Comment by close04
9 hours ago
This is the elephant in the room that most comments on this page miss. Office may be hard to replace, Teams maybe even harder, but the real pain comes when you touch identity and access management. The usual initial optimism that "yeah but [insert solution name here] does this, problem solved" dissolves very fast as you start going through the inventory of requirements for managing users, devices, authentication, etc.
It's not just the technical hurdle which maybe you'll whip your admins into finding workarounds (-keep praying that your admins don't leave because it will be painful to find replacements who understand and can maintain the spaghetti pasta monster your infra ended up being-). In overall non-technical organizations the user experience always ends up hobbled even just by asking people to keep track of multiple identities.
MS is still entrenched because they give a turnkey solution with Eeeeeverything™ and your CTO doesn't need to struggle with any uncertainty. SaaS made it so easy to just "outsource" everything to MS, they'll be responsible and accountable for operations, infra, security, processes, etc. Even less headache for your C-level people. See no evil, hear no evil, you pay MS to take the shit and your job is safe. If you throw a stone out the window you'll hit someone with general "MS administration" skills. And users are usually familiar with MS tools, Windows, Office, so they aren't bothered (you hear a lot of complaints about Teams on HN but not so much from normal users). So this covers the tech, the skills, and the UX.
> Office may be hard to replace, Teams maybe even harder.
It actually depends how you use it. If you use the shared online collaboration features (concurrent editing for example) it might be pretty hard since I do not know any other solution besides Google Workspace that can do that.
And Excel standalone I think is the hardest to replace if you have lots of macros with business logic inside them.
For Teams, as long as you use it for conferencing and chat (no file sharing or editing), you can replace it with Slack or whatever other solution might exist that has some feature parity.
IAM can stay MS, as it is a pretty battle tested solution on-prem and in the cloud. Or you move to something like Okta with a LDAP like backend where you manage users and groups.
> IAM can stay MS
The idea is to move critical parts away from US companies.
The US shows hostility towards Europe, even threatened a military attack. So the goal is now to remove as much dependence as possible.
To claim Microsoft is a company and doesn't have to follow US government order is naive. US government is now routinely breaking the law, if they threaten Europe with military action, they can also threaten Microsoft with military/police action.
How does that matter? They said the same shit during the Nuremberg trials. You're encouraging bad behavior. You can't be submitting to illegal actions by rouge governments. You make everyone less safe when you do this.
1 reply →
> IAM can stay MS
That's leaving the most critical component still with a US company. Doesn't fly if the goal is what the Danish agency is trying to achieve.
> It actually depends how you use it.
Obviously but the larger the company, the more ways to use it, and one of those ways will be a nightmare to tackle. You want one solution, not a patchwork. So the one that does everything gets picked. MS throws everything and the kitchen sink in their ecosystem to fit every need even if sometimes at mediocre or crappy quality.
> For Teams, as long as you use it for conferencing and chat (no file sharing or editing), you can replace it with Slack
Taken in isolation you're right. But in a world of network effects every company, supplier, service provider you work with might use Teams and you can federate. Switch to Slack alone and you make your life harder.
I mentioned this in another comment, if protocols and formats were mandated to be open or interoperable (in practice) to allow usage in the public sector, replacing MS would be a notch or 2 simpler.
> That's leaving the most critical component still with a US company. Doesn't fly if the goal is what the Danish agency is trying to achieve.
Yes, because it is very hard to replace. I said that you could move to Okta or something similar (in this or in another comment), but this requires you have pretty modern apps that can integrate with SAML/OAuth/OIDC.
And, even staying with MS for a few more years while you migrate IAM to something else is not as bad as having the full Office stack. You can't just yank out everything overnight - I mean you could, but you have to spend a ton of money to have a 1:1 solution from the get-go.
1 reply →
Exactly. And if identity and access management is turned off, then nothing works anymore.
In the past there was a lot of Software directly installed to user's PCs and might have been authenticated without SSO. Also log in to a PC often works without identity management (cached credentials). But nowadays nearly everything is somehow in the browser and requires SSO.