MICROSOFT 365 AND OFFICE 365 IT AND SECURITY MICROSOFT TEAMS

Microsoft Teams Governance and Security

BY PROFESSIONAL ADVANTAGE - 24 April 2020 - 6 MINS READ

Part 1: What does it mean for your organisation?

Microsoft Teams has added a lot of value to organisations looking for effective and fast collaboration. Additionally, Teams has enabled users to share and manage information at a single location seamlessly, without moving content around to meet their needs. But the key to using Teams effectively is knowing how to implement it pragmatically across departments and users without impacting normal business processes.

There are various ways to implement Teams effectively, but one of the key required implementation criteria is Governance and Security. At Professional Advantage, we have deployed and implemented Microsoft Teams for a wide range of organisations, and from that experience, we have answered some of the common queries and questions around Teams Governance and Security, including:

  1. How well can Microsoft Teams be governed?
  2. What are the fundamentals of implementing Teams Governance?
  3. How do we manage creation and lifecycle of Microsoft Teams?
  4. What do we need to consider about data security and policies?
  5. How do we manage guests and how well can we audit them?
  6. How do we manage roles, specifically in Team's flat structure?

This blog is the first in a four-part series within which we will look at Teams governance at a high-level and the fundamentals around it, before deep diving into some of the core logistics and implementation criteria.

Teams Governance Plan

The Teams Governance Plan can be classified under four broad headers. There are other ways we could try to approach it, but below are the simplest groupings that we find particularly useful.

  • Users and Secure Access.
  • Creation Rules an Naming Standards.
  • Compliance, Classification, and Security.
  • Teams and Content Lifecycle management.

There is anther aspect of Teams governance which is Teams Apps Governance, which we consider as a separate scope, and will be included in another blog series.

Microsoft Teams Architecture

Let us take a look at each of the above categories. In the succeeding blogs for this series, we will explain each of these concepts and give a high-level plan for implementing each.

In the above infographic, there is an underlying layer of Teams Architecture which is critical for the successful ongoing management of the Governance Plan.

Users and Secure Access

Users and Secure Access are key for understanding the scope and how well a Team can be managed. In other words, it gives us an idea of how we can create an effective governing structure and plan for proper management of access for its users and content.

Teams, at a high level, provides us with three broad groupings of users:

  • Owners.
  • Members.
  • Guests.

This might look simple, but there are numerous aspects that might influence how best we can use the concept of owners and members to secure access to content.

The guest access is one of the critical aspects of Teams security planning. We will look at how to manage the guest access in Teams in a later blog in this series.

Creation Rules and naming standards

Creating the right number of teams is critical for operational management of Teams and to prevent uncontrolled sprawl of Microsoft Teams. There is no direct answer to how many Teams is the right number; there are various factors influencing the governing reason for putting control on the creation of teams.

Compliance, Classification, and Security

Classification and Compliance are critical for organisations to manage the legal requirements and, more importantly, in preventing data loss.

Traditionally, users had to create and collaborate on content separately and then move it to a records management tool for managing compliance and classification. This meant that either some of the compliance rules would have been forgone during creation, or there would have been duplication of data. Therefore, having an upfront security and compliance architecture helps to manage and contain important information at a single location without losing track of it.

Teams and Content Lifecycle Management

Teams and Content Lifecycle Plan is an important part of keeping the content in your collaboration space current and managed properly.

For example, if the content in your sites is more than 10 years old, is it still beneficial to retain it for this length of time? Also, in certain cases, organisations may require the content to either be renewed, such as contracts, or archived so that the content is not lost. In both of these cases, we need rules and criteria to provide guidance on what happens to content past its life period.

The automated management of Teams as a whole or content individually provides administrators a centralised overview and control of content that might be dispersed and managed across various Teams, SharePoint sites, and Groups.

In the upcoming blogs, we will look at the various options available and ways to make the Teams and content lifecycle smarter.

Conclusion

We hope that you picked up high-level consideration areas for a Teams Governance implementation, and why it is important for the success of its deployment. Remember, don't consider governance at the last part of your Teams deployment; it should go hand in hand with your implementation.

Watch this space for our upcoming blogs on:

  • Understanding the basics of Teams' Information Architecture.
  • Guest access options and possible user scenarios to manage.
  • Reducing data loss risk in Teams with Classification and Compliance.
  • How to make your Teams and Content Lifecycle Management smarter.

Need guidance with creating a Teams Governance Strategy? Call us at 1800 126 499 to speak with one of our Workplace Innovation strategists, or contact us through this website.

Write a Comment


Talk to us

If you would like to learn more, complete the form below and one of our team will be in contact.

Your information will never be shared or sold to a 3rd party,
please read our privacy policy.