March 05, 2020

Governance in Microsoft Teams: A foundation for success

When you think about collaboration and the concept of the ‘Modern Workplace,’ what’s the first thing that comes to mind? A clean new interface? The innovative devices and software connecting employees like never before? Maybe it’s a new emphasis on data-driven insights and reporting or perhaps the positive cultural transformation as your team get to work anywhere, anytime? Whatever your vision, I wonder whether governance features as a high priority.

But it should, and it needs to.

Remaining competitive requires people-friendly tools to provide a personalised, secure, and collaborative work experience. Advanced collaborative platforms such as Microsoft Teams and Office 365 are fast becoming the new workplace productivity standard. However, purchasing the Teams or Office 365 license is just the beginning.

Too often we see an increase in support needed from products released to the business without a well-considered plan or lack of forethought around governance, brought on by a misplaced belief that an out-of-the-box solution is a fast track to implementation. Understanding how these tools fit into the wider workplace and taking considered measures to deploy these applications compliantly is critical to avoiding significant risk and rework.

The foundations for governance in Microsoft Teams and Office 365

Multi-function, cloud-based, collaboration platforms create a far more distributed information environment than many realise. Despite a seamless experience for the end user, the configuration and architecture behind the application is deceivingly complex. Organisations need to take the time to understand their information business rules, how they will manage the information discovery, data storage sprawl, application and data connectivity, as well as the security, authentication and privacy challenges.

To do this, you need to have governance foundations in place to align key business rules, processes, compliance requirements, roles and responsibilities, permissions and security to the application deployment plan.

Different industries must also take into account the specific business and jurisdictional rules that regulate their organisation. Many of these impact the boundaries of information flow, risk, and organisational protection unique to them.

For example, a number of security, privacy and child safety rules must be considered in education; while disability service providers need to comply with the National Disability Insurance Scheme. On top of this, the Notifiable Data Breaches Scheme adds complexity with many organisations still not having the process to adequately detect, manage or report data leaks or malicious attacks.


The most common Microsoft Teams and Office 365 missteps

When things don’t go as planned, a range of problems that can quickly become difficult to correct. Here are some of the most common – and avoidable –we see when it comes to adopting Microsoft Teams and Office 365 across an organisation.

Telecommunications planning

With baked-in call, video, and messaging functionality, Microsoft Teams offers an integrated communication platform. Migrating from traditional phone lines or Skype for Business into Teams may appear straight forward, but without governing rules for managing calls – specifying policies on when and who to record, as well as call storage and access – there can be user confusion, reuse and rediscovery chaos and an impact to successful organisation-wide adoption.

Information management

When not architected and governed, large-scale adoption can result in a sprawl of unclassified document libraries, isolating information and making searching and discovery time-intensive and increasing duplication instead of enabling reuse.

With a well planned information strategy and architecture, organisations can stitch in a templated Microsoft Teams site and link SharePoint to the information architecture. This ensures everything is audited, stored and managed properly, with perimeter and security settings tailored to protect the information under management and to your security strategy.

External team access

With external users able to be invited to collaborate and communicate in Microsoft Teams and Office 365, it’s critical to define access controls for these third parties to ensure the company assets are protected. For example, when a mining company neglected to define boundaries around Microsoft Teams access, they inadvertently provided access to internal conversations and IP to offshore representatives and their joint venture partners. The risks to the business were significant and could have been easily avoided with an appropriate governance strategy in place.

Internal team boundaries

It’s normal for team members in an organisation to spin up a channel in Microsoft Teams to discuss a new topic or project. However, this can create a threat nightmare for an organisation if they lose control of who has access to information, and what they are using Teams for. It is a necessity for IT to balance controls over security and risk whilst supporting instant communication and collaboration.

Multiple entities

It’s not unusual to see large organisations operate a number of individual entities under one umbrella, with a single instance of their technology platforms supporting all businesses. If there’s no defined boundaries between the legal entities, the chance of sharing IP, breaking confidentiality or Chinese walls – inadvertently or otherwise – with other areas of the business increases.

The wider Microsoft ecosystem

Teams is one part of the Microsoft ecosystem, with many products all designed to work together – from Azure and Office 365 through to the Power Platform. These products and apps can be plugged into Teams to enhance the platform’s functionality, but without proper governance for the ecosystem, these can quickly spin out of control, once again adding complexity to management and operations, creating unnecessary cost and resourcing overheads.


Comparison case | Health agencies

Prior to deploying an agency-wide Microsoft Teams deployment, this health agency completed a planning process to identify and prepare for any issues, including defining constraints around working with external agencies. We worked alongside them to deliver a comprehensive strategy outlining the required controls, implementation process, and future support models. This organisational roadmap enabled a smooth transition and successful adoption of the platform.

In contrast, a similar health agency opted to fast track their Teams implementation when faced with a tight deadline. One year on, the lack of boundaries and security needed to effectively manage the platform caused the department to lose a level of control of Teams, making it difficult to reign back in. The lesson here – rushing the rollout, neglecting to plan and not considering governance can be a formula for disappointment.


The Data#3 approach to Microsoft Teams and Office 365 governance

With best practice governance in place right from the start you will be better positioned to get the most from your Microsoft investment – without jeopardising security, privacy or the many business benefits that come from a powerful collaboration platform.

Business Aspect, a Data#3 company, provides comprehensive strategies for Office 365, Microsoft Teams and the broader cloud ecosystem. Beyond IT management, our engagements draw in key stakeholders to consider a variety of risks, including:

  • Governance – developing a comprehensive strategy to encompass Microsoft Teams governance and adoption
  • Finance – Financial models to support the CFO in controlling costs for cloud usage
  • Information architecture Information management strategies to support the end user experience and records management teams
  • Security and risk – Security measures to support IT Management and C-level executives in meeting policy, legal and compliance risks.

Get in contact with our team to learn more about how our governance strategies will help enable a successful deployment of Microsoft Teams and Office 365 across your organisation.