Organizations around the world have been forced to act fast this year to enable their teams to work remotely in light of the global pandemic. A huge part of this is providing employees with tools such as Microsoft Teams that allow remote collaboration when you can’t meet face-to-face. This has led to a rapid increase in the number of daily active Microsoft Teams users, now at 75-million, up 70% since March.
Although Microsoft Teams is an excellent tool, the urgency of uptake to provide remote access has meant many organizations have overlooked two very important elements – governance and compliance.
8 Microsoft Teams Governance & Compliance Issues
It looks like remote work is here to stay. So, to ensure your team can continue to work securely here are 8 common Microsoft Teams governance and compliance issues you should consider addressing if you haven’t already.
1. eDiscovery in Microsoft Teams
If you ever are in a situation where you are facing litigation, you will need to provide a wealth off content including calendars and conversations related to specific individuals, projects and teams. This can prove challenging in Microsoft Teams where relevant content can be distributed across Teams and Channels, especially if you don’t have clear guidance and governance around when to create new Teams and who can create them (we will dive deeper into this shortly!).
If you don’t have the tools in place to provide thorough documentation, you are putting yourself at risk of extensive litigation and potential fines. So, it’s good to keep eDiscovery in the back of your mind and how you could support the process if you found yourself in litigation.
2. Security and Permissions
Microsoft Teams is designed to support team members, but it also allows you to add guests that are external to your organization. This means that sometimes it can be easy to lose track in regards to who has access to what.
Another consideration is that the security and permissions for Teams and Channels are different. When it comes to Channels within Microsoft Teams, it’s all or nothing – you don’t have the same controls that you do with individual Teams. This can be confusing for your end-users and employees, so it’s important to have a well thought out and implemented Security and Permissions to limit the risk of a data or security breach.
3. Data Residency
Data residency laws essentially control how a nations citizens or residents data is collected, stored and used within an organization. It is especially important for multi-national organizations that have offices across different countries as different countries have different data laws. Therefore, a major risk to distributed organizations is the requirement to abide by the data protection and compliance regulations of each individual nation.
4. Data Exfiltration Risk
Simply put, data exfiltration risk is the risk of data ending up in the wrong hands. Collaboration and knowledge sharing are the core pillars of Microsoft Teams, covering chat, file sharing and voice messaging. However, with the mindset towards collaboration over security, there are significant risks that files and data might be acquired by non-authorized individuals. Therefore, when using Microsoft Teams it’s important to consider how you can protect your content.
5. Microsoft Teams Governance Data Life Cycle
How long do you need to have your data? Are there certain regulatory rules associated with your content? It can be very common for Teams and Channels to be created, used for a brief period, and then abandoned. This can directly conflict with data governance policies and can open up your organization to potential risks. It also impacts the acracy of search and the relevance of content being sought by employees.
It’s important to have a Microsoft Teams Governance Data Life Cycle strategy in place so you can securely hold on to data and content that is significant and of legal importance, whilst also having a process to remove content that is no longer relevant.
6. Microsoft Teams Governance - Controlling Teams Creation
Another important Microsoft Teams governance consideration is Teams creation.
Creating Teams should be controlled to ensure that duplication of Teams, Channels and Associated data is minimized. Within Office 365, you can control who can create groups and this is the underlying structure that Teams are created on.
The core element to define is: Who will be able to create Groups and Teams in your organization?
Limiting the creation of Teams can aid in controlling sprawl and enforcing structure at the cost of self-service and additional load on the IT team.
If anyone can create Teams and Groups, then you’ll need to have other governance in place. Otherwise, you may find yourself in a situation where you quickly have thousands of Teams, most of which are inactive and add no value to your organization.
On the other hand, if you decide to limit who can create Teams and Groups, then you will need to define a process that users can follow to request their creation. Many organizations will automate this process using applications like Flow, PowerApps or even custom code.
7. Naming Conventions for Teams and Channels
Once an organization has been using Microsoft Teams for a while it can be confusing to understand the focus and audience of a specific Team or Channel. The ability to add a naming convention is an important Microsoft Teams governance consideration to eliminate confusion and minimize sprawl. After all, how you name your Teams will have a huge impact on the findability and usage of Teams.
There are a number of capabilities that you can use within Microsoft Teams so you can enforce your chosen naming convention. You can set a group naming policy to add a specific prefix to the group name, as well as setting a list of blocked words that you don’t want to be included in the names of Teams and Channels.
8. Application Management
Employees have the option of adding additional third-party apps such as Salesforce, Smartsheets or hundreds of others. This is great from the end-user perspective as it allows you to customize your experience.
However, from a Microsoft Teams governance and compliance perspective, this ability to add apps poses significant challenges for IT departments. IT must ensure that 3rd party apps, connectors and/or bots are not sending confidential data to a 3rd party that has not yet been vetted in terms of security or compliance.
Therefore, you need to consider which apps you want to give your users access to as well as which applications are the default for your users. Following on from this, you will need to ensure that users cannot add other third-party apps.
Work Smarter in Microsoft Teams with Orchestry
We hope these Microsoft Teams Governance and Compliance considerations have got you thinking about how you can improve your Microsoft Teams set up to make it more secure and minimize risks for both your organization and it’s employees.
At Orchestry, our mission is to make work simple in Office 365, MS SharePoint and Microsoft Teams, by empowering your IT Administrators and employees to define a winning Microsoft 365 adoption and change management strategy that provides a roadmap of what to use when, for what purpose. Orchestry increases usage and adoption while empowering through governance and simplifies through intelligent provisioning in Microsoft 365, organization-wide at a fraction of the cost, on a subscription basis.