Governance in the Age of Teams

With the launch of any new application in an organization, certain considerations must be made in order to achieve a smooth deployment. For IT, this means having a thorough understanding of the governance that’s required to effectively manage Microsoft Teams while keeping the company secure and productive.

Join our webinar on May 2 to learn the best ways to manage data, user access and security features in Microsoft Teams.

Simplify Teams with naming conventions

Establishing a consistent naming convention for new Teams will give structure to those that are created as you deploy Teams, as well as reduce duplicates going forward. For example, you may have an internal IT help desk to support end users and an external help desk for customers. Creating a naming convention that easily differentiates between internal and external Teams makes it easy for both end users and IT to know which is the right one to join.

While it may seem scary to allow end users to create Teams, you may find the benefits outweigh the risks. Rather than clogging up your ticket queue with requests for new Teams, you can allow end users to create their own Teams within the framework and naming convention you’ve established. When you go through an audit of your Teams, you can then quickly identify which person is responsible for the Team and you know who to reach out to in order to find out whether it’s still necessary, being used, or can be deleted.

Be sure to note that a Group no longer needs to have a single owner. This means that over time, as users leave or move within the organization, ownership can be delegated and changed by other managers. So, the days of having Groups (or distribution lists, shared mailboxes, public folders, and SharePoint sites that are years old and contain no owners or members) is a thing of the past!

eDiscovery and Microsoft Teams

Since data in Microsoft Teams either lives within SharePoint Online or Exchange Online, you can easily go into the Office 365 Security & Compliance Center and set a hold based upon the SharePoint site or the Group mailbox. Using eDiscovery, you can identify, hold and export content found in these locations. A hold retains all of the data as well as revision history, so from a compliance standpoint it’s extremely helpful to have this access.

There’s a setting in the Office 365 Security & Compliance Center that’s not on by default, but should be if your organization’s retention policies allow for it. Audit logging is a specific, extremely helpful setting that informs you as to who created a group, who added a member, who added a connector or deleted a channel. It even provides data about who’s accessed or logged into a Team. Audit logging exists for all of Office 365 and is not retroactive, so be sure to set it up immediately if it’s something that would benefit your IT department.

Pro Tip!

At the time of publishing, Microsoft only supports a maximum age of 90 days for retrieving log files for user and admin activity.  So, be sure to plan around this, whether that means exporting this data more frequently or integrating into another system such as an ITSM platform.

Managing requests for guest access

Believe it or not, while it may seem risky to allow users to extend Teams access to guests, there are many benefits to your IT team when enabling this functionality.
  • You now have visibility into what guests do within your Teams environment
  • IT no longer has to manage complicated processes in order for end users to share files with guests (such as auditors, even)
  • It enables more productive work through tabbed and filed conversations, which are stored on the internal system, not just in email or in third-party applications
  • It can have cost-savings potential since you might be able to eliminate costly third-party collaboration tools
  • You’ll have simplified eDiscovery processes since you no longer have multiple external sources to manage
  • You’ll reduce the potential for shadow IT when users are provided with an easy-to-adopt application
However, it’s imperative to be aware of the level of access guests have, evaluate what’s appropriate for the particular use case and guest, and to not allow more access than is necessary. Your IT team should know that there are ways to easily grant and revoke guest access, that they can run reports on which guests have access to which systems, and how these guests appear in the directory.

Ready to learn more?

Join our webinar on May 2 for a deep dive the best ways to manage data, user access and security features in Microsoft Teams.

Or fill out the form below and one of our local experts will be in touch soon.


Check out the next article in this chapter

Share This