CIO Advisor
Microsoft Teams is an incredibly powerful tool that enables efficient collaboration and information access across an organization. That said, a remarkable number of customers that we work with struggle to manage and secure it the way that they would like to.
Much of the time, Teams was enabled during the pandemic to try to help employees work more effectively remotely, but it was deployed without much planning or training. As a result, Teams access is often over-permissioned while also being under-adopted and under-governed. Features like guest access and third-party app access are often unrestricted, and the usage of Teams and channels is inconsistent. Conversely, Teams loses a lot of value if it is over-restricted, so finding a balance that is right for your organization is critical.
Teams governance overall is a huge topic. Organizations need to establish some norms and policies regarding how Teams should be used, and there are hundreds of settings in the application. In this blog, I’ll address seven of the most common recommendations we give to customers to help them start getting Teams back on track. These settings will help to address common risks from Teams sprawl and overprovisioned access while allowing most of the collaboration features to be available to employees.
Limiting who can create a Team helps prevent Teams sprawl and allows those who are authorized to help ensure Teams and Channels are being used appropriately, and standards can be followed regarding Teams naming and ownership.
Having a naming standard helps to set some organizational norms and makes it easier for employees to understand what to expect and how to interpret Team names.
Establishing a standard taxonomy will help make Teams easier to navigate and encourage employees to use Teams and Channels in a similar way across business units and departments. Have a bias toward Channels. Only create a Team if a Channel in an existing Team won’t do the job. A Team is mostly just a group of Channels, so fewer Teams and more Channels is usually the right approach.
Dormant or unused Teams contribute to sprawl and add risk if they are not managed properly. Expiration policies take effect after the configured amount of time. If a Team isn’t accessed for that period, the Team owner receives a notification 30 days, 15 days, and 1 day before the team’s expiration date. When the team owner receives the notification, they can click Renew Now in the notification to renew the Team.
For Teams that have reached the end of their lifecycle, it is a good idea to have a process established to either archive or delete the Team. Often an organization will want to save documents related to a project, but not chat content or other transient information captured in Teams. This archival and deletion can be an administrative process, or you can allow the Team owner to archive a Team themselves.
Teams apps are a great way to extend the Teams client as the one-stop-shop for processes and information access, but it is important to vet the third-party (non-Microsoft) apps available in Teams before allowing their use. All Teams apps are available to users by default, so I often advise customers to restrict access to only the Microsoft apps, and then vet and publish the third-party apps as needed to either everyone or just the user groups that will use them.
Guest access in Teams can be a bit complex, as guest capabilities are determined by the result of several policies working together across Entra ID, Microsoft 365 groups, SharePoint, and Teams. This combination gives you a lot of flexibility but can also introduce unintended consequences.
Hopefully these recommendations help to start defining what your overall Teams governance plan will look like. As mentioned above, Teams governance can be a significant effort, and there are many more considerations that should be made to build a well-governed and effective Teams environment.
We help our clients with Teams Governance and Security all the time! Click Here if you’re interested in learning more about our Teams Governance Workshop. If you have questions or would like some help with Teams governance in general, please reach out to info@eGroup-us.com or complete the form below.
Contact our team today to schedule a call with one of our experts.