The Microsoft 365 Maturity Model is used to evaluate an organization in the context of a set of competencies. Competencies are first baselined with the goal of elevating competency performance up the maturity model levels. Each competency is evaluated on common and specific metrics. As we can see, the competencies range from soft or people-centric, such as People and Communities with metrics of Culture and Process, through to Customization and development with purely hard metrics of No, Low, and Pro Code. 

As Microsoft 365 is a huge ecosystem that can encompass the majority of an organization's processes, the Governance, Risk, Compliance, and Security metric features in over half of the competencies. We could go through each of the competencies' metrics and look at the definitions for each maturity level, but that would take a long time and, dare I say, be quite boring. Instead, I'll go through the competency definitions and look at a couple of them in depth.

Microsoft defines the collaboration competency as "collaboration is all about people working together to reach a common goal. Within Microsoft 365, this means multiple individuals working jointly within the platform, using its capabilities to facilitate their activities."

Communication's definition is much tighter and well-defined than you may have thought. It's the dissemination of useful and pertinent information, typically from a smaller number of people to a larger group. This definition excludes one-to-one communication and focuses on media like SharePoint, Yammer, and Teams groups. The competency includes all aspects of communication from creation, and approval, through to distribution. It can be in the form of blog posts, news articles, and organizational announcements and may include feedback and tracking mechanisms. Aside from the technical aspects of information distribution, audience relevance and messaging consistency are key concepts.

To be honest, there's not a lot of meat or tofu on the People and Communities competency sandwich. Essentially, this relates to communication between staff at similar hierarchical levels but in unrelated business activities. If communication related to a specific business activity is a communication channel, this is cross-channel communication. People and Community is an example of a competency whose application is very dependent on the organization's size.

The search competency is what you probably think it is. The ability to easily find authoritative information using predictable and intuitive search terms. This includes context-based searching related to a user's recent activity. Search results can come from 365 applications or platforms integrated into the Microsoft 365 ecosystem.

Staff and training is another self-explanatory competency, focusing on those that will do the training and product evangelists demonstrating and promoting Microsoft 365 solutions to the business. While installation and setup fall under IT's brief, this may not be the case for staff training. 

Business Process competency focuses on the generic implementation of processes rather than what the business processes are. This includes using standardized methods for handling data and implementing workflows using approved models or templates that comply with governance and regulatory requirements. Data and workflows should only be accessed by users with the appropriate permissions that are defined with roles. There should be automated processes for auditing and reporting. A common example is CRUD, create, read, update, and delete activity logging. Process analytics and optimization fall within this competency's remit.

As you would imagine, the Management of Content competency has a broad and deep scope. It covers the content lifecycle from creation, use, storage, and versioning through to deletion and archiving. All types of content from documents, web pages, emails, contacts, notifications, list items, etc., fall under content management's purview. Content presentation relates to formatting standards such as headings and style, as well as readability and consistency.

This competency isn't so much about the technical aspects of Microsoft 365 development and customization, but rather, what form should customization take, and what are the governance and management considerations of customization. When SharePoint was first released, customization was mainly server-side and was restricted to pro code solutions. Since then, the 365 ecosystem has expanded to include many more products within the 365 stable, with Azure products and functionality that can be easily integrated. 

Many apps, whether 365 or Azure, offer No and Low Code customization to extend functionality. The SharePoint Framework now enables developers to create solutions for Outlook, Microsoft Teams, and obviously, SharePoint. Apart from Low and Pro code customization options, 365 products have matured to the extent that much of which used to require a development solution can now be achieved through configuration.

Governance is a self-imposed framework of standards that ensures a company's activities are conducted in a way that meets both public and private expectations and obligations. This framework is consistent across the organization and is generally technology agnostic, although implementation may vary between teams. 

Risk is generally thought of as relating to regulatory risk, that is, trying not to break the law, but can equally apply to risk evaluation of new business strategies or actions.

In the context of data and software, compliance generally refers to data sovereignty. Multi-national organizations spanning different jurisdictions must comply with a state's latest privacy and protection legislation hosting their data centers.