An Introduction to the MOF Operate Phase

The guidance in Microsoft Operations Framework (MOF) encompasses all of the activities and processes involved in managing an IT service. It’s conception, development, operation, maintenance, and ultimately its retirement. MOF organises these activities and processes into Service Management Functions (SMFs), which are grouped together in phases that mirror the IT service lifecycle. Each SMF is anchored within a lifecycle phase and contains a unique set of goals and outcomes supporting the objectives of that phase. An IT service’s readiness to move from one phase to the next is confirmed by management reviews, which ensure that goals are being achieved in an appropriate fashion and that IT’s goals are aligned with the goals of the organisation.

MOF begins with the Plan phase and our previous blog articles in this series explain the role of the Microsoft Operations Framework (MOF), service management functions (SMF’s) and introduce the Planning SMF which is the first step in implementing MOF within your business. If the topics introduced below don’t make sense or perhaps you feel they’re missing context then please refer to the following articles for background context and explanation.

Blog Article 1: What’s your ITIL IQ™? Meet MOF

Blog Article 2: Plan for Success

Blog Article 3: MOF Deliver Phase

Overview of the Operate Phase

The Operate Phase of the IT service lifecycle represents the culmination of the two phases that precede it. While the Plan Phase focuses on how to determine the business’s needs for IT services, and the Deliver Phase focuses on how to design, plan, build, and deploy those services, the Operate Phase focuses on what to do after the services are in place.

It is, in effect, the steady state for the environment in which IT services exist. Think of what it takes to effectively operate and maintain a car. There are proper ways to start the car, to drive it forward, to reverse it, and to stop it. There are devices that monitor the health of the car’s engine and its supporting systems, a temperature indicator, an oil pressure indicator, a fuel indicator, a tachometer, a speedometer, and an odometer. There are proactive procedures, such as oil changes, that help maintain the vehicle’s health. And finally, there are garages, with mechanics and body workers, to repair the vehicle when something is wrong with it.

In much the same way, the key activities of the Operate Phase help operate and maintain IT services. The Operate Phase contains the following service management functions (SMFs): Operations, Service Monitoring and Control, Customer Service, and Problem Management. For more information on these SMFs, see “Service Management Functions Within the Operate Phase” in this article.

The best practices described in these SMFs help IT professionals:

  • Manage each service proactively and effectively.
  • Monitor the health of each service proactively and continuously.
  • Restore a service to health when things go wrong with it.

This phase is characterised mostly by dedicated teams, which are teams that exists for ongoing work, with no specific end time in mind. The role types on those teams fall into two accountabilities: the Operations Accountability and the Support Accountability. The accountable role type for the Operations Accountability is the Operations Manager. The accountable role type for the Support Accountability is the Customer Service Manager.

More information about the two accountabilities and all of their role types can be found in the “Team SMF Focuses” section. More information about the team role types is also contained in each of the SMF documents for the phase, as well as in the Team SMF, which is part of the foundational Manage Layer of the IT service lifecycle.

The Operate Phase begins after a new service has been deployed in the Deliver Phase. The end of that phase is tied to the Release Readiness Management Review (MR), which occurs between Stabilise and Deploy. This review, and the post implementation review that occurs after deployment is complete, acts as a bridge between the Deliver Phase and the Operate Phase, ensuring the readiness of the release for deployment, including the operability and supportability of the release and the readiness of the target production environment to support and operate the deployed release.

In turn, the Operate Phase is supported by a management review, the Operational Health Review (OHR), which includes a review of service level agreements (SLAs) and operating level agreements (OLAs). The Operational Health Review should be scheduled on a regular basis to ensure that operations in the production environment are continuously monitored and measured against previously set indicators. This review evaluates performance related metrics, as well as other business and operational indicators that help measure the overall health of the production computing environment.

These activities, the four SMFs and the Operational Health Review, form the core of the Operate Phase. Figure 1 illustrates the position of this phase within the lifecycle.


Goals of the Operate Phase

The primary goals of the Operate Phase are to ensure that deployed services are operated, monitored, and supported in line with the agreed to SLA targets.  Specifically, that means:

  • Ensuring that IT services are available by improving IT staff use and better managing workload.
  • Ensuring that IT services are monitored to provide real-time observation of health conditions and by ensuring that team members are trained to handle any problems efficiently and quickly.
  • Ensuring that IT services are restored quickly and effectively.

Meeting these goals requires:

  • Alignment with the service management functions (SMFs) for this phase.
  • Using periodic management reviews (MRs) to evaluate the effectiveness of the phase.
Service Management Functions (SMFs) Within the Operate Phase

To help IT professionals effectively plan and optimize an IT strategy, MOF offers service management functions (SMFs) that define the processes, people, and activities required to align IT services to the requirements of the business. SMFs identify and describe the primary activities that IT professionals perform within the various phases of the IT service lifecycle. Although each SMF can be thought of and used as a stand-alone set of processes, it is when they are combined that they most effectively ensure that service delivery is complete and at the desired quality and risk levels.

The following table identifies the SMFs that support the achievement of these objectives within the Operate Phase.

Table 1. Operate Phase SMFs

SMF Deliverable/Purpose Outcomes

Deliverable: Operations guide


Ensure that the work required to successfully operate IT services has been identified and described

Free up time for the operations staff by reducing reactive work

Minimise service disruptions and downtime

Execute recurring IT operations work effectively and efficiently

Improved efficiency of IT staff

Increased IT service availability

Improved operations of new/changed IT services

Reduction of reactive work

Service Monitoring and Control

Deliverable: IT health monitoring data


Observe the health of IT services

Initiate remedial actions to minimise the impact of service incidents and system events

Improved overall availability of services

Reduced number of SLA and OLA breaches

Improved understanding of the infrastructure components responsible for delivery of the service

Improvement in user satisfaction with the service

Quicker and more effective responses to service incidents

Customer Service

Deliverable: Effective user service


Provide a positive experience to the users of a service provider

Address complaints or issues

Maintained levels of business productivity

Increased value added by IT

Improved business functionality, competitiveness, and efficiency

Problem Management

Deliverable: Effective problem resolution process


Provide root cause analysis to find problems

Predict future problems

Reduced number of unassigned problems, and increased number of problems assigned to an owner

Reduced number of incidents and problems that occur, and lessened impact of those that do occur

Increased number of workarounds and permanent solutions to identified problems

More problems resolved earlier or avoided entirely

The SMFs in this phase do not have to be used sequentially, but they do possess a natural order:

  • Operations occurs first because it focuses on how to determine what the daily, weekly, monthly, and as-needed tasks are for properly maintaining a deployed IT service. Operations also describes how to carry out those tasks.
  • Service Monitoring and Control occurs next because its focus is on the health of the deployed IT services. This SMF proactively looks for evidence of things not operating according to expectations.
  • Customer Service focuses on fixing those things that go wrong either by an automatic request to fix a problem identified through Service Monitoring and Control or through an end-user request. It also focuses on providing new and existing services.
  • Finally, Problem Management focuses on reducing the occurrence of failures with IT services.
Management Review for the Phase

Management is responsible for establishing goals, evaluating progress, and ensuring results. In part, governance consists of the decision making processes (controls) that help management fulfill this responsibility. Each phase of the IT service lifecycle has one or more management reviews (MRs) that function as management controls. This means that the right people are brought together, at the right time, with the right information to make management decisions. Every phase has different management objectives, so each phase has uniquely focused MRs with appropriate stakeholders, required decisions, and the type of data needed to make well informed and fully weighed decisions.

The MR for the Operate Phase is a periodic review that is key to the effective maintenance, monitoring, and support of IT services. That review, the Operational Health Review, provides a structure for reviewing and analysing results and taking action to improve performance. It takes place at the end of the Operate Phase and is primarily concerned with assessing the effectiveness of an organisation’s internal operating processes. It is intended to be scheduled on a regular basis, but may be called into session on an emergency basis. The goal is to ensure that operations in the production environment are continuously monitored and measured against previously set indicators.

These indicators consist primarily of performance measurements that have been formally documented in operating level agreements (OLAs), service level agreements (SLAs), or contracts that Service Level Management helps formulate. The OHR is not limited to review of only OLA/SLA-related metrics, however. It should also evaluate other business and operational indicators that will assist senior management in measuring the overall health of the production computing environment.

Items to evaluate:

  • IT staff performance
  • Operational efficiency
  • Personnel skills and competencies
  • OLA defined targets and metrics
  • SLA defined targets and metrics
  • Contractual targets and metrics
  • Customer satisfaction
  • Costs

The key stakeholders and decision makers who participate in the OHR meeting include:

  • The IT operations management team.
  • The service managers responsible for the services being delivered.
  • Managers from platform or technology-specific teams (such as network administration, messaging, data lifecycle management).
  • Event monitoring team (also known as bridge or command center).
  • Storage management, backup, and recovery team.
  • Security administration team.
  • Delivery representation (development, test).
  • Customer representation.
  • User representation.
  • Partner representation.

Table 2. Components of the Operational Health Management Review

Inputs Analyses Decisions Outputs

OLA and SLA documents

OLA and SLA performance reports

Operational guides and solution specifications

Action items, accountabilities, and minutes from previous OHRs

Customer satisfaction information

Financial performance information

Risk management and current issues

Basic human resources metrics and organisational health indicators

Operations process maturity metrics

Ongoing or emerging issues reflected in review of action items and previous minutes

Identify OLA or SLA performance that is outside of established tolerance levels

Trends in customer satisfaction

Financial performance overall and in specific categories

Changes in risk assessments, tolerance boundaries, compliance violations

Organisational health trends

Operational maturity compared to desired state

Upcoming changes that may impact operations

Immediate service improvement actions

Request for change to:



Technical change

Procedural change

Resource change

Identify process or procedural changes

Need for resources or training

Need for funding changes

Minutes of this MR and associated actions and accountabilities

Requests for changes to services

Requests for changes to infrastructure and configuration

Request for changes to procedures

Requests for changes to documentation

Requests for changes to contracts or agreements

Requests for formal service improvement plans

Requests for resources with desired capabilities  or for training

Requests to modify funding

 Integrating the Operate Phase with Manage Layer SMFs

The Manage Layer is the foundation of the IT service lifecycle. This layer is not a separate segment; rather, the activities of the Manage Layer are integrated with all other phases of the MOF lifecycle. The following SMFs support the primary activities of the Manage Layer:

  • Governance, Risk, and Compliance (GRC)
  • Change and Configuration
  • Team

These Manage Layer SMFs are important elements in all other IT lifecycle phases. Most of the SMFs in the other phases discuss specific and distinctly different processes. However, the Change and Configuration and GRC SMFs have the goal of ensuring effective, efficient, and compliant IT services. To that end they contain guidance that addresses the unique nature of each phase’s objectives.

Because the Operate Phase is primarily concerned with the daily running and service delivery tasks of IT, the GRC focus for the phase is on capturing information from processes and applications and demonstrating compliance to policy and regulations. Change management is applied to minimise unplanned changes, preserve service performance and availability, and smoothly introduce standard changes.

Table 3. Manage Layer SMF Focus

Objective GRC Focus Change and Configuration Focus Team Focus
Ensure that deployed services are operated, maintained, and supported in line with the service level agreement (SLA) targets agreed to between the business and IT

Procedures and controls operating

Recording and documentation

Policy compliance

IT environment and configuration

Process and procedure

Standard change

Principles for organising operations work

Principles for organising monitoring work

Principles for organising support work

Team SMF Focuses

There are two Team SMF accountabilities in the Operate Phase of the IT service lifecycle. They are the Operations Accountability and the Support Accountability.

Operations Accountability

The Operations Accountability includes role types that are important to two SMFs in the Operate Phase: Operations Management and Service Monitoring and Control. The Operations Management SMF focuses on ensuring effective and efficient day to day IT operations. The Service Monitoring and Control SMF focuses on the real time observation of and alerting about health conditions (characteristics that indicate success or failure) in an IT environment.

The following table lists the role types associated with the Operations Accountability, as well as the responsibilities and goals for each role type.

Table 4. Operations Accountability and Its Attendant Role Types

Role Type Responsibilities Goals
Operator Executes tasks with predictable results based on instructions Predictable results
Administrator Execute tasks that are not well defined, requiring a deeper level of knowledge Ensure predictable results
Technology Area Manager

Short term performance of components in a technology area

Owns the work instructions

Ensures that operational requirements are met for the technology area

Stable operations of technology

Maximise structured work to hand off to operator and admin or automated (where possible)

Monitoring Manager

Responsible for SMC SMF tasks

Ensures right systems are monitored

Facilitates effective monitoring mechanism

Expert on how to monitor, not what to monitor

Ensure that needed monitoring information is generated
Scheduling Manager

Plans schedule of individual activities within operations

Owns timing decisions

Plans operational work, including maintenance

Makes sure operational work has been scheduled

Avoid conflicting work
Operations Manager Accountable for Operations SMF and Service Monitoring and Control Ensure predictable, repeatable, and automated day to day system management
Support Accountability

The Support Accountability includes role types that are important to two SMFs in the Operate Phase: Customer Service and Problem Management. The Customer Service SMF focuses on providing a positive experience for users by meeting their IT needs and addressing complaints and issues that arise during the normal course of using an IT service. The Problem Management SMF focuses on resolving complex problems that may be beyond the scope of Incident Resolution requests.

The following table lists the role types associated with the Support Accountability, as well as the responsibilities and goals for each role type.

Table 5. Support Accountability and Its Attendant Role Types

Role Type Responsibilities Goals
Customer Service Representative

Handles calls

First contact with user

Registers call, categorises, determines supportability, dispatches call

Help the customer
Incident Resolver




Fix incidents
Incident Coordinator

Responsible for incident from beginning to end

Owns quality control

Solve incident as quickly as possible
Problem Analyst Investigates and diagnoses Find underlying root causes of the incidents
Problem Manager Identifies problems from the incident list Prevent future incidents
Customer Service Manager

Accountable for goals of support

Covers incidents and problems

Effectively and efficiently decrease incidents and incident solution time

Increase effectiveness of resolutions and reduce costs

Objectives, Risks, and Controls

Governance provides the principles, structures, and decision rights needed to carry out an organization’s key objectives and priorities in the context of the requirements and risks of the organisation. Governance is defined in the Manage Layer, but it is integrated throughout all of the phases.

Management reviews introduce the appropriate level of governance, risk, compliance, and change management to Operate Phase activities. Every company will need to evaluate laws and regulations to determine their own policies and thus their own compliance controls. However, the MRs still provide management controls, and compliance can be evaluated at these points of the lifecycle.

The following table provides examples of how management objectives for this phase can be related to risk and then to controls that help manage those risks. By clearly linking objectives, risks, and controls an IT organisation will be more effective and compliant and will more efficiently gather and maintain documented evidence of their control environment and risk management.

Table 6. Operate Phase Objectives, Risks, and Controls

Objective Risk Control
Ensure that each deployed IT service is operated to the level agreed to in its operating level agreements (OLAs) and SLAs IT services fail to meet OLA or SLA obligations Operational Health MR
Ensure that each deployed IT service is supported to the level agreed to in its SLA, and restored to health when it fails Inadequate support results in poor customer experience Operational Health MR

This article provides a broad overview of the MOF Operate Phase and its related SMFs, management reviews, and controls. The next step in putting MOF into practice is to consider your organisation’s needs, and then read and use the relevant SMFs. Their step by step guidance will be of value to IT organisations whose goal is reliable, efficient, and compelling IT services.

Operate Phase SMFs
  • Operations
  • Service Monitoring and Control
  • Customer Service
  • Problem Management
How do I implement MOF?

At First Solution, we’re experts in MOF and have even developed a unique ITIL IQ™ process that benchmarks a businesses current state, identifies their desired state and provides an action plan (called a Service Delivery Plan) that helps organisations of all sizes achieve their desired business outcomes. Most importantly, our unique ITIL IQ™ process begins with a Proactive Services Maturity Review (PSMR) which identifies a score (out of 100) that clearly communicates the current state of your businesses IT operational maturity. Armed with your ITIL IQ ITIL IQ™ score, a finance or procurement professional can concisely present to the board the businesses current state, desired state, and ITIL IQ™ score with an action plan to improve the ITIL IQ score and thereby ensure that IT’s goals are aligned with the goals of the business and that both are progressing together.

How can I work out my ITIL IQ™?

Simply get in touch to arrange a free Proactive Services Maturity Review and one of our MOF experts will conduct an interview with the person responsible for the IT function (and other senior business decision makers) within your business and provide an ITIL IQ™ score with which you can measure the performance of your IT function. Once you know your ITIL IQ™ score we can provide a Service Delivery Plan to help you improve it each month and measure and report progress back to you during a Monthly Service Review. And there we have it, an ITIL based solution to simply identify and measure the performance of your IT function. Are you ready to operate reliable, efficient, and compelling IT services?


The Microsoft Operations Framework 4.0 is provided with permission from Microsoft Corporation. 

Leave a reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.