Many organisations face a chaotic and damaging proliferation of teams, where staff and IT teams are faced with a plethora of teams, messages and documents, and it can be difficult for everyone to find what they need.
To avoid this disorganisation and to make the best of the powerful communication and communication features of Teams in a safe and secure way, it is essential to set up, within the company, a set of rules for using Teams. It is this set of rules that we call "Governance Strategy".
This benefits not only the IT teams, but also the employees: once the governance of Teams is in place, they can work as a team without having to worry about creating chaos or confusion. In a structured, standardised and secure environment, they can easily create workspaces that meet their specific needs, search for information and share it...with peace of mind.
What are the seven essential rules of an effective team governance strategy? What exactly are the risks involved when these rules are not followed? What are the benefits of a successful governance strategy?
Arctus a compilé pour vous les 7 règles essentielles pour réussir la mise en place de votre gouvernance et faire de Teams votre allié au travail. ⬇️
Even if a team can function perfectly well with only one owner, not having at least two owners for a team is a source of risk, because if the owner of the team leaves the company, his team becomes an orphan.
Orphaned teams are still accessible to their members, but some of their settings can no longer be administered, in particular the management of members and guests, the management of access permissions to channels and tabs, and, most problematically, the management of deletion or archiving of the team itself.
In addition, orphaned teams mostly end up becoming inactive or inert within all teams, running the risk of having obsolete documents present in the organization's working environment. As a direct consequence, Teams' global search tool may no longer function optimally, as it will bring up obsolete or redundant documents from other Teams.
Finally, the presence of orphan teams puts the organisation at risk of having security and/or confidentiality problems, linked to the lack of visibility and control over access (internal and external) to the orphan team.
Too often, when organisations conduct audits of their Microsoft 365 tenants, the number of teams far exceeds the number anticipated by IT teams.
Self-service provisioning, i.e. the possibility offered to any member of the company to create Teams, contributes greatly to their uncontrolled proliferation.
It is therefore important to determine who in the organisation has the authority to create new teams. The more users who are granted this ability, the more difficulties the organisation may have in managing the organisation of Teams on a large scale.
However, not giving a sufficient number of users the possibility to create Teams can restrict usage and harm the collaborative aspect of the platform. The right balance between "permissiveness" and "control" needs to be determined, taking into account, among other things, the size of the company, its culture, and the needs of its employees.
To control the proliferation of Teams and ensure that their initial parameters (minimum number of owners, names, structure, etc.), correspond to the governance policy established by the organisation, it is essential to put in place a process for the review and approval of Teams.
During this process, the user will make a request for the creation of a Team, indicating the characteristics of the latter (name, owners, members, channels, default tree structure of the "general" channel, life span); this request will be reviewed by the previously defined approver(s); following this review, the request will be approved or rejected
Given that the final validation of the Team's creation is carried out by a human being, an approval process can generate bottlenecks; it is therefore advisable to provide several approvers in order to compensate for any unavailability of the latter.
Teams offers the ability to invite external users to access a team's channels and content, a feature often essential for working with external partners.
However, there are security risks associated with this possibility, as sensitive organisational information may be stored in the teams, and the signing of non-disclosure agreements is not a systematic procedure within organisations.
Besides, if the organisation no longer needs external users to access its system, but has not deactivated guest access for them, they can continue to have access to the environment and exchange with internal users.
Finally, in the event that some Teams cease to be administered (orphaned or inactive Teams), the organisation loses visibility and control over external access to internal data.
For all these reasons, guest access control is vital.
The first step is to decide whether invitations to external users are allowed. Then, if so, to set the level of authorisation that guests will have.
Azure AD instances should also be audited regularly to monitor how many guest accounts are created, disable older accounts and detect anomalies.
Finally, it is good practice to continuously audit the documents themselves, shared with external parties.
When employees are allowed to create teams independently, the creation of teams can lead to teams with identical or similar names. Employees can quickly become confused as to which teams they are supposed to belong to.
This is why it is important to integrate naming practices into the governance of Teams. By giving teams standardised names, it is easier for staff to quickly locate the team they need. It also eliminates the risk of someone accidentally creating a duplicate team because they don't see the existing one.
The aim is to have a standard naming convention for the environment that is easy to follow, concise, and useful for recognising information relevant to the deployed Team.
Creating a naming convention requires defining the key identifying information that you wish to reflect in a team name. This could be, for example, a combination of location, department name and project name: [Lyon-Marketing-Lead Generation], or [Amsterdam-Finance-Due diligence2].
Over time, most Teams become inactive and no longer needed. A lack of a data archiving and deletion policy would therefore expose the organisation to risks such as outdated information in the Teams environment, a poorly performing search tool displaying irrelevant or duplicate results, and an overload of accessible Teams to which employees are affiliated.
Therefore, some essential good practices should be put in place to avoid these pitfalls: name an administrator responsible for the archiving and the deletion of Teams, define a default lifetime for each created Team, define the end-of-life criteria for a Team that require archiving or deletion (end of the project, end of interactions between members, too few members, no administrator).
Once governance has been established, it should be communicated throughout the organisation to ensure that the new policies are understood and accepted. Teams' governance communication should contain the name and contact details of the person(s) responsible for this governance, so that employees know who to contact with any questions relating to this topic.
To stem the proliferation of Teams, before it becomes unmanageable, it is therefore imperative to put in place an effective governance strategy, based on the seven core principles outlined above.
Once rolled-out and communicated to all users, it will allow them to work in a secure environment where information is easy to find and exchanges are smooth.
Effective and well implemented Teams governance will greatly improve the user experience and facilitate and encourage the adoption of Teams as a powerful communication and collaboration tool.
#microsoftteams #microsoft #teams #gouvernance #strategy #collaboration #security #security #teamsprawl