactly!

          We also used GPO to force off the "fast startup" boot mode in windows 10 as we wanted the shutdown option to really mean shutdown and not be just another name for hibernate. We had to use GPO to set several registry entries, just to ensure that when our users do as they are told and shut down their laptop, updates actually do get installed.

          We found that every update that was installed turned fast startup back on. Thankfully GPO still works, for now.

  6. Anonymous Coward
    Anonymous Coward

    I think that horse fucked off years ago

    One of my first jobs in a new role - 10 years ago - was to deal with a SaaS provision that the HR bods had found and signed up to with a credit card. No one in the IT department had the faintest clue what it was, what it did, who used it, and most importantly how to support it.

    At the risk of attracting a few downvotes, this isn't really an IT issue. It's a corporate governance issue dressed up as an IT issue. The real problem is companies and policies that allow managers free rein with the company credit card and/or then do not enforce their own guidelines against people that transgress. (Usually because they are senior managers).

    Returning to example I opened with, it would have been the IT departments fault for letting it happen, had I not escalated it as a strategy problem and raised it with the board.

    1. Captain Scarlet Silver badge
      Childcatcher

      Re: I think that horse fucked off years ago

      I usualy find said person has added the created such and such solution to their CV and got a job elsewhere before they start finding what they have purchased doesn't fit their requirements.

    2. phuzz Silver badge

      Re: I think that horse fucked off years ago

      It is likely to be an IT issue, because the chances are that someone in the IT department is the Data Protection Officer for GDPR compliance. Especially as you say this was an HR project, there was almost certainly personal information in there, and if something had gone wrong, it would the DPO who'd be in trouble from the ICO, not the hapless HR bod.

    3. N2 Silver badge

      Re: I think that horse fucked off years ago

      Usually because they are senior managers

      Who think that everything they do and say is completely beyond reproach.

      But never mind, it's always some one else who gets to clear up the mess.

      <icon> Turd </icon> because thats usuallly whats left behind.

      1. Anonymous Coward
        Anonymous Coward

        Re: I think that horse fucked off years ago

        Classic "I get paid more than you. My opinion is the important one."

  7. Doctor Syntax Silver badge

    It sounds like the grown-ups found out what was happening. Probably put a few marketroids on the naughty step.

  8. Arctic fox
    Happy

    Re "As employees become more independent and better versed in technology,....."

    I almost split my kipper laughing when I read that bit.

  9. DuncanLarge Silver badge

    Where are they then?

    "As employees become more independent and better versed in technology..."

    I've yet to see many of these. The ones we do have have built a career around it or gone on specific training/courses. Us IT bods are made aware of this and work with team leaders to provision any software or additional "stuff" thats needed along with allocating (or debating) the correct cost codes that are used and setting up DR plans if needed along with updating the various IT documents to incorporate the new "stuff". Then there is also the updating of the first line team who will be getting calls to support this.

    So I have yet to see independent tech savvy employees who can implement and manage something as complex as a Power BI solution. A lot of the time I'm helping educate people what Onedrive is. I sometimes also have to explain to people who never save a document, lose it and ask if it can be recovered, that turning on autosave is generally a good idea. I even had one user say "I turn off autosave because its annoying".

  10. johnnyblaze

    Dumb ass

    Microsoft only saw $$ signs with this move - and they've only done a 180 because of pressure from over-stretched sysadmins who don't need yet reason to chase stupid employees who think they can do what they want. Yes, MS have seen sense, but it was an idiotic idea in the first place driven purely by greed.

  11. Tikimon Silver badge
    FAIL

    Only slightly less onerous...

    WTF? Disable each app individually with Powershell? That's asinine, insulting, and abusive to us admins who keep their buggy shite running.

    That leaves the Store intact for later use. It leaves the option to issue apps that cannot be disabled. It forces admins to play Whack-A-Mole with whatever new self-serving program they decide to shove at everyone (Teams, for one).

    If they want to "give in" they can allow us to totally disable the Store, and do it with Group Policies. WANKERS.

    1. Anonymous Coward
      Anonymous Coward

      Re: Only slightly less onerous...

      Are you new here? That's not how this works. That's not how any of this is supposed to work.

      Whack-A-Mole is reserved for Friday afternoons. The rest of the week is devoted to Teeth-Gnashing, Hair-Pulling, Face-Palming, Under-Breath-Cursing, Chain-Smoking (if so inclined) and Moody-Thoughts-of-Self-Despair. As a special treat, on the first Tuesday of the month, Pathetic-Crying is allowed.

      Welcome to IT?

    2. keith_w

      Re: Only slightly less onerous...

      The store can be disabled. Where I am presently working, not only has the store been disabled but so has Edge. IE and Chrome are available.

  12. ab-gam

    "we are updating the launch"

    Only Microsoft could think of calling backpedalling on policy & process changes so hard that they have to delay a launch as an "update"....

  13. Aussie Doc
    Pint

    Really?

    You had me at "Over the past week, we’ve been listening to customer feedback..."

  14. Pirate Dave Silver badge
    Pirate

    Not the first time

    So apparently this isn't Microsoft's first foray into this corporate Self-Service universe. I was searching around for the magical Powershell command to disable this, and found that Microsoft has already gone through this back in September with their Dynamics 365 self-service.

    https://docs.microsoft.com/en-us/dynamics365/business-central/dev-itpro/developer/devenv-business-central-manage-selfservice-signups

    Funny how on that page, Microsoft is fairly straight-forward about it, they aren't acting like a kicked puppy the way they are with the Power Apps self-service fiasco.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019