Compared to on-premises server administrators, who can work directly with server software controls, Microsoft 365 administrators use web-based remote interfaces to work with cloud services. Microsoft 365 admin center provides access to the various tools for all the services included in the product, such as Exchange Online admin center and SharePoint admin center, as shown in Figure 2-11. These tools enable managing configuration settings and creating virtual resources, such as mailboxes and directory service objects.
FIGURE 2-11 Admin center access through Microsoft 365
However, administrators of cloud services do not have access to the underlying resources on which the services run. They cannot access the operating system of the computers on which their services are running, nor do they have direct access to the files and databases that form their service environments. For example, while administrators can create mailboxes for users in the Exchange Online admin center, they cannot access the mailbox databases containing the users’ messages.
The web-based interfaces are not necessarily a drawback for all administrators. It is entirely possible to manage a cloud-based service without ever requiring access to the service’s underlying data structures. In addition, Microsoft maintains responsibility for those data structures, ensuring their availability and security. In an on-premises service deployment, it is up to the local administrators to replicate the data structures for high availability purposes and implement a load-balancing solution to maintain a similar level of performance.
Here again, the differences between the two service environments depend on the experience and preferences of the people responsible for them. Experienced Exchange Server administrators, for example, might be wary of using a cloud-based Exchange implementation that would isolate them from the servers, the operating system, and the traditional Exchange controls. However, an administrator relatively new to Exchange might welcome the simplified access the Exchange Online admin center provides.
Security
One of the most critical factors in the decision to use cloud-based or on-premises services is the location of sensitive data. For many organizations, the security of their data is not just a matter of their own benefit. Sometimes, contractual and regulatory constraints can make cloud-based data storage impossible. For example, a company with a government contract might be required to maintain personal responsibility for its stored data; it cannot pass that responsibility on to a third-party cloud provider.
However, in cases with no legal constraints, storing data in the cloud can provide protection equivalent to several different on-premises security products. Antivirus protection, message encryption, Information Rights Management, and Data Loss Prevention are just some of the security mechanisms that the Microsoft 365 cloud services can provide, all of which would require additional maintenance and expense to implement for on-premises servers.