1. Governance in MS Teams
A guide to specifically address governance in MS Teams
Don Daubert
Covenant Technology Partners
Twitter @sharepointroxs
LinkedIn https://www.linkedin.com/in/ddaubert/
ddaubert@mailctp.com
2.
3.
4. Goal for this session
A brief refresher
on the Governance
process
Why are we
covering this?
Deployment
Security Teams Features Archiving
Monitoring Adoption
5. Governance Process
Stakeholders
Senior Management
HR Management
IT Management
BU
DiscussionsMeetings
Agenda
Meet Monthly
Written Plan
O365 but specifically address
these
• SharePoint
• Teams
• OneDrive For Business
Accessible
Flexible Living Document
6. Why are we covering this?
Skype for business
end of life
July 2021
Because of this there has
been an increase in Teams
deployment projects
If you’ve already
turned on Teams you
may have already
experienced
“sprawl”, inconsistent
naming, or have
security issues
Governance before
Implementation if
possible
Security
7. Teams Deployment
Desktop Client
SCCMWSUS
With O365 Pro Plus (v.1902)
Intune
With a GPO
Powershelllogon script
VDI Deployment
Group Policies for Teams
Prevent Teams from Auto Launch
Or Reg Entry
Teams CreationRequest
How to limit Teams creation
•Teams Creation
•Azure AD Premium licenses or
Azure AD Basic EDU licenses
Who can create Teams? IT, Support
Desk
•O365 Groups Limitations
How do users request a Team be
created?
•Form
•Automated Flow
9. Sharing
Guest Access –
Overview
Authorization
Authentication
Limitations:
• OneDrive for Business
• People search outside of Teams
• Calendar, Scheduled Meetings, or Meeting Details
• PSTN
• Organization chart
• Create or revise a team
• Browse for a team
• Upload files to a person-to-person chat
• Guests can still search and find users (outside their team) if they know the
user's full email ID. To prevent this, IT admins can use patterns like scoped
directory search that have the ability to restrict guests to their own virtual
GAL.
• Currently, Teams supports only State 1 and State 2 types of guest users
10. DLP
Data Loss Prevention – Overview
Keep sensitive information from being
exposed externally.
• E3 for Files Shared in SPOTeamsOneDrive
For Business
• E5 Now supports DLP for Teams Chat and
Channel Messages
• Policies – Create policies to keep data
safe
• Policy Tips – Educate Uses
• Policy Actions – Actions to take
11. Labels
Sensitivity Labels – Overview
Use in DLP Policies
Applied In Team also applies in
SPO and vice versa
In Preview Enable with Powershell
12. Information Barriers
Prevent Teams from sharing data or
communicating with other specific Teams
Prevent team from sharing data or
communicating outside of Team
Common in Financial Industry
Complexities to implement
Enable scoped directory search
Verify Directory Data
Audit Logging ON
No address book policies
Powershell
Segment users
13. Teams Features
Organization
Settings
Apps
External Access
Guest Access
Notifications and Feeds
Email Integration
File Sharing
Devices
Co-Existence
Teams and Channel
Policies
Default
Custom
Messaging Policies
Chat and Messaging
Features
Apps, Bots,
Connectors
Tabs (Pin Services and
Connectors)
Chat with bots
Task Sharing
Privacy and access
Activity Reports
Manage Meetings
Anonymous
Invitations
QOS
14. Teams Arching, Expiration, Retention
Archiving
1st before deletion
Team Activity ceases
Membership can still
be edited
Channels are Archived
Set SharePoint to Read
Only
Deletion
Delete O365 Group
30 Days Soft Delete
Restore with
Powershell
24 Hrs
Expiration
Not on by default
O365 Group Expiration
Policy
30,15,1 Day
Reminders to Owner
Soft Delete for 30
Days
Works with Retention
Policies
Auto-Renewal
Automatic in O365
Group Expiration
Policy
SharePoint
Outlook
Teams
Retention
Team Conversations
Persistent by default
Preserve and do
nothing
Preserve and Delete
Deletion
For Files set retention
in ODFB and SP