Tutorial: Microsoft Teams technical governance - best practice

Tutorial: Microsoft Teams technical governance - best practice

Microsoft Teams governance . The demand for Microsoft Teams has grown enormously since the change to more remote work. Working together remotely sounds easy but it really isn't. Certainly not if you don't have the right tools to communicate with your colleagues. Certainly not if you do not have the right tools to communicate with your colleagues. Besides the human difficulties, there is also a technical complexity. Not all organisations are always ready to cooperate with modern technologies. And to set up teams in a fast way.

Through these practical instructions in this blog I offer best-practices. Policies, policies within Microsoft Teams are necessary to bring structure to your IT organisation.

Context: Microsoft Teams is deeply integrated into the eco-system of Office 365. Underlying it are Outlook, OneDrive, SharePointYammer, Stream, Staffhub, Planner, PowerBI, Maps and much more. In addition to Teams it is also recommended to set up OneDrive and SharePoint OneDrive and OneDrive.

You can also read other blogs; download files, saveteams recordings to OneDrive,...

What is governance in general?

Governance brings together people, processes, technologies & policy/policy. Governance provides a broad framework needed to help organisations deal well with technology - in general.

technologiesrules/ Policy

Microsoft Teams is integrated with these different services

Office 365 Groups, Security groups, mail groups, distribution lists and shared mailboxes.


In this image you can see which 'part' services are also integrated in Microsoft Teams .


In this image you can see where Microsoft Teams touches on other Office 365 technologies.


See also the full integration in Microsoft 365, here.

1. Group and team creation naming and guest access

Often your organisation requires strict ruleshow computers, printers, fileshares, team sites are named and classified.

Do we work with guests?
Can guests be added as team members?
Who is allowed to create teams ?

All these 'options' can be set up with Azure Active Directory (Azure AD).

Decisions to be made:

Does your organisation need a specific naming convention for teams ?

Do team(creators) need the ability to assign organisation-specific ratings?

Do you want to limit the possibility of adding guests per team?

Do you want to restrict who can create teams within the organisation?

Action after decisions:

Document your organisation's requirements for team creation, naming, rating and guest access.

Plan to implement these requirements or recommendations as part of the roll-out of Teams.

Communicate and publish the policy to inform Teams users of the behaviour they can expect during implementation.

proposed frameworkGroup and team creation, naming and guest access

EmergencyDetailsAzure AD PremiumDecision
Team naming policyUse prefix-based, custom blocked words.P1TBD
Team classificationAssign classifications at teams.P1TBD
Team guest accessAdmit guests to the TeamsNOTBD
Create a teamlimit team creation for administrators.NOTBD
Create a teamLimit team creation to a select group of people in the organisationP1TBD
The above framework can be adopted in its entirety in the governance/policy documentation. Make decisions, knock it off & set it up technically.

Technical equipment

1. Microsoft Teams naming policy

Below is a policy that gives each group a prefix TEAMS-. It is that simple! See 2nd screenshot.


2. Team classification

I will come back to this in a separate blog soon! You can find more technical information here. https://docs.microsoft.com/en-us/office365/enterprise/powershell/manage-office-365-groups-with- powershell

3. Team guest access - ON / OFF


3. Teams disable guest access per team

Microsoft Teams governance often starts around guest access. For example, do you want to disable guest access on one team? Because it is a team that will only be used internally, for example. For example: Communication department, Human Resources, IT, HR, Payroll. Then follow the steps below to switch off guest access for one team. Of course, you can automate this with PowerShell or via a template that you provide when creating a team.

Microsoft Teams governance  Whole Organisation
  • Select one of these 4 options:
  • Everyone
  • New and existing guests
  • Existing guests only
  • Only persons in the organisation

4. Team creation - for administrators

5. Create Teams - for specific groups

  • Teams Blocking creation for everyone but allowing it for a small group can be done via this blog post.

2. Expiry, retention and archiving of groups and teams

To set up a good Microsoft Teams governance policy, it is recommended to set up retention. Your organisation probably has requirements for setting up policies for the expiry, retention and archiving of teams and team data (channel messages and channel files). You can let team(s) expire and automatically apply a team lifecycle.

Retention policies to retain or delete information can also be enforced. Teams archiving is also a possibility (set to read-only mode) to view a point-in-time view of a team that is no longer active.

Decisions to make:

What is the organisation's due date for a team?

What is the specific data retention policy to be applied to teams ?

Does your organisation expect to be able to archive inactive teams . Or to display the content in a read-only mode?

Actions to be carried out after the decisions:

Document your organisation's requirements for the expiration of teams, data retention and archiving.

Plan to implement these recommendations as part of the roll-out of Teams.

Communicate and publish a policy to inform Teams users of the platform's behaviour.

proposed frameworkExpiry, retention and archiving of groups and teams

EmergencyDetailsAzure AD Premium Decision
Policy expiry dateManage the life cycle of Office 365 groups (and also Teams) by setting up a decay policy.P1TBD
Retention policyRetain or delete data for a specified period by setting the retention policy for teams in the Security & compliance centre. Note: To use this feature, a license for Office 365 Enterprise E3 or higher is required.
NO, O365 E3 or higher.TBD
Archive and restore teamsArchive a team when it is no longer active, but you want to keep it for compliance reasons or to reactivate it in the future.NOTBD
3 rulesyou can knock off and write off after the decision round. Organisation carried so GO.

Technical equipment

1. Policy expiry date

Microsoft Teams governance for the life cycle of Office 365 groups (and also Teams) by setting expiry policies.

  • Browseto the Azure Portal. https://portal.azure.com
  • Select Azure Active Directory
  • Click on groups, then on expiry date.
  • In this configuration, I have set the group life to 30 days.
  • You can, for example, leave fixed team sites out but let project sites cycle.

2. Retention policy

Retain or delete data for a specified period by setting the retention policy for teams in the Security & compliance centre. Note: To use this feature, a license for Office 365 Enterprise E3 or higher is required.

  • 7 years. default.
  • Select Teams channels
  • Select Teams Chat-Messages
  • It is wise to create a separate retention policy for all locations. (except groups & channels - this has already been created)
  • Create this policy.

More information: Docs.microsoft.com

3. Archive and restore teams

Archive a team when it is no longer active, but you want to keep it for compliance reasons or to reactivate it in the future.

Microsoft Teams deleted? You can easily restore it via this blog.

4. Check unused Teams

Review unused teams via admin.teams.microsoft.com or via Office 365 Groups and Teams Activity Report. Perform weekly or monthly checks on accesses and usage.

5. Restrict external applications

Via the Cloud App control panel Security you can see whether third-party applications are suitable for modern regulations and whether they comply with personal and data protection standards. (GDPR)

737+ Microsoft Teams apps are allowed by default in this test environment. If you want to keep your finger on the pulse of applications you would rather not see in the environment, you can block them here individually. Disabling applications can be done via this blog.

6. Teams automatically clean up with Access Reviews

Teams You can automatically clean up unused items by asking the owners if they agree. A full explanation in detail can be found here. Governance Microsoft Teams automatic cleanup via Access Review


3. Start with the document shift to collaborate in one platform

Office 365 is built on strategies that we question too often. The fact is that OneDrive is a home for end users to keep files. SharePoint organisation creates connectedness and Microsoft Teams is the hub for collaboration.

1. OneDrive

OneDrive is a place where personal documents are stored. Onedrive itself does not require much setup. We used to have home drives, now we have OneDrive. However, OneDrive allows for greater flexibility in sharing.

Personal data, customer data do not belong on OneDrive. From the policy of the organisation it is best to make rulesto record this. In addition, technically the necessary information protection can be done to ensure that files cannot be shared by third parties.

2. SharePoint

SharePoint is the central place for organisations to put data and information so that everyone always has up-to-date documents or organisation information. In modern flat structures, it is advisable to house crucial information at SharePoint, transparent to the entire organisation.

3. Microsoft Teams

Microsoft Teams can be set up by department, type of cooperation group or by department. The overall structure in itself is not important for the organisation. Often the traditional IT-Organization drives up hierarchical structures to keep Teams manageable.

It is practical to have a logical, understandable structure that can land in any organisation.
Oh yes, Microsoft Teams is used by the biggest tech giants such as: Accenture, Continental AG, Ernst & Young, Pfizer and SAP. They all have +100,000 users. Source.

  • Department sites
  • Project sites for short projects
  • Structural foundations such as: HR, Management,...

Organisation rules

Does your organisation have a lot of teams? Then always put two owners on each team. If one of the owners is not present or leaves the organisation, you can continue working without operational impact.

Add guests to teams where you have decided it is OK. Do not allow guests to important internal teams. A naming convention can help or a prefix before or suffix after the team name.

Appoint administrators to review guests and entrances from time to time so that everything remains tidy.

General instructions

Microsoft Teams rules are crucial for every organisation.

Document your organisation's specific needs for possibly restricting Teams functions at the tenant- and user level. This is completely separate from the points described above.

Write out the 2 frameworks around creation & retention in the interest of the organisation. Implement technology only when it is needed. Do not wait with implementation until it is too late. Try to take the limits of Teamsinto account.

Communicate and publish the full policy to inform Teams users of the behaviour they can expect after your implementation(s).

Now it's time for Teams templates or measurement of the teams implementation via these blogs.



Welcome to 365tips.be. On this website you can read articles and experiences about Office 365 with focus on Microsoft Teams. If you have questions comment at the bottom of this blog post. Also help others by asking questions at the bottom of the articles. This blog is created in Dutch. The multilingual website is offered with best-effort machine translation.
0 0 votes
Product review
Please let us know if there are

0 Reactions
Inline feedbacks
See all comments
Would love to know your thoughts, please leave a comment.x