Blog - Rencore

Managing the sprawl of Teams in your Microsoft 365 environment

Written by Jasper Oosterveld | Sep 2, 2021 2:36:02 PM

Since the start of the COVID-19 pandemic, Microsoft Teams has seen a huge increase in its usage. At the start of the pandemic, April 2020, 75 million daily active users were registered[1]. This number exploded to 145 million daily active users in April 2021[2]. At the end of July 2021[3], Microsoft registered 250 million monthly active users. These numbers are not going to slow down. Business users clearly embraced Microsoft Teams for their daily communication & collaboration needs. Without a proper governance strategy, this could lead to a sprawl of teams in your Microsoft 365 environment. In this article, I am going to provide real-world tips & tricks to manage the sprawl of teams. Why should you care about this topic? The following reasons are applicable:

  • Inactive teams can contain sensitive content that needs to be officially archived or deleted. ​
  • Inactive teams take up “space” in your Microsoft 365 tenant. ​
  • A long list of inactive teams increases your maintenance workload. Time you can spend on other tasks.​

We are going to look at the creation process, naming policy, and inactive & obsolete teams.

Creation Process

There are two simple reasons why business users want to create a team in Microsoft Teams:

  • Collaborate with colleagues.
  • Collaborate with colleagues and guests.

That’s it. Plain and simple. To understand and manage the creation process of teams, you need to understand and answer the following questions:

  • Who can create a team in your organization?
  • Where can you create a team?

By doing this you regain and keep control over the sprawl of teams in your Microsoft 365 tenant. But! Before we look at these questions, it is crucial to understand Microsoft 365 Groups.

Microsoft 365 Groups

Microsoft 365 Groups (formerly known as Office 365 Groups) are a group in Azure Active Directory:

Each Microsoft 365 Group contains business users. These have the role of owner or member. Guests, once added, also become part of the Microsoft 365 Group. This mechanism results in a centralized membership. Easier to manage for IT and the owners of a Microsoft 365 group.

Apart from a centralized membership, Microsoft 365 Groups provides seamless integration between multiple Microsoft 365 services with Microsoft Teams in the front and center. The following services are currently connected through a Microsoft 365 Group:

  • Microsoft Teams
  • SharePoint Team Site
  • Exchange
  • Planner
  • Microsoft Stream
  • PowerBI
  • Yammer

The centralized membership and connected Microsoft 365 services are a crucial part of understanding, managing, and preventing a potential sprawl in your Microsoft 365 tenant. The following resource contains more valuable information:

Who can create Teams in your organization?

The following options are available:

  1. All business users
  2. A selection of business users
  3. Microsoft 365 administrators (IT)

There isn’t one correct option for all organizations. You need to review the creation process requirements for your organization. The following paragraph dives deeper into this process. To manage and change the default creation process, you need to follow the instructions of the following Microsoft resource:

Where can you create a Team?

A team can be created in the following manners:

  • Microsoft Teams application
  • Provisioning solution
  • SharePoint Team Site
  • Microsoft 365 administration center​
Microsoft Teams application

Business users use the Microsoft Teams application (Windows, Linux, or in the browser) to create a new team:

There are multiple options for creating a team. The following resource contains more valuable information:

During the creation of a team, a business user can use custom templates. To support your business users with the creation of a team based on specific requirements, Microsoft Teams provides pre-defined templates. There are 13 pre-defined templates available:

Your IT department can show or hide these templates according to your requirements. You can create your own templates. The following options are available:

  • Team name
  • Team description
  • Team visibility (public or private)
  • Team settings & actions
  • Autofavorite channel
  • Installed apps
  • Pinned tabs

The following resource contains more valuable information:

Provisioning solution

To provide a controlled manner of creating teams, whereby governance requirements (for example naming convention) are automatically applied, a provisioning solution is implemented. You can create your own provisioning solution with the PnP provisioning framework. The following resource contains more valuable information:

There are multiple vendors who sell their own provisioning solutions. We advise requesting a demo and trial version before you purchase any licenses.

SharePoint Team Sites

Business users, with the role of owner, can create a team for their SharePoint Team Site by using the link at the left bottom of the start page:

After selecting this option, a link to the team is automatically added to the left navigation menu. We advise to remove the conversations link that leads to the shared inbox of the SharePoint Team Site. You are going to communicate by chat and not e-mail.

Microsoft 365 administration center

The IT department, with a corresponding admin role, creates a new team through the Groups menu in the Microsoft 365 administration center:

Naming Policy

One of the reasons a team sprawl occurs is due to the fact business users create duplicate teams. They aren’t aware a team, they want or need to use, already exists. This can be prevented by applying a naming policy. A naming policy allows you to provide a team with a
pre-defined naming convention. For example:

There are three options to apply a naming policy:

  1. Provisioning solution
  2. Manually by the business users
  3. Azure Active Directory (AAD)
Provisioning Solution

Teams, with a provisioning solution, are created with a smart digital form. This allows you to automatically enforce a naming policy. This policy is often connected to your teams’ templates.

Manually

Your business users apply a naming convention when they create a team through the Microsoft Teams application. We strongly advise applying a link to your naming policy by using the guidelines feature. The following resource contains more valuable information:

Azure Active Directory (AAD)

The AAD naming policy allows you to apply a prefix-suffix and/or block custom words (For example CEO, Payroll, HR).

The prefixes or suffixes can be either fixed strings or user AAD attributes such as [Department] that are substituted based on the user who is creating the team.

The prefixes or suffixes that are then added automatically to enforce a naming convention to your team (for example, in the group name “GRP_JAPAN_My Group_Engineering”, GRP_JAPAN_ is the prefix, and _Engineering is the suffix). The following resource contains more valuable information:

Inactive & obsolete Teams

After using Microsoft Teams for a while, you are faced with inactive and obsolete teams. These are teams no longer being used by any of your business users and served its purpose. For example: the end of a project.

Finding inactive & obsolete Teams

The following options are available for finding inactive & obsolete teams:

  1. Microsoft Teams usage report
  2. PowerShell​
  3. Azure AD expiration policy​
  4. A third-party tool like Rencore Governance
Microsoft Teams usage report

Your IT department can run a usage report from the Microsoft Teams Administration Center:

The report can be downloaded and used for further analyses with Microsoft Excel. The following resource contains more valuable information:

PowerShell

Microsoft Teams is compatible with PowerShell. Thanks to the awesome Microsoft Teams community, a PowerShell script is available to view the activity of Microsoft 365 Groups and Teams. The following resource contains more valuable information:

Azure AD expiration policy

The expiration policy, provided by AAD, contains the following characteristics:

  • A policy to automatically delete an inactive team in Microsoft Teams after a set number of days.​
  • Team owners see a renewal message in the activity section and next to the name of the team.​
  • Team owners have 30 days to respond otherwise the team, and all related content, is soft deleted.​
  • An expiration policy is set for all teams, a selection or none.

The renewal message is clearly visible in your feed and settings of your team in Microsoft Teams:

An automatic activity check is available whereby active teams are flagged and the expiration policy is extended. This prevents owners, of active teams, receiving renewal messages. The following activities result in an automatic renewal:

  • SharePoint: View, edit, download, move, share, or upload files.
  • Outlook: Join group, read/write group message from group space, Like a message (in Outlook Web Access).
  • Microsoft Teams: Visit a Teams channel.

The following resource contains more valuable information:

Rencore Governance

Focusing on the gaps within many operational governance processes, IT departments can centrally control many Microsoft 365 services, including Teams, SharePoint, and Microsoft 365 Groups with Rencore Governance. The tool collects and continuously updated data from all connected services. Administrators can quickly discover, assess, and communicate data, identify deviations from policies and automate fixing.

Wrap up & final recommendations

We hope to have provided you with a clear understanding for managing and controlling the sprawl of teams in your Microsoft Teams tenant. To wrap up this article, here are our final recommendations.

To prevent, especially in the beginning of the roll-out of Microsoft Teams, an uncontrollable sprawl of teams it’s advised to limit the creation of teams to a selection of people. Once all your governance requirements are implemented, and the adoption is up to par, you can move slowly towards a self-service option for all business users. Be aware! A self-service option is also possible with a provisioning solution. These two don’t cancel each other out.

A clear naming policy is highly recommended to prevent a sprawl of teams. Are you using only one template to create teams? The AAD policy should be sufficient. Be aware: You need an Azure AD Premium P1 license. Are you working with multiple templates? A provisioning solution is needed to implement your naming policy.

Last, but not least, you should put a procedure in place to manage your inactive & obsolete teams. The following reasons are applicable:

  • Inactive & obsolete teams can contain sensitive content that needs to be officially archived or deleted.
  • Inactive & obsolete teams take up “space” in your Microsoft 365 tenant.
  • A long list of inactive & obsolete teams increases your maintenance workload. Time you can spend on other tasks.

If you are looking for a comprehensive guide to help you manage Teams sprawl, I recommend reading the Teams governance best practices whitepaper. It’s free and addresses how to face sprawl and other challenges when managing Microsoft Teams.