Review of How to Ensure Operational Governance for Microsoft Teams Session from Microsoft Ignite 2018
Microsoft Ignite was held September 24-28 in Orlando, Florida with more than 1600 sessions on all that Microsoft has to offer. This session, by Dux Raymond Sy, covered guidelines for proper governance of Microsoft Teams. Dux makes basic recommendations but cautions listeners that Azure Active Directory P1 is a requirement for some of the features he highlights.
Overall, it was an informative session. Dux does a great job explaining the relationship between Microsoft Teams and Office 365 Groups; and breaking down governance into 3 manageable areas: provisioning, operations and information cycle.
From a governance standpoint, it is critical to understand the relationship between Microsoft Teams and Office 365 Groups, and what is happening behind the scenes when a Microsoft Team is created. When a user creates a Microsoft Team, an Office 365 Group is also created. This Office 365 Group, by default, creates an Outlook distribution list, a SharePoint Site Collection, a shared Calendar, Planner and OneNote notebook for the group members. With so many interconnected pieces, there are lots of ways that things can get out of hand really quickly. To keep things as controlled as possible, it is important to implement governance policies. As stated earlier, Dux identified 3 areas of focus: provisioning, operations and information cycle.
Provisioning refers to how teams are requested, approved and created. In the beginning of your Teams rollout, Dux recommends limiting who can create an Office 365 group to ensure that Teams are created appropriately. Using PowerShell, Administrators can set parameters for who will have permissions to do so. The other big consideration is naming policies. You may want to set up custom prefixes or suffixes or block certain words/phrases (i.e. HR, IT, CEO) from being used at all in Team names.
Operations refers to how information, access and containers are managed. There are several reports available in the Admin Center to allow Administrators to monitor/manage usage, quotas, compliance with policies, etc. A great new feature that is now available in the Azure Active Directory Admin Center is the ability to set Dynamic Membership of Office 365 groups. Make sure your AAD is clean and current if you plan to use this feature!
Information Cycle refers to how to retain/expire/dispose of information as appropriate. You may have retention policies based on HIPAA, Financial laws or GDPR that specify how long information must be kept, when it should be disposed of, etc. Think about this when deciding on how Teams will be used in your organization. On the other hand, you also want to be sure that information isn’t just left hanging around long after it is necessary. To prevent this, there is the ability to set an expiration policy in the Azure Active Directory Admin Center. There is also ‘soft delete’, which allows deleted items to be recovered for 14-90 days after deletion for those times when a user either deletes something by mistake or because they aren’t fully aware of the item’s importance.
As Dux stated in his session, governance is sometimes looked at as a bad word, but really governance is a good thing. It is important to think about provisioning, operations and information cycle; and create policies that will prevent sprawl, duplication, permissions issues, legal issues, etc. I recommend listening to Dux’s session. While he does a general overview of the topic, there are lots of good kernels of information, and it definitely leaves you with lots of food for thought.