What is Governance, Security & Compliance?
The term governance, especially for Teams, is not really a fixed area of focus and covers multiple business areas. Setting up Governance for MS Teams will require input from different parts of the business from teams managing compliance to teams managing the technology.
Microsoft Teams is part of the Office 365/Microsoft 365 suite so your assessment and setup will not only apply to Teams.
Managing the structures and lifecycle of Microsoft Teams and its data:
■ Who can create teams?
■ Naming policies & blocked words
■ Classifications/sensitivity labels
■ Deleting and archiving teams
■ Expiration polices
■ Application access
■ Guest access
Ensuring your data is safe, which would cover areas such as:
■ Internal and external access
■ Data loss prevention
■ Legal hold
■ Data location
■ Access reviews
■ Compliant content search
These are just some of the security elements, however, Office 365/Microsoft 365 offers a huge range of security features that will enhance the security of your estate and data even more such as MFA, ATP and Conditional Access.
This can be different for each organisation depending on what standards you adhere to, for example, GDPR. To meet your compliance regulations you will have to factor in the compliance requirements and the security and governance of Teams and how this applies. In short, compliance is about meeting the requirements.
Why is Governance important?
When you setup Teams, Microsoft will apply default settings which may go against your business requirements.
- For example, if DLP is not applied or the correct classifications are not in place for Teams, it could result in accidental data leak.
- Business reputation might be at risk of not compliant and meeting regulations.
Ensure you have ticked all the required boxes and do not get caught out.
Avoid hundreds or thousands of teams being created and losing control of data and access.
- Access to the correct teams and correct data
- Ease of use and process to follow without impacting day to day work, while following the necessary rules & regulations.
Who should care about Governance?
Governance will touch many business areas so this is typically not the job of 1 person but a team of people who all have different skills and responsibilities.
These teams normally include:
■ IT & Security – to help manage Creation & Lifecycle, Security of Data, Internal & External access.
■ Legal & Compliance – to help control the access and retention/removal of data. IT would typically not decide what data to keep, who has access and when to delete but would apply the configuration.
■ Business Users – Usually Business Users would not have input to the Governance deployment but factoring in the user experience and usability of Teams, a vital part of Governance is Teams uptake and not shadow IT.
It’s important to note that throughout your Governance journey, make sure the user experience is factored into discussion.
Governance is important and should be correctly setup especially for legal and compliance reasons but it is equally important to keep in mind the User Experience.
If the level of process and governance it very strict then this might result is shadow IT which will defeat the purpose of everyone’s hard work. Balance is important you may have stricter polices for teams with guests but more flexibility for internal only teams.
How can Exactive help?
As you can see Governance is big topic covering a number of areas and enabling Governance should be at the forefront of any Teams project.
Exactive can help by helping you to complete your Teams Governance design and implementing the required settings.
With our Teams Governance Design, our Teams consultant will go through the options you have to understand and if you need to turn them on or not, we will then go into detail about how you implement the choices you make.
At the end of the engagement you will have a document detailing your low-level design choices for Microsoft Teams and how you will implement them.
Microsoft Teams offers a rich set of tools to implement your organization’s governance requirements. Administrators can control messaging, meeting, calling, live-event features, and more for their organization using messaging policies. Teams is also backed up by the advanced security and compliance capabilities of Microsoft 365 and supports auditing and reporting, compliance content search, e-discovery, Legal Hold, and retention policies. Different policies can be applied to all users by default or per user as required by your organization.
Teams Governance covers many areas below are some of the areas covered.
- Teams Creation
- Naming Conventions
- Guest & External Access
- Approved Apps
- Content Management
- Messaging & Meetings
- Data Loss Prevention
- and more..
This suite of tools can essentially be utilised so a business can operate how it needs to while making sure the rule/guidelines are followed and that there org the users and data are secure.
To correctly setup Teams Governance you will need to have the correct people from your business to aid with the design….
The best approach is to complete a Governance Workshop to help design and document your Governance requirements. This way your business will have a better understanding and plan that can be reviewed and signed off prior to execution.
Yes if this is the business choice but by leaving the defaults you are choosing to accept the Microsoft defaults which may not meet your business requirements.
- Once you have successfully put Teams Governance in place you can complete ongoing maintenance & reporting using the following toolsets
- Teams Admin Center
- Microsoft Graph
- Third Party products
- Additionally you can also stay up to date using the What’s New in MS Teams Webpage and MS Teams Blog. These resources will help you plan for new features or settings.
Yes you can lockdown your teams for just internal use.
- We recommend the following resources to get the latest updates on Teams: