How the dependency formed
A longitudinal note. Dependency rarely arrives in a single decision.
The arc typically begins narrowly. Email and document collaboration are the least contested categories, and adoption is rarely framed as a platform decision. In the first phase the tenant holds mailboxes, shared drives, and a calendar surface.
In the second phase, identity moves. Entra ID becomes the source of truth for employees and contractors, then for conditional access into non-Microsoft SaaS. Joiner, mover, and leaver processes are sequenced through the tenant, and HR systems sync into it rather than around it.
In the third phase, collaboration consolidates. Teams absorbs ad-hoc meetings, then standing channels, then approvals and decision logs. SharePoint accumulates the long tail of institutional documents, lists, and lightweight applications. OneDrive becomes the default personal drive.
In the fourth phase, governance migrates inward. Conditional access, DLP, retention, eDiscovery, device compliance, and increasingly information protection are authored inside the tenant's policy plane. Audit and compliance functions read posture out of the platform rather than into it.
By the fifth phase, operational processes are tenant-shaped. Approvals run in Teams, runbooks live in SharePoint, alerts route through Exchange, endpoints are governed through Intune, and the organization's working vocabulary is the platform's vocabulary. No single decision produced this; a decade of locally rational ones did.
The platform read through the five frameworks
Each section applies one of the System Drift frameworks to Microsoft 365.
Dependency Concentration
Concentration accumulates across four adjacent surfaces simultaneously: identity (Entra), communication (Exchange, Teams), document authoring and storage (Office, OneDrive, SharePoint), and endpoint and policy (Intune, Purview). Few platforms occupy this many neighbouring surfaces inside the same organization, which is the structural fact the rest of the profile is read against.
Bundled licensing rewards full-suite adoption over category-by-category procurement. Concentration here is not the product of capture so much as of reasonable economics applied consistently over time, which makes it durable and difficult to attribute to a single decision-maker.
Observed indicators- —Entra is the identity source of truth for non-Microsoft SaaS.
- —Email, chat, video, and document collaboration all sit inside one tenant.
- —Endpoint posture is expressed through Intune rather than a third-party MDM.
- —Bundled SKUs replace previously separate procurement lines for security and compliance tooling.
Reversibility
Reversibility is constrained by depth rather than breadth. Mailbox and file corpora can be exported through documented paths. What does not export cleanly is co-authoring history, sharing-link continuity, conditional access logic, Teams channel structure, and the federated identity graph that has grown outward from Entra into the wider SaaS estate.
The realistic unwind horizon for organizations with extensive adoption is measured in years and is dominated by identity re-platforming, not by document migration. Reversibility falls as the number of federated downstream applications grows, because each federation extends the surface that would have to be re-established elsewhere.
Observed indicators- —Third-party SaaS authentication is configured against Entra rather than a neutral broker.
- —Conditional access policies encode business rules that exist nowhere else in writing.
- —Teams channels carry decision and approval history with no parallel system of record.
Governance Surface
Governance has migrated into the tenant. Conditional access, DLP, retention labels, sensitivity labels, eDiscovery scopes, insider risk policies, and device compliance posture are all expressed inside Microsoft's policy plane. Where this is true, the platform is the governance layer, not merely subject to one.
Administrative authority concentrates with it. The set of people who can meaningfully alter how the organization governs identity, data, and endpoints narrows to those who hold tenant-level roles. Policy authorship rarely leaves the platform once it lives there, which is the quiet form of governance concentration.
Observed indicators- —Compliance reporting is generated from Purview rather than aggregated into it.
- —Audit functions read access posture from Entra directly.
- —Conditional access serves as the de facto security policy of the organization.
Operational Capture
Capture is most visible in Teams. Channels accumulate decision logs, approvals, project context, and ad-hoc workflow that would once have lived in dedicated systems. Over time the channel becomes the system of record by default rather than by design, and the workflow is no longer separable from the surface it runs on.
Capture is also present, less visibly, in SharePoint and Power Platform. Business processes are encoded in lists, flows, permission inheritances, and lightweight apps that no separate inventory describes. Process documentation begins to read like product documentation, and internal vocabulary mirrors the platform's nouns.
Observed indicators- —Approvals and sign-offs occur in Teams threads rather than a workflow tool.
- —Operational runbooks reference SharePoint locations as canonical.
- —Power Automate flows quietly underpin processes the organization considers manual.
- —New hires are onboarded into the platform's mental model rather than the organization's.
Exit Complexity
Exit complexity is dominated by identity and institutional vocabulary rather than by data movement. The technical migration of mail and files is bounded and well understood. The untangling of federated identity, the rebuilding of governance policy on a different plane, the retraining of staff who think in Teams, SharePoint, and Entra nouns, and the rewriting of contracts that assume Microsoft-mediated controls are not.
Institutional memory of why a conditional access policy exists, why a Teams channel is structured a particular way, or why a SharePoint permission was granted is rarely captured outside the tenant. Separation therefore reads as predominantly political and longitudinal rather than technical and project-shaped.
Observed indicators- —Contracts with auditors and regulators reference Microsoft-native controls by name.
- —Internal terminology has converged on platform vocabulary.
- —A meaningful share of operational knowledge exists only as tenant configuration.
What separation would involve
A description, not a recommendation.
Separation would typically involve re-platforming the identity layer first, then sequencing mail, files, and collaboration onto independent surfaces, then rewriting governance policy in whichever planes replace Entra and Purview, and finally reconstructing the operational knowledge currently encoded in Teams channels, SharePoint sites, and Power Platform flows. Each stage is feasible in isolation; together they describe a multi-year program whose cost is predominantly organizational rather than technical.
Editorial note
This profile is a dependency study, not a product review. It is not a buyer's guide, a feature comparison, or a recommendation. It does not argue that Microsoft 365 is good or bad. It documents how the platform shapes organizational behavior, where concentration accumulates, and what separation would involve.
The framework readings are revised on the transparent methodology cadence. The indices are analytical signal, not procurement advice.