Microsoft 365 for Legal – The four phases to transformation

At the end of January, we revealed that Microsoft has launched a Microsoft 365 and Teams Deployment for Legal initiative that includes a four-phase plan to help law firms overcome privacy barriers and a dedicated team to support and accelerate law firms’ 365 journey.

The initiative, which is being led by Microsoft senior modern work solution specialist Jon Kefaloukos, has been put in place to enable law firms to get around enduring concerns over putting client-matter data in the Microsoft Cloud, given that – in rare and extreme cases – Microsoft can be subpoenaed by the US government to provide customer data without reverting to a customer first (blind subpoenaed).

Enthusiasm for the new initiative is high, as are the number of questions that people have as to what this really is and what it means. Kefaloukos is keen to stress that it is not a new legal vertical but nonetheless, he and his team of subject matter experts from across Microsoft Teams; Office365; SharePoint; OneDrive; Security; Compliance and Windows 10 have created a deployment vision and proposed action plan to help law firms drive organisational change.

The Microsoft team includes Iris Childress – corporate escalation manager for M365 deployment for legal; Michelle Gilbert – M365 Deployment for Legal Office 365Collaboration Lead; Rahul Varrier – Sr. Teams Engineer for M365 Deployment for Legal; Corey Buzzell – M365 Deployment for Legal MTC Co-Leads; and Paul Edlund – Sr. Architect at the Chicago MicrosoftTechnology Center. Microsoft is working closely with ILTA and in particular CEO Joy Heath Rush on a series of webinars starting 17 February.

The four-phase approach to getting Microsoft 365 deployed doesn’t just focus on Teams, although Teams has most ‘brand equity’.

Phase one is about enabling people to leverage instant messaging and chat in Teams and leveraging Teams’ meeting functionality. At this stage firms can turn OneDrive and SharePoint off so that there is no document sharing in Teams/Office 365 to avoid client matter data concerns. Outlook still drives communication and lawyers are still using their document management solution only.

Speaking to Legal IT Insider, Edlund said: “If that is the law firm’s desired end state they can stay there forever.” Kefaloukos added: “We have heard from firms that want to stay in that phase one area.” There are a number of still largely cloud averse elite law firms that we bet will not get past this phase.

However, the reality is that the priority of the majority of law firms is to advance beyond this point. For those being asked to join clients’ Teams and collaborate on the platform, phase one is a starting point not an end goal.

Phase 1

Instant Messaging/Chat in Teams, custom retention policies for deletion

Teams meetings
Group calling (VOIP)
Basic presence in Teams
Outlook drives communication
OneDrive and SharePoint are off

Phase two sees all of the phase one Teams functionality plus DMS integration into Teams. Security and compliance tools are in place for data protection and governance.

At this point OneDrive and SharePoint are on where firms choose that path, allowing real-time co-authoring, sharing and collaboration. You can block documents and client matter data from being shared in SharePoint.

Kefaloukos says: “Phase two is where we are starting to help law firms modernise. They are leveraging Teams and Channels. They start to turn on collaboration in a way that enables security and compliance tools to mitigate risk, protect files and encrypt data. If they want to leverage the DMS they can but Teams becomes the hub.”

Prosperoware has been working closely with Kefaloukos and his team, including providing guidance on the support that law firms need. Prosperoware’s founder and CEO Keith Lipman said: “You’re turning this on at the user level – so you can say ‘this user has OneDrive or SharePoint or they don’t.’”

Prosperoware is used for provisioning to ensure that documents are stored where they need to be and treated in compliance with information governance policies.

Phase 2

All of phase 1 functionality
DMS native integration into Teams
Security and compliance tools in place for data protection and governance (DLP, ethical walls)
OneDrive and SharePoint on where appropriate
Native cloud DLP plus double key encryption/retention
Outlook and Teams for comms

Phase 3 will see firms collaborating in real time with clients and leveraging PowerBI data visualisation and dashboards, plus Office365 app integration into Teams, eg Planner and Whiteboard. At this stage it is envisaged that Outlook will be for targeted communication.

Phase 3

Federation with select partners, clients for external chat capabilities
External/guess access for real-time collaboration with clients in Teams
PowerBI data visualisation, dashboards and integration in Teams with DLP built in
Power App, Power Automate workflows built into and flowing through Team
PSTN calling, Telephony for select users
Outlook for targeted communication

In Phase four – which Microsoft points to as ‘what digital transformation looks like’ – nearly all business processes are flowing through Teams. Chatbots and Power Virtual Agents are enabled, and all business operations and financial insights are flowing through Teams with PowerBI, Power Platform, and ‘Aderant or Elite.’

Phase 4

Nearly all business processes are flowing through Teams
Chatbots, Power Virtual Agents enabled
PowerApps, Power Automate workflows with advanced third-party applications integration
Client dashboards, client-focused Teams, cusotmised channel helping to support client needs
Business operations, financial insights and client insights flowing through Teams with PowerBI, Power Platform, and Aderant and Elite.

While the Microsoft team are cautious about calling the four phases a legal roadmap and there are no new product features, they now have customisable modules and options that were not available eight months ago.

And while the pace of development in Teams means it’s hard to keep up, Edlund said: “We’re trying to create better notifications to show what has changed and what is new.”


While Microsoft’s compliance team reviews all data requests to ensure they are valid, and there are very limited circumstances – such as nation state threats – where the US government has the right to blind subpoena Microsoft, this has nonetheless been the biggest barrier to law firms moving to Office365.

Safeguards against that include:

Auditors are notified if Microsoft requests access to an encryption key.
Microsoft is not often served with blind subpoenas and if it is, it has form for fighting back.
Microsoft is working on homomorphic encryption, which is a special type of encryption technique.
In the interim you can encrypt data at rest so that it is opaque to the rest of the platform.
If a file is encrypted twice, once with a key that the cloud is aware of and once with a key in the customer data centre, Microsoft has no access. Data is only legible to the customer. This is only intended for the most sensitive of data. Co-authoring and many of the benefits of M365 and Teams break with double key encryption.

Plan of action for Microsoft 365 for Legal

The proposed action plan for firms and Microsoft partners interested in exploring the 365 and Teams legal deployment vision is:

Contact your account team or deployment development manager (Let them know you have interest in Microsoft 365 E3 or E5, or Microsoft 365 for Legal Initiative.)
Engage a “Microsoft 365 for Legal” Briefed Consultant (Microsoft Gold Partners)
Schedule a Microsoft Technology Center Briefing
Pursue Two, Parallel Workstreams with your Account Team (technical validation workstream and business validation workstream.)

The first ILTA/Microsoft webinar is on 17 February at 11am ET and will include a technical demonstration of how the Microsoft 365 Legal Vision works.