Microsoft, Google, Zoho: The Best Office Suite for IT Pros

By Paul Ferrill Features PCmag

Moving your business to a cloud-served office productivity suite is not something any company undertakes lightly. There are many factors that could motivate such a move, and even elements of your business that will be affected by the decision. Therefore, you should consider all of them before jumping in. Motivators could be anything from key users falling in love with a new feature to a need for new tools to help a more mobile workforce.

Continue Reading Below

Licensing is also often a motivator, with cloud-served office productivity suites seen as an effective cost-reduction step. But an oft-overlooked factor is the effect such a move has on IT professionals. To ignore this can be a mistake, because IT has the job of integrating the new suite with all of your organization's back-end servers and data stores, as well as keeping users on the new suite working securely and reliably no matter where they are.

Managing a large number of users and their office productivity software can be an arduous task, and having that suite served up from a separate organization via the cloud instead of installed and managed locally presents both new advantages and new difficulties. For example, it becomes acutely painful if you need to make a large number of changes (such as removing access to a specific document or file share) that affects a long list of users. Automating those tasks then becomes essential, as does making sure the new suite works well with the automation tools your IT staff would use. That could simply be a scripting engine, such as Microsoft Windows PowerShell, or it could be a corporate directory governed by an identity management (IDM) platform, such as Okta Identity Management.

Backup is another area that should concern every IT pro. With the recent bout of ransomware attacks, backup needs to be a front-and-center issue. Where are your new office productivity suite's documents stored? Is that location safe from not just ransomware but from attacks from other forms of malware, too? If your short answer to the first question is "in the cloud," then the answer to whether or not your data is safe becomes "maybe." If your local documents are synced with cloud storage and your local system gets compromised, then it's quite possible the two will get synced and you'll lose both copies, not just the local one.

Keeping data safe has become a key focus for IT managers. There are many great business-grade cloud backup solutions available to help them, especially Zetta Data Protection, our Editors' Choice winner in that category. Products such as Zetta Data Protection have agents located on your servers and your users' various computing devices that let them manage sophisticated backup operations for all of that local and mobile equipment to the cloud. This includes not just cloud storage repositories managed by the backup vendor but also any other storage targets your IT staff designates, such as a local server or another cloud provider such as Amazon Web Services (AWS). Aside from a basic backup, these tools also implement incremental backups and usually a Point-in-Time (PIT) restore capability. The latter is when the software snaps a backup of a complete device system for a specific timestamp. If properly organized, this means you can effectively have one or more snapshots of your entire environment from before an attack happens. Then all you have to do is find a copy of critical documents that were archived before a ransomware attack or simply roll the whole environment back to a time prior to the infection.

That's just a small glimpse of the issues that broadly deployed software, such as productivity suites, can have on IT operations. So, while our core reviews of top cloud-served productivity suites, including Google G Suite, Microsoft Office 365, and Zoho Office (which comes with Zoho Docs) focus on the features users need, we decided here to look at those same products from an IT pro's point of view. We wondered: Which of these suites does the most for an IT pro tasked with deploying, managing, and securing an office productivity suite for both small to midsize businesses (SMBs) and enterprises?

Continue Reading Below

Google G Suite

Google has slowly grown its office productivity suite over the last several years, with its initial offering intended for individuals or, at best, small teams. In recent years, however, it has made great strides with the offering, which you probably remember as "Google Apps" but which the company recently renamed "G Suite" and updated with a heavier focus on business users. From an IT administrator's perspective, the user interface (UI) is clean and simple. Handling tasks such as password resets and group administration requires a minimal number of clicks. Easy integration with other Google services, such as Google Drive, makes the manipulation and sharing of information a snap. Users can also save attachments to Google Team Drives, which are similar to the Team Sites feature found in Microsoft SharePoint. Google Team Drives allow for easy, controlled access to documents by a group rather than just by an individual.

Google G Suite's Basic offering costs $5 per month per user. It comes with Gmail for business, voice and video conferencing, and smart shared calendars, documents, spreadsheets and presentations. It also comes with 30 GB of cloud storage. The Business offering costs $10 per month and adds a number of other capabilities, including archive and retention policies for email and chat, eDiscovery for emails, chats, and files; up to 1 TB of storage, and auditing reports. The Enterprise offering adds data loss prevention for Gmail and Google Drive, third-party archiving integration, and enhanced security, plus log analysis using BigQuery.

You can implement some automation via the Google application programming interface (API) by using any number of different programming languages, though this means you'll need some programming or DevOps talent on your IT staff. You must use the Admin software development kit (SDK) for all automation work, which is available on Google's website. But, again, this requires actual programming skills in order to use. Google provides documentation and tutorials with sample code to help get you started and you'll also find quite a few YouTube videos on the subject, but this isn't a task that programming neophytes will find simple. As an alternative, the Business offering also provides access to Google App Maker, Google's low-code development plaform for building business apps through a visual drag-and-drop and form-based interface that requires no coding for basic app creation.

Notifications provide a way to alert an IT admin when an event needing attention occurs. Google uses an on/off switch to enable or disable alerts from a list of possible events. While the list is somewhat limited, it does cover most of the events that would be of interest to an IT admin, including security issues and service alerts for apps outages.

On the security front, because a corporate Google G Suite account comes with email, effectively managing users becomes a basic directory, especially for small and midsize businesses (SMBs) that may not need the deeper functionality offered by a full-scale IDM platform. Even so, Google supports some fairly sophisticated features here, including two-factor authentication (2FA) at the account level. IT admins can require 2FA consisting of a password plus a verification code. At the Enterprise subscription level, an IT admin can choose to allow only security keys that require a physical device, such as a USB dongle or a smartphone. This eliminates the need for a special code and adds the extra layer of requiring a physical device. IT admins can allow integration with external authentication services, such as Microsoft Active Directory (AD) or Microsoft Azure Active Directory (Microsoft Azure AD) and other sources compatible with the Security Assertion Markup Language (SAML). Google also employs 128-bit or stronger AES encryption for all data at rest. Data in transit utilizes HyperText Transfer Protocol Secure (HTTPS) and forward secrecy (FS). The latter is a technique meant to secure communication channels by blocking attempts to retroactively decrypt older HTTPS sessions.

Google offers both canned reports that you can run anytime from the admin dashboard as well as a report API that will let you create your own custom reports. Canned reports include Activity, App Usage, Security, and a number of Audit reports. The Audit reports provide detailed information on things such as account and group creation, user login activity, file creation and deletion, and an email search. Each of these Audit reports have a filtering capability to reduce the amount of information returned. Event names are specific to each type of audit but provide a way to quickly see things such as failed logins.

As mentioned earlier, Google offers Team Drive, which acts as a file repository for a set group of users intended for fast file sharing and collaboration. Administrative functions include managing membership, controlling permissions for things such as file migration and link sharing, and transferring ownership from one user to another. The IT admin also has very granular controls over how files are shared by team members. Global defaults are set on the "Settings for Drive and Docs" page.

Microsoft Office 365

Microsoft has always architected with businesses in mind, and that experience shows in Office 365. The platform's Admin Center is the primary entry point for all administration tasks in Office 365. The dashboard home page presents common activities such as Add, Delete, Edit a User, Manage Billing, and more on individual panels called Cards. These Cards can be deleted or rearranged to suit your needs, which makes it easy to create a custom page that displays just the information an IT pro needs to monitor current status, manage users, or manage corporate account settings.

Microsoft offers an Office 365 Admin mobile app for Android, iOS, and Windows Phone. This handy utility lets you accomplish the majority of typical IT admin functions right from your phone. For added security, the mobile app provides a login PIN to prevent any unauthorized actions should you lose your phone. While you can reach the IT admin pages for both Google G Suite and Zoho Office from your mobile browser, Office 365 is currently the only one of the three with a dedicated mobile app. And, of course, it also has user-facing versions of its core apps available for Android, iOS, and Windows Phone.

Microsoft introduced Windows PowerShell back in 2003 under the codename "Monad." Since then, the company has heavily invested in extending this new scripting and automation engine, which has resulted in PowerShell Core and Office 365 PowerShell. This extension to PowerShell provides a number of tools to manage user accounts and licenses. Microsoft offers an Office 365 Admin center for managing the primary features and configuration points needed by an IT admin; however, an important thing to note is that some features can only be managed through PowerShell. This means that some familiarity with scripting will be required to keep Office 365 optimally running.

However, IT shops that use Microsoft products on either the front end or back end can find significant benefits from investing in some PowerShell knowledge. For example, performing bulk operations on a large number of users is much easier using PowerShell. PowerShell also shines when you need to filter data or perform operations such as calculating the number of items in all Microsoft SharePoint Online lists that are under your control. And, if you're managing Office 365 in the cloud with other Microsoft products on-premises or elsewhere in the cloud, tying them together can be much easier using PowerShell, too.

For IT pros who want to develop their Office 365 skills, Microsoft offers a special Microsoft Certified Solutions Associate (MCSA) certification for Office 365. This certification requires you to pass two exams including Exam 70-346: Managing Office 365 Identities and Requirements and Exam 70-347: Enabling Office 365 Services. Microsoft offers two video exam prep sessions on their Channel 9 developer network website that you can view to prepare for this exam. These learning resources not only prepare you for the exam, they also impart useful knowledge for folks burdened with administering Office 365 to a large number of users, including tasks such as securing data, managing users, and Office 365 PowerShell.

Creating new Office 365 accounts can also be accomplished with PowerShell. By using the PowerShell New-MsolUser cmdlet (which stands for "command-let"), it's possible to read a list of names from a comma-separated values (CSV) file and then automatically create that user, including not just permission to Office 365 but also to an Outlook email account and an AD entry subject to default or custom group policy settings. To help with that, Office 365 is deeply tied to Microsoft Azure AD, which can be linked to an on-premises AD domain. This integration provides seamless user authentication between local computers, resources, and Office 365. With AD being the de facto industry standard for computer authentication, it makes adopting Office 365 that much easier, especially for organizations that already use it on-premises.

Office 365 supports multiple methods for 2FA, including call or text to a mobile phone, call to an office phone, or by using a special notification app available for Android, iOS, and Windows Phone devices. Settings for multi-factor authentication (MFA) may be assigned on an individual user basis. Monitoring the status of enabling this setting happens on the Users screen of the Office 365 Admin center. The Active Users view will show Disabled, Enabled, or Enforced for each user. Enabled means the user has been enrolled in MFA but has not yet completed the registration process. For additional security, Microsoft uses a number of different encryption layers to protect your data. Each account admin gets access to the Service Trust Preview portal, which provides details on Microsoft's full security strategy.

Microsoft offers a range of pricing plans for Office 365, starting at $8.25 per user for small businesses and $20 per user per month for the Enterprise E3 subscription. From an IT pro's perspective, there's no preferred pricing tier for managing Office 365; management tools are the same at all pricing levels. The higher-end features, such as data loss prevention, compliance help, and advanced threat protection, all require an E3 license, which costs $35 per user per month. As with Google's low-code tool, Office 365 also comes with access to Microsoft PowerApps for building apps without the need for any coding expertise.

Finally, Office 365 also makes it easier for IT pros to combine the basic office productivity suite with more advanced tools to give their users more capabilities because it easily integrates with many of Microsoft's other business platforms. These platforms include the new Dynamics 365 accounting and customer relationship management (CRM) platform, the Microsoft Power BI business intelligence (BI) app, and the aforementioned Microsoft SharePoint Online platform, to name a few. Zoho also offers this kind of integration with its lengthy list of apps, but Microsoft's suite offers a feature depth and enterprise design that's still unrivaled.

Zoho Office

Zoho Office comes as part of a Zoho Docs subscription, with the latter being Zoho's cloud storage, collaboration, and file sharing platform. It provides a similar set of apps and file storage to that of both Google G Suite and Office 365. An entry-level offering is free for up to 25 users and provides 1 GB of online storage plus online administration controls. Paid tiers increase the per-user storage to 100 GB for $5 per month and 1 TB for $8 per month. You must be on the Premium tier to take advantage of all features, including AD and SAML integration. The Premium tier is also required for the high-end data governance features, including tracking of all documents created using the product.

Adding users to Zoho Office requires a signup process, which is initiated from an email. A list of users to invite can be input from a CSV file that lists all user email addresses. The same function can be accomplished programmatically by using the Zoho Mail API. In Google's G Suite, for example, if you need to change the department name for a whole group of users, then you would do it through Google's API by writing a short program that reads the list of users from a file (typically a CSV file) and then calls the API function required to add those users to the new department group. In Zoho, that's simply the Zoho Mail API. This sounds complex, but with a little programming experience, it's not that difficult to do. Still, it's more complicated than performing the same task using Microsoft AD, for which this would be mostly a wizard-based operation. Zoho Office uses a Representational State Transfer (REST)-based API for all external interaction, so you can use any scripting language you wish to automate tasks and also integrate (at least at a high level) with a large number of other Software-as-a-Service (SaaS) apps that have also standardized on REST.

From an automation perspective, API functionality for Zoho Office is a bit different from the other two products. All of Zoho's apps are integrated by default. To programmatically manipulate users, you need to access the Zoho Mail API. The list of available functions is quite extensive, including the ability to change a user's 2FA status. The Accounts API adds additional functions, including the ability to change Email forwarding rules and vacation auto-reply messages.

Zoho Office supports encryption in transit when syncing files between a user's device and the cloud. The underlying technology includes an RSA-based, 2048-bit unique key generated through Perfect Forward Secrecy (PFS) along with the Transport Layer Security (TLS) protocol. Data is protected in multiple locations to prevent data loss. Plus, 2FA can be enabled for users as an initial verification step.

Zoho Office comes as a mobile app for both Android and iOS. The company does not offer a mobile IT admin app but you can access the full website from any browser. While most administration tasks can be done from a mobile browser, a larger screen does make the process easier.

Overall, Zoho's strength seems to be less in the advanced features offered in Zoho Office than in the sheer number of other products Zoho has in its portfolio, which all integrate fairly easily with the productivity suite. These products are varied, including those for accounting, BI, CRM, point-of-sale (POS), and many others, including the company's low-code Zoho Creator platform to rival the visual app creation capabilities of G Suite and Office 365. This means IT pros can create a fairly targeted toolset for many different kinds of businesses simply by selecting the right combination of software. The downside is, these tools aren't as customizable from an automation, UI, and workflow standpoint as those in Microsoft's portfolio. On the other hand, they're nicely priced and put Zoho a step ahead of Google as the latter simply doesn't offer most of these other tools (with the exception of BI and data analytics).

Bottom Line

Office 365 is our top choice from an IT pro's perspective. Because it's built on an IT-oriented software and user management platform in the form of AD, Office 365 simply has more IT tools for IT pros to leverage than the other players. Microsoft adds to that with a wealth of additional tools and resources, like those in the Trust Center and the Office TechCenter, on top of offering a rich source of cloud infrastructure and management tools in Microsoft Azure that essentially enable "snap-in" integration with Office 365.

While Google and Zoho offer some of this functionality, they don't quite match up point for point, though Google comes close with the management and infrastructure tools it offers via the Google Cloud. However, when you consider that Office 365 can be easily extended with cloud versions of Microsoft's most popular back-end server products, such as Dynamics 365, Exchange Online, and Microsoft SharePoint Online, Google becomes the weaker player, with only Zoho having a competitive software portfolio (though its products are more SMB-focused whereas Microsoft aims squarely at the enterprise).

Overall, Google G Suite is making strides and will appeal to those looking for a Microsoft alternative. While it doesn't quite match up in its authentication or automation features, it does bring the simplicity of Gmail to accomplishing IT admin tasks. Zoho Office is the least expensive of all three, and does offer some interesting features such as 1 TB of storage per month for $8. On the downside, the administration and reporting tools were somewhat lacking. Automation can be accomplished but not at the same level of functionality found in the other two products.

This article originally appeared on PCMag.com.