At Microsoft Core Services and Engineering (CSEO), we’re migrating our most critical infrastructure and services to the cloud to enable greater scalability, reliability, and agility. We recently moved our largest and most used portal, the Microsoft internal human resources portal (HRWeb), to Microsoft SharePoint Online. To ensure a safe, secure, and successful migration, we designed a detailed and well-planned process that helped us take full advantage of the SharePoint Online platform’s benefits while enabling us to also creating new and better ways for our HR department to support Microsoft employees. Now that HRWeb resides on SharePoint Online, the portal is more globally accessible, better performing, and easier to navigate and search than ever. We’re excited about the opportunities that SharePoint Online provides to improve and grow the human resources (HR) presence at Microsoft and the opportunities it presents to enhance all our organization’s portals.
Providing human resources solutions with HRWeb
HRWeb provides HR information and solutions for 135,000 Microsoft employees worldwide, and it is the most visited internal portal site at Microsoft, logging approximately 1 million employee page views each month. HRWeb hosts the key human resources-related tools and processes that our employees use, including:
- Business travel letters
- Employment vacation
- HR help desk (Ask HR)
- Personal profile
- Manager self-service
- Proof of employment and income
Transforming our environment to meet our business needs
Historically, we’ve hosted our portal sites in on-premises Microsoft datacenters that are connected to our internal network. This model worked well in the past, when our employees spent most of their work time in Microsoft offices and used computers connected to our network. The modern Microsoft workplace, however, empowers employees to make the technology and work-style choices that allow them to perform at their best. For many of our employees, that entails taking a cloud-first, mobile-first approach to using their technology. The office cubicle is not necessarily the preferred place for Microsoft employees and the traditional datacenter is no longer the preferred place for Microsoft to host its internal IT infrastructure.
Microsoft has been a cloud-by-default organization since 2015. Our organization runs on cloud computing—that’s reflected in how we’ve organized our SharePoint infrastructure. We’ve moved our SharePoint infrastructure out of our on-premises datacenters and into SharePoint Online to take advantage of cloud agility, scalability, and reliability across our IT infrastructure. More than 90 percent of our IT infrastructure at Microsoft is in the cloud. As part of that initiative, we planned to move HRWeb out of the on-premises datacenter environment and into SharePoint Online.
Addressing challenges and seeking solutions
HRWeb was the last of our portal sites to migrate to the cloud. As our largest and most frequently used portal site, its move was scheduled last to ensure that our migration processes were ready to handle a migration of the size and scope that HRWeb presented. HRWeb’s hosting environment wasn’t meeting our business needs and we were encountering several challenges in the on-premises version of HRWeb that we wanted to address and solve in advance of the migration:
- Inadequate performance. HRWeb experiences approximately 1 million page views per month. It’s our busiest portal, and the amount of traffic that HRWeb handles requires substantial resources to support it. The limitations of static infrastructure and the constraints of procuring physical equipment led to inadequate HRWeb performance. The new version of HRWeb needed to respond quickly to requests and provide a responsive user experience.
- Inconsistent access. As our employees moved to more mobile and cloud-connected work styles, it became increasingly more complicated for them to access HRWeb because it was hosted on our internal network. We also had segments of our business, such as our retail stores, that weren’t connected directly to our internal network. Thus, employees in our retail stores couldn’t access HRWeb from their locations, which made it difficult for our HR department to reach them effectively. Employees in other parts of the world needed the same level of access to HRWeb as those on our main campus in Redmond, yet we didn’t have a truly globalized portal. We wanted the new version of HRWeb for SharePoint Online to be accessible to our employees from anywhere.
- Complex content organization. The on-premises version of HRWeb had been in operation for many years at Microsoft. The curation and management methods we were using in SharePoint resulted in duplicated and outdated content presented on the site. We weren’t properly integrated with other Microsoft portal sites that had already been migrated to SharePoint Online, so HRWeb content wasn’t accessible directly from those portals. Because HRWeb was using a different search engine than the other portals used, other portals’ search results did not return HRWeb content.
- Poorly functioning components. Some of our tools required upgrading or retooling. Accessibility to HRWeb was less than ideal. Many of our employees experienced content access issues or weren’t able to access HRWeb at all. We identified the move to SharePoint Online as an opportunity to reimplement poorly functioning HRWeb services on SharePoint Online by using the improved tools for design and implementation.
Migration design: plan well, learn from the past
Our migration design and planning represented the most significant amount of work required in migrating HRWeb. Because we were moving the largest, most-used portal presence in the organization to a new platform on SharePoint Online, we needed to make that process as streamlined as possible. We also needed to ensure that the end result met our business needs and overcame the shortcomings of the on-premises version. We established the following high-level goals to guide the migration design toward a solution that best fulfilled our requirements:
- Improve the user experience. The cloud promised increased scalability, reliability, and agility. We wanted to take advantage of those benefits to create a responsive and efficient experience for our users.
- Ensure and improve security and compliance. We couldn’t compromise our security and compliance. We also wanted to ensure that moving to SharePoint Online allowed HRWeb to retain or improve the level of security and compliance it had when it hosted on-premises while also extending portal access to our retail employees.
- Make the most of the new platform. We wanted to design HRWeb for SharePoint Online, making the most of its native functionality and components, including simplified content management and targeting, and increased discoverability.
Considering HRWeb from an objective perspective
One of our initiative’s most critical success factors was our decision to bring in support from outside Microsoft. Like any large organization, Microsoft has its own culture. We have ways of doing business and operating internally that are part of our identity. In our early design efforts, we recognized that we were inclined to approach the migration in terms of how things had always been done with HRWeb. We tried to design our solution by using existing methodologies and structure, but on a new platform. For example, claims-based authentication provided important functionality in the on-premises version of HRWeb, and we initially focused more on replicating those elements in SharePoint Online rather than examining how we could use native SharePoint Online functionality to create a similar solution.
We realized that our migration team was too familiar with the way things had been done in the on-premises version and too close to Microsoft corporate culture. There were certain things that we accepted by default, certain cultural norms that seemed to be simply part of how things were done. We acted on that realization and recruited a vendor to help us with the design and planning approach to our SharePoint Online migration. The vendor team was able to look at HRWeb and even our HR processes objectively and question why we were doing things a certain way, especially if they viewed our approach as less than optimal. Some of the key areas in which we developed better clarity were:
- Involving stakeholders early in the process.
- Reassessing our security model and our implementation of users and groups.
- Examining the potential for new HR tools and services to replace outdated versions.
- Identifying opportunities for simplification and reduced complexity.
Designing for security and usability
Our security model was one of the biggest considerations we faced when we migrated HRWeb from on-premises to SharePoint Online. On-premises, our identity and access management service of choice is Active Directory Domain Services (AD DS), which is designed to support on-premises, domain-joined users and computers. As a result, the identification and authentication mechanism for HRWeb on-premises was heavily reliant on AD DS for user identity and classification.
The HR employees at Microsoft—those who manage and oversee HRWeb functionality—required permissions to certain resources and services to present information, assist employees, and ensure privacy and compliance. The on-premises version of HRWeb accomplished this by using our AD DS directory and a custom-designed claims-based federation service. We recognized immediately that the on-premises security model would not migrate cleanly to SharePoint Online. Replicating the AD DS environment in Microsoft Azure and then using it to support the SharePoint Online version of HRWeb wasn’t a valid choice. The claims-based authentication mechanism we used in the on-premises version of HRWeb didn’t integrate with SharePoint Online. For that reason, we had to address the security issues through simplifying the model, introducing content targeting, and providing a flexible architecture for exposing content through search that leveraged this new model.
Simplifying and streamlining security with role-based access control
We worked with the Identity and Access Management team at Microsoft to develop a way to use the identity and authentication mechanisms in Azure Active Directory (Azure AD), the default directory service for Microsoft cloud-based solutions. We looked at the structure of our on-premises environment and recognized important changes that we needed to make:
- A security platform and model that integrated with SharePoint Online. We couldn’t rely on custom federation and claims-based authentication for identity and access in SharePoint Online; it wasn’t technically feasible. We identified Azure AD as the best solution to maintain the identity and access management environment to support SharePoint Online and still maintain the level of control and auditing that we required. We leveraged existing security groups in the on-premises AD DS and replicated them to Azure AD by using standard tools.
- Simplified user and group structure. The on-premises model used claims to group and categorize users on multiple levels. These groups were then added to other groups, given permissions to resources, and managed for ongoing membership. It was a tedious, labor-intensive process that was based on how our existing AD DS environment was structured.
We decided to simplify this structure. We replicated the groups to Azure AD, simplified how those groups were used in SharePoint Online and used a role-based access control model to assign permissions. We reduced the thousands of groups to seven distinct roles that supported the primary personas required to support HRWeb.
As the design process progressed, it became evident that we needed to reduce complexity in our structure and data. HRWeb had 398 different sub-sites that operated under the main portal. Some of the content was indexed poorly, and searchability was less than ideal, so we agreed to focus on data cleanup and taxonomy development before we performed any migration tasks. Because HRWeb was the only portal left on-premises, it wasn’t searchable from other Microsoft portal sites, including our main company portal site, MSWeb. We didn’t want to move data and tools that would be unused or removed in the SharePoint Online implementation. We established several important tasks to perform prior to migration:
- Plan for a unified dashboard solution. We have 135,000 employees worldwide and the one thing that they all have in common is that they’re Microsoft employees who need to use the same HR services. We wanted to create a unified experience that enabled HR to reach the entire organization effectively. We planned to create a customized experience for our employees by using tagging to deliver to users targeted, relevant content including pages, links, and tools. HR needed to provide organized, searchable content, but it also had to be able to provide access to localized content relevant to each region. We positioned the HRWeb home page to be the one place that employees went for all HR-related actions and resources.
- Simplify structure. We planned a reduction from 398 sub-sites to a smaller subset of 12. These 12 sites would organize HRWeb resources into smaller sets of first-level sites, and would classify data and tools so that all the HRWeb content would fit neatly within the first-level sites.
- Reduce or remove unnecessary data. We performed significant data cleanup prior to the migration. We had multiple versions of company policies residing in different locations, and unused and irrelevant information still published in some sub-sites. It was very helpful to have clean, organized content before starting our migration. We also planned and designed for searchability so that the data we migrated would be available and accessible via search.
Migrating our largest portal
The implementation process for migration was relatively simple and easy to execute compared to the planning and development process. In fact, the diligence during our planning and development process was the primary reason that the migration of our production environment went so smoothly. We performed the migration in two distinct phases:
Phase 1: Pilot and small-scale movement
Our migration team began the move to SharePoint Online with a pilot project that used reliable and nonvolatile data. Our pilot migration involved approximately 250 pages of content, and we retained the structure and feel of the on-premises version. The content represented about 80 percent of our most-visited pages on HRWeb; we wanted to ensure that our most-used content would be available and usable in its migrated state. We made the content available in SharePoint Online to HR employees for testing and feedback. We encountered no outstanding issues during the migration process, and we immediately noticed improvements in performance and reliability on SharePoint Online.
Phase 2: Global rollout and service migration
We identified several learnings and best practices from our pilot, which we used to adapt our processes for the second phase of the migration. Phase 2 involved several steps:
- Creation and organization of a new security model and related personas. The security model that we developed was implemented in Azure AD and SharePoint Online, where we created the necessary objects to control roles and groups. The Azure AD security groups provided the membership for the simple SharePoint security model. We secure content by role and then target content by company code. Separating security and targeting models enables us to keep the model simple and allows us to assess targeting outside the context of security.
- Examination of connections to services outside HRWeb. We ensured that connections to tools outside of HRWeb would still function in the SharePoint Online version. This involved reaching out to connection owners, testing the connection, and performing mitigation steps, if necessary.
- Reorganization of content within the new structure under new tagging and indexing methods. We planned content reorganization prior to migration, and we tagged and placed content within the taxonomy as it was migrated. The new taxonomy and tagging system enabled better targeted content for HRWeb users, and it also made search more effective.
- Migration of content into the new structure. We worked through migrating our content according to our migration plan. We kept at it until all content was complete and ready on SharePoint Online.
Phase 2 was the last content migration phase and it took a little more than three months. Our initial plan was to perform a partial migration in phase 2, regroup and apply learnings to our processes, and then proceed with a planned phase 3, which would have included the rest of the content. However, the phase 2 content migration went so smoothly that we continued using the same methods throughout the migration without incident, and did not have to proceed to our planned phase 3.
Migration cutover – HRWeb on SharePoint Online
Because of our migration team’s thorough planning, design, and implementation, our cutover day was a nonevent. Our on-premises and SharePoint Online versions of HRWeb were running in parallel, waiting for us to change the DNS settings to redirect traffic from the on-premises site to SharePoint Online. We assigned resources to assist employees or address issues as they arose, changed the DNS records, and interacted directly with any employees who had issues. The entire cutover process took less than 15 minutes.
We’re realizing several benefits from HRWeb on SharePoint Online, including:
- Accessibility for all Microsoft employees. Our employees are no longer restricted to the boundaries of our corporate network to access HRWeb. SharePoint Online provides internet-connected, mobile device-friendly access so that employees who aren’t connected to the corporate network, such as our retail store employees, have full access to HRWeb from any supported device at any time.
- Searchability across all Microsoft portals. With all Microsoft portals now on SharePoint Online, we have a much deeper connection between portal sites. In our on-premises version, the claims-based authentication model prevented us from exposing search results to the other Microsoft portals on SharePoint Online, even when using hybrid search. HRWeb now uses the same authentication provider as the rest of our portal sites on SharePoint Online, so information across all portals is searchable from any portal site. As a result, it’s easier to find HRWeb content while searching on other Microsoft portal sites, and it’s easier to search and find content from other portal sites when using HRWeb. However, the search experience can still be improved and is a focal point for the company.
- Better presentation of HRWeb content. SharePoint Online is designed by default to present content across multiple platforms and form factors. That means that our employees can have a productive HRWeb experience from their PC, tablet, or phone. Our tagging and content targeting model is used across all our portal sites, so it’s easy for employees to access information relevant to their role or region.
- Improved performance and reliability. The cloud gives us a resource pool that is as deep as we need to power HRWeb. We can scale to meet demand, ensure that our content is available worldwide, and know that our employees can always access the HRWeb solutions that they need.
We learned several things on our migration journey. The size and scope of HRWeb provided a new level of migration effort for us, and we’d like to share some of what this experience taught us:
- Plan for complexity. HRWeb is immense. The migration’s complexity required us to perform extensive planning and design to prepare for migration.
- Obtain support from stakeholders. Our stakeholders were vital to the success of the migration, but it was challenging to keep them fully engaged. We worked hard with our partners and other stakeholders to ensure that they were informed about the process and timing, and what was required of them for the migration. This helped us ensure that all necessary participants in the migration were ready to contribute when the time came.
- Get the right talent. Our migration team was excellent, and we benefitted significantly from the vendor team’s contribution to the planning and migration process. Without the right people with the right knowledge in place, a migration can quickly become problematic.
- Agree on the customer. Know who you’re building your solution for. While our stakeholders and partners were critical to the success of the migration and provided lots of feedback, our customer was the Microsoft employee. We circled back to the employee’s needs several times during the planning and migration process, ensuring that those needs and the employee’s experience were our primary considerations.
- Document and share progress. Keeping people informed of the migration progress reduces opportunities for misunderstanding and it keeps your stakeholders and users engaged throughout the migration.
- Provide opportunities for continuous feedback. Our migration didn’t end at our cutover. We’ve encountered some bugs and other challenges that we’re actively working on resolving. We’re continuing to refine and improve processes and aspects of HRWeb, and the feedback from our users is our most important indicator of what we should work on next.
We’re continuing to improve HRWeb and find ways to use SharePoint Online to create the best experience for our employees. Here are some of the items we’ll work on soon:
- Creating a more personalized experience. We want to leverage SharePoint Online’s tagging and targeting capabilities to provide our users with a more targeted and personalized experience.
- Extending the employee experience for HRWeb. We want to use SharePoint Online’s reach to connect with our employees throughout their employment experience with Microsoft. We’re working on ways to use HRWeb for our onboarding and hiring processes, and we want to use HRWeb to remain connected to former employees.
- Continuing to build on modern SharePoint functionality. We’re continuing to use modern SharePoint functionality and design. We want to build modern SharePoint into all areas of HRWeb to take advantage of SharePoint’s performance and manageability benefits.
- Building more self-service and AI into the HRWeb experience. We want to provide the most responsive and efficient experience for our employees. We’re testing new self-service solutions and investigating the use of bots and AI to extend the ways that we can meet our employees’ needs.
SharePoint Online has brought HRWeb to the cloud, and we’re pleased with the increased capabilities and reliability we experience. We’re creating new and better ways for our HR department to interact with and support Microsoft employees, and HRWeb is more globally accessible, better performing, and easier to navigate and search than ever. We’re excited about the opportunities that SharePoint Online provides to improve and grow our HR presence and the opportunities it presents to the rest of our organization
For more information
Microsoft IT Showcase
© 2019 Microsoft Corporation. This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY. The names of actual companies and products mentioned herein may be the trademarks of their respective owners.