365tips.be

Blogs about: Microsoft Teams, backgrounds, Intune, OneDrive, Exchange, Azure AD, Windows 10, Security, Tenant, Exchange, best-practice, tips and & tricks

πŸ“– Tutorial: Microsoft Teams technical governance - best practice

Microsoft Teams governance . The demand for Microsoft Teams has grown tremendously since the change more remote work. Collaborating remotely sounds easy but it really isn't. Especially not if you don't have the right tools to communicate with your colleagues. In addition to the human difficulties, there is also a technical complexity. Not all organizations are always ready to collaborate with modern technologies. And to set up teams in a fast way.

Through these practical instructions in this blog I rich best-practices. Policies, policies within Microsoft Teams are needed to bring structure to your IT Organization.

Context: Microsoft Teams is deeply integrated into the eco-system of Office 365. Underlying it is Outlook, OneDrive, SharePoint, Yammer, Stream, Staffhub, Planner, PowerBI, Maps and much more. In addition to Teams setup, it is also recommended to set up OneDrive and SharePoint properly set up.

In addition, you can also read other blogs; download files, saveteams recordings on OneDrive,...

What is governance in general?

Governance brings together people, processes, technologies & policy/policy. Governance provides a broad capstone needed to help organizations handle technology well - in general.

PeopleProcesses
technologiesrules / Policy

Microsoft Teams is integrated with these different services

Office 365 Groups, Security groups, mail groups, distribution lists and shared mailboxes.

1

This image shows which "share" services are also integrated into Microsoft Teams .

1

In this image, you can see where Microsoft Teams touches on other Office 365 technologies.

1

Also, check out the full integration in Microsoft 365, here.

1. Group and team creation naming and guest access

Often your organization requires that there be strict rules how computers, printers, fileshares, team sites are named and classified.

Do we work with guests?
Can guests be added as team members?
Who is allowed to create teams ?

All of these "options" can be set up with Azure Active Directory (Azure AD).

Decisions to be made:

Does your organization need a specific naming convention for teams ?

Do team(creators) need the ability to assign organization-specific classifications?

Want to limit the ability to add guests per team?

Do you want to limit within the organization who can create teams ?

Action after decisions:

Document your organization's requirements for team creation, naming, classification and guest access.

Plan to implement these requirements or recommendations as part of the rollout of Teams.

Communicate and publish policies to inform Teams-users of the behavior they can expect during implementation.

proposed framework: Group and team creation, naming and guest access

EmergencyDetailsAzure AD PremiumDecision
Team naming policyUse prefix suffix-based custom blocked words.P1TBD
Team classificationAssign classifications to teams.P1TBD
Team guest accessAllow guests to the TeamsNOTBD
Create a teamlimit team creation for administrators.NOTBD
Create a teamLimit team creation for a select group of people in the organizationP1TBD
You can adopt the above framework integrally into governance/policy documentation. Make decisions, knock off & set up technically.

Technical equipment

1. Microsoft Teams naming policy

Below is a policy that gives each group a prefix TEAMS-. It's that simple! See 2nd screenshot.

1

2. Team classification

I will come back to this with a separate blog soon! More technical information can already be found here. https://docs.microsoft.com/en-us/office365/enterprise/powershell/manage-office-365-groups-with- powershell

3. Team guest access - ON / OFF

1

3. Teams disable guest access by team

Microsoft Teams governance often starts around guest accesses. For example, do you want to disable guest access on one team? Because it's a team that will only be used internally, for example. Such as: Communications Department, Human Resources, IT, HR, Payroll. Then follow the steps below to disable guest access on one team. You can of course automate this with PowerShell or via a template provided when creating a team.

Microsoft Teams governance  Whole Organization
  • Select one of these 4 options:
  • Everyone
  • New and existing guests
  • Existing guests only
  • Persons in the organization only
1

4. Create team - for administrators

5. Create Teams - for specific groups

2. Expiration, retention and archiving of groups and teams

To set up a good Microsoft Teams governance policy, it is recommended that retention be in place. Your organization probably has requirements for setting policies for the expiration, retention and archiving of teams and team data (channel messages and channel files). You can allow team (sites) to expire and automatically apply a team lifecycle.

Retention policies to retain or delete information can also be enforced. Teams archiving is as well as an option (set to read-only mode) to view a point-in-time view of a team that is no longer active.

Decisions to make:

What is the organization worn due date for a team?

What specific data retention policies should be applied to teams ?

Does your organization expect the ability to archive inactive teams . Or display the contents in a read-only mode?

Actions to be implemented after decisions:

Document your organization's requirements for the expiration (expiration) of teams, data retention and archiving.

Plan to implement these recommendations as part of the rollout of Teams.

Communicate and publish a policy to inform Teams-users of platform behaviors.

proposed framework: Expiration date, retention and archiving of groups and teams

EmergencyDetailsAzure AD Premium Decision
Expiration date policyManage the life cycle of Office 365-groups (and also Teams) by establishing a decay policy.P1TBD
Retention policyRetain or delete data for a specified period of time by setting the retention policy for teams in the Security & compliance center. Note: Using this feature requires a license for Office 365 Enterprise E3 or higher.
Β 
NO, O365 E3 or higher.TBD
Archive and restore from teamsArchive a team when it is no longer active but you want to keep it for compliance reasons or to reactivate in the future.NOTBD
3 rules which you can knock off and write out after the decision round. Organization carried so GO.

Technical equipment

1. Expiration date policy

Microsoft Teams governance for the life cycle of Office 365-groups (and also Teams) by setting a decay policy.

  • Browse to the Azure Portal. https://portal.azure.com
  • Select Azure Active Directory
  • Click on groups, then on expiration date.
  • In this configuration, I set the group lifetime to 30 days.
  • For example, you can leave fixed team sites out but allow project sites to cycle.
1

2. Retention policy

Retain or delete data for a specified period of time by setting the retention policy for teams in the Security & compliance center. Note: Using this feature requires a license for Office 365 Enterprise E3 or higher.

1
  • 7 years. default.
1
  • Select Teams channels
  • Select Teams Chat Messages
  • It is wise to create a separate retention policy for all locations. (Except groups & channels-this one is already created)
1
  • Create this policy.
1

Learn more: Docs.microsoft.com

3. Archive and restore from teams

Archive a team when it is no longer active but you want to keep it for compliance reasons or to reactivate in the future.

Microsoft Teams deleted? restore can be done easily through this blog.

4. Check unused Teams

Review unused teams via admin.teams.microsoft.com or via Office 365 Groups and Teams Activity Report. For weekly or monthly checks on accesses and usage.

5. Restrict external applications

Through the control panel of Cloud App Security you can see whether a third-party application is suitable for modern regulations and is suitable according to personal and data protection standards. (GDPR)

737+ Microsoft Teams app are allowed in this test environment by default. If you want to keep a finger on the pulse of applications you'd rather not see in the environment, you can block the application individually here. Disabling applications can be done via this blog.

6. Teams automatic cleanup with Access Reviews

Teams that are not used you can automatically clean up by asking the owners if they agree. A full explanation in detail can be found here. Governance: Microsoft Teams automatic cleanup via Access Review

1

3. Start document shift to collaborate in one platform

Office 365 is built on strategies we too often question. After all, OneDrive is a home place for end users to keep files. SharePoint organization creates connectedness and Microsoft Teams is the hub for collaboration.

1. OneDrive

OneDrive is a place where personal documents are placed. Onedrive itself does not require much setup. We used to have home drives, now we have OneDrive. Only this OneDrive allows higher flexibility toward sharing.

Personal data, customer data does not belong on OneDrive. From the policy of the organization you should make rules to record this. In addition, information protection can be used to ensure that files cannot be shared by third parties.

2. SharePoint

SharePoint is the central place for organizations to place data and information so that everyone always has current documents or organizational information. In modern flat structures, it is recommended to house crucial information at SharePoint, transparent to the entire organization.

3. Microsoft Teams

Microsoft Teams can be set up by department, type of collaboration group or by department. The overall structure by itself is not important to the organization. Often traditional IT Organization drives hierarchical structures to keep Teams manageable.

It is practical to have a logical, understandable structure that can land in any organization.
Oh well, Microsoft Teams is in use by the biggest tech giants such as: Accenture, Continental AG, Ernst & Young, Pfizer and SAP. They all have +100,000 users. Source.

  • Department sites for the departments
  • Project sites for short projects
  • Structural foundations such as: HR, Management,.

Organization rules

As an organization, do you have many teams? Put two owners on each team. If one of the owners is not present or leaves the organization, you can continue working without operational impact.

Add guests to teams in which you have decided it is OK. Do not allow guests to important internal teams. A naming convention may help or a prefix before or suffix after the team name.

Appoint administrators who occasionally review guests and entrances so that everything remains tidy at all times.

General instructions

Microsoft Teams rules are crucial for any organization.

Document your organization's specific needs for possibly restricting Teams-functions at the tenant- and user level. This is completely separate from the points described above.

Write out the 2 frameworks around creation & retention for the good of the organization. Furnish technology only when it is needed. Don't wait to furnish it before it is too late. Try to consider the limits of Teams.

Communicate and publish the full policy to inform Teams-users of the behavior they can expect after your implementation(s).

Now is the time for Teams templates or measurability of the teams implementation through these blogs.

About the author

Tagged: , , , , , , , , , , , , , , ,
0 0 vote
Article review
Subscribe
Please let us know if there are
guest

0 Comments
Inline feedbacks
See all comments
0
Would love to know your thoughts, please leave a comment.x