One way to look at governing Microsoft Teams is to think about the options you have as light switches, you can turn these options on and off to meet your requirements however it is important to understand the benefits and negatives behind each of these decisions.

In this article I will look at 6 options available when looking to govern your Microsoft Teams environment.

Controlling Team Creation Naming Convention Sensitivity Labels (Classify) Guest Access Expiration Policy Retention Policy

Controlling Team Creation

Customers often look at this and say things along the lines of “Everyone having the ability to create a Microsoft Team is great…but I don’t want that, how do I turn that feature off?”

Whether this statement is due to an environment that likes to have complete control over its users or something else – there are few benefits to this. And when it comes to this point, I would strongly advise that you guide your users rather than restrict them.

Benefits

Restricts some users from creating groups anywhere in office 365

Does not prevent users from using groups

Global Admins, Exchange Admins, SharePoint Admins and User Admins can still create Groups.

Guidance

Strongly consider self-service!

Use dynamic membership to configure Security groups members

Document and communicate how to request a group

Revisit who can create groups during your cloud journey

In essence, picture an open road with no guard rails – For an inexperienced driver – this could be a disaster as they can verily easily drive off the road.

What we should be aiming to do is incorporating guard rails with our teams governance.

Naming Convention / Policy

Customers often like to say “we’ve always had a naming convention. We need to maintain that now”

“We need consistency with our naming standards”

“Imagine the names teams will have without a naming convention!”

Naming conventions and policies are a very tricky concept with Office 365 groups as this is a really limited feature and does not provide for much flexibility. In essence – you will need to have your Active Directory ON-POINT when it comes to user fields being consistent across the entire organisation.

I would definitely opt for guidance when it comes to naming conventions rather than trying to enfore a naming convention – I would also consider a custom blocked word list.

Benefits

Applies to all office 365 groups created

Ensure group names follow your organisation schema

Use fixed strings or active directory attributes as prefices and/or suffixes

Helps identify the function, geo, department.

Guidance

Define custom blocked words (note: blocking words such as “sex” would also prevent use of the name Sussex, Essex etc.)

Use short strings as suffix

Use attributes with values

Don’t be too creative, total name length has a maximum of 264 characters

Sensitivity Labels (Classify)

The phrases below are all too common when looking into governance, and the ideal way to approach these is with sensitivity lables for sites, teams and groups.

“We don’t want public teams in our environment”

“There are some teams that should only be accessed from managed devices”

“we want to allow guests in some of our teams but not all of them, is there an easy way to manage this”

Benefits

Consistent experience across teams, groups, sites and office

Simplifies back-end management of Teams(Powershell Scripts)

Policies associated with sensitivity labels to control public/private settings, guest access, and access from unmanaged devices.

Classify and protect sensitive Microsoft Teams.

Guidance

Create new sensitivity labels with same names as your existing classifications

Educate Microsoft team owners on what the labels mean and how to use them

Azure information protection labels and office 365 sensitivity labels are fully compatible with each other.

Guest access

The dilemma surrounding guest access and knowing whoi has access to company data is one that is all too common.

Statements such as the ones below are all too common

“I need to know who has access to our data”

“Open guest acess is not possible”

“I wish we could limit who could be a guest in our tenant”

Benefits

Enabled safe teamwork outside the firewall

Works with any email address

Based on common azure business to business platform

Guidance

ENABLE GUEST ACCESS!!! – Microsoft teams is a collaboration tool – Let them collaborate!

Govern guest access using: Allow/block guest domains Terms of use Access reviews Track guest user activity via audit logs



Expiration Policy

The worries around “we are going to have WAY too many Microsoft Teams out there to control!”

Or the ones that surround “People will forget they have a Microsoft Team and never delete the content” are very common – and probably with a very legitimate reason. We’eve all experienced the users who corrupt their mailboxes because they like to horde or don’t like to use the archive.

However – With office 365 groups – there is the capability for expiration policies that can take care of this!

Benefits

Auto renewal as a result of user activity

Expire groups older than a specific period if no user activity

Group owners get email notification to take renewal action on the group

Can set expiration policy to specific groups

Expired groups can be restored within 40 days

Guidance

Pilot with specific groups initially

Choose inactive groups based on the activity report in Microsoft Admin Center

Onboard your helpdesk Team

Communicate renewal process to group owners

Create a process to identify ownerless groups

Retention Policies

And finally – Retention policies & regulations

The need to maintain data due to regulations is a scenario that almost every organisation out there will need to meet. That is, unless, your “legal department wants all of this data GONE as quickly as possible” This is where Retention policies come into play.

Benefits

Can be used to define a range of days after all content will be deleted or a range of days that content cannot be deleted – or both.

Retention period for teams can be as short as one day

Channel message policies can be applied globally or per team

Chat message policies can be applied globally or per user

Files use retention policies of sharePoint, and one drive for business

Guidance

Understand how retention works! (THEY ARE NOT FOR BACKUPS!)

You should consider retention policies holistically

Double check teams retention set end to end!

I hope that this post can assist you in governing Microsoft Teams for your organisation and many others.

Thanks for reading.

Share this: Twitter

Facebook

