Teams Governance

 admin

As you roll out more users, have more meetings, and create more teams, you can find yourself overwhelmed with Microsoft Teams. To avoid this, it’s important to know you’re working in line with Microsoft Teams governance best practices.

Microsoft boasts over 115m daily active users but doesn’t document how many have a dedicated governance plan.

As governance lets you define people, processes, and structure in Teams, you can draw a full value out of Teams while ensuring security. In this blog, we will learn about MS Teams governance best practices to ensure efficient and successful collaboration at workplaces. The Team Captain platform by MessageOps simplifies and automates the manual approach to governing, managing and providing productivity insights of a company's Microsoft Teams environment. Start a 14-day Free Trial of this easy-to-use Microsoft Teams governance platform today!

Failure to define and adhere to Microsoft Teams governance best practices leads to gaps in your security and compliance policies, time-consuming administration and management, and confusion among users as to what they can and can’t do.

Before we jump into some best practices for Microsoft Teams governance, let’s first ensure we understand exactly what we’re talking about.

What is Microsoft Teams governance?

By Microsoft Teams governance, we mean how you manage users’ access and data in compliance with your business standards, and ensure the security of your data.

Settings and policies widen out into Microsoft 365 governance as Teams integrates Office 365 Groups, OneDrive, SharePoint, and other Microsoft 365 services.

Microsoft Teams governance is key to the day-to-day management and usability of Teams.

By having defined governance principles, you ensure your business has a set way of using Teams that is communicated and expected from everyone.

For example, users won’t create duplicate teams and channels if they know the set criteria for creation.

When they do create a channel, they will use a specific naming convention so that channel doesn’t confuse other users as to the purpose of the channel.

When users move from team to team and project to project, this can be a real time saver.

It might be using a CRM project ID in a team name or using the correct legal customer name for a customer team.

You could also use suffixes like {EXT] for teams with external guests. It might just be a common standard for of name for each channel, like “Proposals”.

If you have five “Global Technology” teams across the world, but they work on separate projects, using the country before the team makes it clear to other teams which is the team they should be working in.

But it’s more than just naming.

It’s about ownership, and rules around what data can be kept in teams, external guest access, retention, archiving, and deletion.

Teams must have lifecycle management.

Now that we’re clear on what we mean by Microsoft Teams governance, let’s jump into the best practices.

Microsoft Teams governance best practice #1: Decide who can create teams

Do you want to allow everyone to create a team?

If everybody can create a team, there’s a delay for your users. When a new team is needed, any user can create one.

But what happens if creation is not managed? You end up with duplicate teams, teams that serve no purpose, and a heap of empty SharePoint sites on your back end.

So, you might think about restricting creation rights completely.

To do this in Teams, you need to remove the ability to create any Office 365 groups.

This will remedy the above issues but causes a new problem with your users who have a genuine need for team creation.

If they can’t create a team, those users may move to shadow IT.

When a user can’t do what they want immediately, it might be easier for them to use another app like Dropbox for file sharing or Slack for messaging.

If these are not your organisation's tools of choice, there is a risk they are not compliant when it comes to things like GDPR and ISO accreditations.

There are options here. You can:

  • Block all users from creating teams: use an external tool like a ServiceNow form or Microsoft form, have IT create the teams.
  • Allow all users to create teams: make sure you manage those teams after creation to ensure they meet organisational policies.
  • Enable users to create teams directly: but in a controlled way, through a third-party app like CreateTeam.

With one of our latest customers, they choose to allow users to create teams, but control it tightly with predetermined templates and naming conventions through CreateTeam.

Microsoft Teams governance best practice #2: Decide who can grant guest access

Teams allows external guests to join and directly access the team, chat, files, and apps.

With guest access, there is an easy on-off decision to make.

Are you going to allow all your users/teams to add guests from other organisations?

By default, Microsoft now enables all users to invite a guest to join their team.

You can control this at a global level in Active Directory or the Teams Admin Center.

Or you can control this on a team-by-team basis with sensitivity labels.

Microsoft Teams governance best practice #3: Create (and communicate) a naming scheme for teams and channels

When you set up your first batch of channels in Teams, everything will look neat and tidy.

This could lure you into a false sense of security that this is the way it will always be.

In reality, if you let every different user in your business choose their own naming convention, they will express their individuality.

And while personality is important in business communication, inconsistency in channel names leads to confusion, untidiness, and reduced productivity.

If you’re a small team, generic terms are fine as they are less likely to get re-used and the number of teams and channels you’re in is small.

But, when a business grows, or is already of a certain size, using team names like Marketing could mean any one of nine marketing teams.

Martin Perry, Owner of Redwing Training – a Microsoft Teams training company, says he always emphasises the importance of team and channel naming conventions.

“Just as important are the team and channel descriptions.”

Names must be clear, concise, and easy to understand.

Descriptions must also be included – especially in large organisations whose name have similar-sounding teams and channels (like accounts and accounts payable).

Again, these must be clear and concise.

There is no standard naming convention for Microsoft Teams channels so it’s important you direct this for your business.

You might want to adopt your file saving conventions to match historic SharePoint sites. The more intricate side of naming conventions is on the SharePoint side.

Whatever you decide on, make sure your naming conventions are clear and it is communicated that they are not optional.

Microsoft Teams governance best practice #4: Manage third-party app availability

Once your internal and external usage policies are set, think about the third-party apps you use (or may one day use) in Teams.

Third-party apps are any apps you use in conjunction with Microsoft Teams – and perhaps even from within Microsoft Teams.

The benefit of allowing your teams to install their own apps is that they can access their day-to-day apps without raising a ticket each time.

The disadvantage is they have access to install any third-party app.

It’s important to decide and communicate whether users will have access to these or whether they must request access each time they need a new app.

If you have the chance to, ensure your requirements gathering sessions with department heads include discovery of which apps everyone needs access to ahead of deployment.

Microsoft Teams has over 600 third-party apps published in its app store.

Third-party apps include the likes of:

  • Trello
  • Zoom
  • Webex
  • Freehand
  • RingCentral
  • Cacoo
  • Lucidchart
  • Mural
  • Wrike
  • Givitas
  • And over 500 more

You can control which third-party apps can be used in your organisation in the Manage apps page in the Teams Admin Center.

Scroll to Third party apps and toggle on or off.

You can also allow newly published apps by default or turn off to manage on a one-by-one basis.

Software

Microsoft Teams governance best practice #5: Know what happens when you delete and archive content

When you remove content from Teams, where does it go?

For the everyday user, out of sight is out of my mind.

For the Teams administrator, knowing what has happened to your archived or deleted content is crucial for Teams governance.

When a user clicks delete content, it gets removed from the Teams channel.

It is also removed from the underlying SharePoint site.

Deleting teams in Microsoft Teams

If you delete the entire team, activity and content (files, chats, etc) are all deleted and cannot be recovered later unless you have access to the Microsoft 365 group that's associated with the team.

Deleting a team deletes the channels associated with it and the underlying SharePoint site too.

The alternative to deleting an entire team is to archive it.

You should archive teams (and content) if there if it likely you will need to use the team again.

To delete a team, open the Teams Admin Center.

  • Choose Teams
  • Select the team name you wish to delete
  • Click Delete
  • Click Deleteagain to confirm

Archiving teams in Microsoft Teams.

Teams Governance

When you archive a team, activity is frozen but you can still make administrative changes like adding or removing members.

To archive a team, open the Teams Admin Center.

  • Choose Teams
  • Select the team name you wish to archive
  • Click Archive
  • Click Archiveagain to confirm

When you need to make an archived team active again, repeat the process above and choose Unarchive.

Microsoft Teams governance best practice #6 Document when to have public teams and when to have private teams

In Microsoft Teams there are three types of team: Public and Private, and Org-wide.

Public means anyone in the organisation (tenant) can join the team at any time without any approval. They are discoverable to all users.

Private means owners of the team must admit new members. They are hidden from discovery.

Org-wide is a special type of team that automatically adds everyone in the organisation organization to be a part of a single team for collaboration. You can make more than one Org-wide team should you want to.

Usually, you will want private teams to control who has access to information, in line with the general best practice of minimum access to data/least privilege.

Public teams are useful for more company-wide or causal topics.

Governance

Can you change a Microsoft Teams channel from private to public?

To change a team from private to public (or vice versa), click by the team name and choose More options.

Choose Edit team > Privacy > Public or Private.

Don’t forget to save your changes.

Microsoft Teams governance best practice #7 Standard vs private channels in Teams

The difference between a public and private channel is quite simple.

A standard channel is available for any member of the team to see. Team members have access to files, messages, and meetings within the channel.

A private channel is only open to specified members. You will need an invite from channel owner.

Once you have joined a private channel, you can access all its content.

Consider how extensively you want to use private channels.

When to use public vs private channels in Teams

Keep the difference simple:

  • Use private channels for private conversations and teamwork – like HR management, any work being worked on under Non-Disclosure Agreement (NDA), or anything that should not be seen by your wider organisation.
  • Use standard channels for teams which need (or might one day need) members from your wider teams to view or input, or if you might need to link to content stored within a team.

For example, if your board is working on the acquisition of another company, you don’t want everyone in your business to access the day-to-day activities of the process.

Microsoft Teams governance best practice #8: Automate governance where possible

Helping your users keep with Teams governance best practices can be challenging.

Governance

With Teamwork Analytics, you can use automation to target, prompt, and guide your users to ensure best practice.

Automations can send adaptive card notifications to users directly in Teams.

Examples include:

  • Minimum 2 owners per team
  • Remind Teams owners of guests
  • Notify owners of inactive teams to delete/archive
  • Notify owners or members of a deleted team

Automation is not limited to governance. It can also be used to drive user adoption and to help users improve their calling and meeting experience.

For a free 30-day trial of Teamwork Analytics, sign up here.

-->

Teams provides a rich set of tools to implement any governance capabilities your organization might require. This article guides IT pros to ask the right questions to determine their requirements for governance, and how to meet them.

Tip

Watch the following session to learn about more about Governance in Microsoft Teams: Governance, management and lifecycle in Microsoft Teams

Group and team creation, naming, classification, and guest access

Your organization might require that you implement strict controls on how teams are named and classified, whether guests can be added as team members, and who can create teams. You can configure these areas by using Azure Active Directory (Azure AD) and sensitivity labels.


---
Decision points
  • Does your organization require a specific naming convention for teams?
  • Do team creators need the ability to assign organization-specific classifications to teams?
  • Do you need to restrict the ability to add guests to teams on a per-team basis?
  • Does your organization require limiting who can create teams?
Next steps
  • Document your organization’s requirements for team creation, naming, classification, and guest access.
  • Plan to implement these requirements as a part of your Teams rollout.
  • Communicate and publish your policies to inform Teams users of the behavior they can expect.

Note

To help you plan ahead, learn more about setting these policies and what licenses they require.

Note

Limiting group and team creation can slow your users’ productivity, because many Microsoft 365 and Office 365 services require that groups be created for the service to function. For additional information, navigate to and expand Why control who creates Microsoft 365 Groups.

Additional information

After you’ve determined your requirements, you can implement them by using Azure AD controls. For technical guidance on how to implement these settings, see:

Group and team expiration, retention, and archiving

Your organization might have additional requirements for setting policies for expiration, retention, and archiving teams and teams data (channel messages and channel files). You can configure group expiration policies to automatically manage the lifecycle of the group and retention policies to preserve or delete information as needed, and you can archive teams (set them to read-only mode) to preserve a point-in-time view of a team that’s no longer active. Note that teams that are archived continue to have the expiration policy applied and may be deleted unless excluded or renewed.

--

Decision points
  • Does your organization require specifying an expiration date for teams?
  • Does your organization require specific data retention policies be applied to teams?
  • Does your organization expect to require the ability to archive inactive teams to preserve the content in a read-only state?

Next steps
  • Document your organization’s requirements for team expiration, data retention, and archiving.
  • Plan to implement these requirements as part of your Teams rollout.
  • Communicate and publish your policies to inform Teams users of the behavior they can expect.

Tip

Use the following table to capture your organization’s requirements.

CapabilityDetailsAzure AD Premium license requiredDecision
Expiration policyManage the lifecycle of Microsoft 365 groups by setting an expiration policy.P1TBD
Retention policyRetain or delete data for a specific time period by setting retention policies for Teams in the Security & compliance center. Note: Using this feature requires licensing of Microsoft 365 or Office 365 Enterprise E3 or above.NoTBD
Archive and restoreArchive a team when it’s no longer active but you want to keep it around for reference or to reactivate in the future.NoTBD

Note

Group expiration is an Azure AD Premium feature. For this feature to be available, your tenant must have a subscription to Azure AD Premium and licenses for the administrator who configures the settings and the members of the affected groups.

Additional information

For technical guidance on how to implement these settings, see:

  • Set up Microsoft 365 groups expiration.

  • Set up Teams retention policies.

  • Archive or restore a team.

Group and team membership management

Consistently managing members of project based, or restricted groups are necessary for teams that require rapid onboarding and offboarding or users and guests. Your organization may also need to make sure all current members have the business justification to be in a team. Managing members can be hard because team owners can leave and users don’t usually leave groups on their own accord when a project ends or when they change roles. The best way to manage group membership that allows users to get access when needed but ensure the group doesn't have a risk of inappropriate access is through two district processes: entitlement management and access reviews.

Entitlement management allows you to delegate to someone, such as a project manager, to collect all the resources that are needed, including teams memberships, into a single package. They can also define who can make requests: either users in your tenant or from other connected organizations. The project manager will receive access requests in their email and approve or deny requests in the MyAccess portal. Administrators can configure the conditions of access to include an expiry date or period by when the user or guest will be removed from the team unless access is renewed. Administrators can also set up the groups associated with teams to take part in access reviews. For access reviews, the group owners will receive regular reminders to review the members of a team. Access reviews include recommendations, which makes it easier for group owners to go through their regular attestation process.

---
Decision pointsDoes your organization require a consistent process for managing membership of one or more teams?
Does your organization require owners, or the members themselves, to justify their continued membership of one or more teams on a regular basis?
Does your organization require approval for users and guests to request access to resources including teams, groups, SharePoint sites, and apps?
Next steps?Document your organizations requirements for each team or specific teams for membership expiry.
Plan how your organization can bundle teams, groups, SharePoint sites, and apps together in access packages.
Plan which people, such as the requestor's manager, a project manager, a sponsor for a connected organization or a security officer in your organization will need to approve or deny access requests.

Tip

Use the following table to capture your organization’s requirements.

CapabilityDetailsAzure AD Premium license requiredDecision
Access reviewsSetup access reviews to recertify the membership of specific teams at regular intervalP2TBD
Entitlement managementSetup access package to allow users and guests to request access to teamsP2TBD

Note

To help you plan ahead, learn more about what licenses they require.

Additional information

For technical guidance on how to implement these settings, see:

Teams feature management

Another important aspect of governance and lifecycle management for Teams is the ability to control what features your users will have access to. You can manage messaging, meeting, and calling features, either at the Microsoft 365 or Office 365 organization level or per-user.

--

Decision points
  • Does your organization require limiting Teams features for your entire tenant?
  • Does your organization require limiting Teams features for specific users?

Next steps
  • Document your organization’s requirements for limiting Teams features at the tenant and user level.
  • Plan to implement your specific requirements as part of your Teams rollout.
  • Communicate and publish your policies to inform Teams users of the behavior they can expect.

Teams feature management focus areas

Teams provides granular capabilities for controlling messaging, meeting, calling, and live event features and more, via policies. Different policies can be applied to all users by default or per user as required by your organization.

For detailed lists of all settings, including technical guidance on how to implement them for your organization, see the following articles:

Governance Process Template

Additionally, you can set up moderation for a channel and give moderator capabilities to certain users so that they can control who can create channel posts and respond to them. See Set up and manage channel moderation in Microsoft Teams for more information.

Security and compliance

Teams is built on the advanced security and compliance capabilities of Microsoft 365 and Office 365 and supports auditing and reporting, compliance content search, e-discovery, Legal Hold, and retention policies.

Teams Governance And Compliance

Important

If your organization has compliance and security requirements, review the in-depth content provided about this topic in the article Overview of security and compliance in Microsoft Teams.

Teams Governance Pdf

Related topics