Microsoft Teams is the hub for teamwork within Microsoft 365. From Meetings, calling, and chat, to content collaboration, apps, and workflows, users are fast becoming accustomed to the productivity Teams provides. Rapid adoption means many are needing to address Microsoft Teams governance retrospectively. Here are your definitive Microsoft Teams governance best practices to help you stay in control and maintain security in your collaboration platform.
Cloud collaboration – climatize quickly to the new status quo
IT Departments are now playing a crucial role in securely facilitating remote collaboration. With unsuspected growth at the turn of the year, Microsoft’s Teams team has seen 20x the meeting minutes, over 270 million monthly active users, and 600% growth in the Teams platform. These numbers are not slowing down. Speaking of collaboration, Microsoft will launch the feature Microsoft Teams Connect which makes it easier to enable and manage collaboration across businesses. Read Microsoft MVP Jasper Oosterveld’s article on how to prepare for Microsoft Connect.
Securing data is one key priority, and managing rapid teams sprawl should become part of your teams governance best practices. The build-up of inactive Teams containing sensitive content must be continuously monitored and cleaned up; in synergy, you must also review external access and guest users periodically, making sure to draw lines under past collaborations in Teams. Teams sprawl is another underlying byproduct that can have admins and platform owners feeling out of control. One way to combat this sprawl is Microsoft Teams lifecycle management.
It’s crucial to bring back control, and Microsoft Teams has enterprise-level security compliance and manageability to help, but you need so much more. First, you must also have a clear understanding of who is responsible when it comes to securing and governing your environment.
Understand accountability when creating a Microsoft Teams governance strategy
Security and compliance are a shared responsibility between your organization and Microsoft. The objective is to classify and detect sensitive data, so you protect IT. Responsibility is divided between Microsoft and organizations accordingly. It is Microsoft’s job to protect the service, in this case, Teams, while organizations must protect data, identities, and devices. Together you work towards increasing your compliance and security position.
In order to protect data, identities, and devices across your organization, you can utilize sensitivity labels in Microsoft Teams – not only to classify documents – but also teams, SharePoint sites and Microsoft 365 groups. Microsoft MVP Jasper Oosterveld published an extensive article laying out the step by step process to manage:
- Privacy (open or private)
- external user permissions (allowed or disabled)
- Link sharing (everyone, new & existing guests, existing guests or disabled)
- Device access (full access, web only or disabled)
Create a shared responsibility model in-house
Information governance has three stakeholder groups:
Business information workers:
- where most of the teamwork happens.
Legal risk, compliance, and governance teams:
- who understand the laws and legislations of the business.
- who control, implement, and configure with the security and retention of information in office 365.
You need to make sure each of these groups buys into your governance approach and understand where responsibility lies. The line of communication needs to be clear.
Do not apply a blanket approach to Microsoft Teams governance
Not all teams are equal in an organization, and you cannot classify all Teams with the same governance approach. However, not doing so is incredibly challenging.
A lot of collaboration happens within departments, and this is where Team sites become more unstructured and harder to track. It’s important that your governance approach mirrors the needs of your users and is flexible enough so users can still reach business goals.
Provide consumable governance
Another reason why governance plans become ineffective is the way they are presented. Traditionally, a governance plan is one large document with many pages. No one wants to read it. Therefore, the governance plan becomes useless.
If you want governance to be effective it needs to be consumable and easily accessible. Remember: the reason we need a governance plan is to be able to achieve our business goals.
Build a resource center
Building a resource center makes it easier to consume your governance plan. Your resource center should be easy to navigate and include learning materials and training resources, which foster training and user adoption.
This approach to governance information architecture and user adoption will serve better than a traditional governance plan because it will be more user friendly, less daunting, and effective at reaching business goals.
Consider 3rd party software to manage cloud sprawl and centralize data
Microsoft is adjusting and creating cloud services that help you successfully navigate the current digital transformation challenges.
Governance must evolve with Microsoft and facilitate administrators and platform owners with a way to navigate their own continuously growing environments and stay in control – a challenge many understand and who are searching for solutions.
Automating arduous manual tasks that are related to governance operations is the next step to keep pace with Microsoft innovations. Let’s look at that in more detail.
Data collection automation
Discovering information to understand your Teams environment quickly is a challenge. Many need a way to create an automatic inventory of unused sites, orphaned resources, and things that violate your governance rules. Having information like this instantly and visualized through dashboards means you can be agile and act quickly to ensure governance and security in your Microsoft Teams environment.
Aggregating and reporting automation
Creating reports is a top priority. Individuals want to give stakeholders a report on the current governance situation, which is easy to decipher.
Replacing this manual process by automatically generating and grouping reports tailored to various stakeholders means you can easily schedule reporting cycles containing the latest reports and dashboards on a daily, weekly, or monthly basis.
Automate fixing and delegating tasks
People want their governance plans to be actionable in the most optimal way. For instance, if there is an inactive site that hasn’t been used in the last sixty days, and you would like permission to delete or archive it, this action must align with existing business processes and be acted upon swiftly.
Automatically identifying and getting in touch with users after critical activity by integrating into Power Automate, Teams, or Email means you can swiftly act and solve governance violations.
If you are looking to scale you governance approach, I recommend looking into Rencore Governance. It provides one central point to manage Microsoft Teams and more.
For further help on implementing Microsoft Teams governance best practices, the following whitepaper is a MUST read: Essential cloud governance planning – Declutter Microsoft 365. It addresses the complex challenges around cloud sprawl and offers a defined process for keeping your tenant and Microsoft Teams clutter-free.