ECS19 - Benjamin Niaulin - MICROSOFT TEAMS FOR POWER USERS MASTERCLASS

2. MICROSOFT TEAMS FOR POWER USERS MASTERCLASS
BENJAMIN NIAULIN
MVP O365 Apps & Services
Microsoft Regional Director
Head of Product at ShareGate

3. ♡ DIAMOND AND PLATINUM SPONSORS ♡

4. BenjaminNiaulin
@bniaulin
Head of Product

5. Agenda
Part 1: Understanding the Basics of Microsoft Teams
• Overview of Microsoft Teams
• Office 365 Groups and the cross-product architecture of Microsoft Teams
• How to plan and prepare your logical infrastructure and navigation
• Different clients
• Licensing
• 3rd party connectors and Integrations
• Getting Started with Microsoft Teams

6. Agenda
Part 2: Operation Governance, Security and Compliance
• Membership, Roles and Permissions
• External Sharing
• Lifecycle Management with and without self-service
• Microsoft Teams Owner capabilities
• Azure AD management options for Microsoft Teams and Office 365 Groups
• Security and Compliance Center
• Preventing Data Sprawl
• Ensure security and privacy integrity of your data

7. Ok,soyou’vegonethroughthechecklist

8. And moved to
Office 365, but
stayed like before

9. The Journey we are on

10. Microsoft Teams enables that transformation

12. Our Workplace is
changing in every
possible way

13. https://www.avanade.com/en/blogs/avanade-insights/collaboration/microsoft-teams-supercharges-collaboration-for-millennials-to-boomers

14. AN ACTIVITY-BASED
OFFICE IN ICELAND

15. And Work has often
started from where
we communicate

18. US
WE
ME OneDrive, Mailbox, 1:1 Chats, Calls, etc…
Teams, SharePoint, Planner, etc…
Home Sites, Communication Sites, Yammer, etc…
Looking at work differently

20. WHAT
IS IT?

21. IT’S ACTUALLY
MORE OF A
BRAND

22. HUH?

23. ME WORK - ONEDRIVE

24. In the ME work we’ll find Skype for Business
• Interoperability between Teams and Skype for
Business is currently available for peer to peer
(P2P) instant messaging and calling only.
• For a Teams user to send an IM to a Skype for
Business user, the Teams user must be enabled
with their account homed in Skype for Business
Online.
• Incoming Skype for Business messages and
calls can be responded to on the Teams client

25. In the WE work we’ll find “Teams Hub for Productivity”
Chat, content, people, and tools live in a team workspace
Voice and video meetings right within Teams
Built-in access to SharePoint, OneNote and Planner
Work with Office and other documents right in the app

26. ME WORK - TEAMS

27. THEN WE HAVE
MICROSOFT TEAMS, TEAMS

30. WE WORK - TEAMS

31. BUT HOW DOES IT
ACTUALLY WORK
BEHIND THE SCENES?

32. First,let’seliminatesomeconfusion
“Office 365 Groups vs SharePoint vs SharePoint Classic vs Microsoft Teams”
It’s just not something to compare

33. What do we mean by Classic SharePoint?

34. What do we mean by Modern SharePoint?

35. What do we mean by Modern SharePoint?

36. COMMUNICATION SITES

38. What’s gone?
• Tree View
• Publishing*
• Content Organizer
• Tags and Notes
• Ribbon
• “Get Started with your site”
• RSS Feed

39. New list experience

40. The SharePoint Pages & Web Parts
No more Master Pages
with Page Layouts and
figuring out how to
edit your pages.

41. SharePoint Search
From Classic to Modern with the Graph

42. New UX designed to work
on mobile devices
https://techcommunity.microsoft.com/t5/Microsoft-SharePoint-Blog/What-is-Modern-SharePoint-and-Why-Should-I-care/ba-p/161941

43. SharePoint Customizations
Complicated to Simple
Classic Modern
SharePoint Designer
InfoPath
SharePoint Workflows
Sandbox Solutions
SharePoint Framework (SPFx)
PowerApps
Microsoft Flow
https://msdn.microsoft.com/en-us/pnp_articles/modern-experience-customizations-customize-sites
Custom Actions

44. https://sharepointlookbook.azurewebsites.net/

45. WE WORK - SHAREPOINT + CLASSIC VS. MODERN

46. BEYOND JUST
SHAREPOINT

47. SP 2007 SP 2010 SP 2013 SP 2016
SP 2007 SP 2010
IT
USER
WE REALIZED WE WERE BY-PASSING IT

49. WHAT
HAPPENED?

50. NOT ENOUGH
CHOICES

51. “I KNOW! WE HAVE
SHAREPOINT LICENSES, WE
SHOULD USE THEM FOR
<INSERT ANY PROBLEM I HAVE HERE>”

52. UNFORTUNATELY SOME HAVE BEEN
USING IT LIKE A HAMMER
looking for any nail they could find

53. SMALL TEAM ON A PROJECT?

54. SHAREPOINT!

55. LARGE TEAM ON A PROJECT?

56. SHAREPOINT!

57. NEED A CRM?

58. SHAREPOINT!

59. RELATIONAL DATABASE?

60. SHAREPOINT!

61. NEW WEBSITE?

62. SHAREPOINT!

63. WEB DEV FROM SCRATCH?

64. SHAREPOINT!

65. HAM SANDWHICH

66. SHAREPOINT?

67. WE WILL TURN
EVERYTHING
INTO
SHAREPOINT!

68. SO MICROSOFT
INTRODUCED “CHOICE”
WITH CENTRALIZED
MEMBERSHIP

70. BOTS CONNECTORS
SPFX
SHAREPOINT!
APPS
FLOW,
POWERAPPS,
etc…

71. Going FLAT to go Modern
Subsites cannot be Modern
O365 Groups only work
with Top Level sites
Rethink architecture with
Hub Sites

72. Microsoft’s vision is not a top down architecture
http://aka.ms/PlanningSPhubsites

74. Three tiers of branding and navigation
Organization logo + nav
Logo graphic + link
Nav bar background color
Set in 0365 Admin Center
Hub logo + nav
Logo graphic + link
Nav bar background color
3 tiers of navigation
Site logo + nav
Logo graphic + link
Hover card
Navigation (either horizontal or left)

75. AND IN CASE YOU HAVEN’T HEARD ABOUT PLANNER

76. The Modern Workplace

77. EXPLORING “COLLAB” VIA O365 GROUPS

78. IN OTHER WORDS,
MS TEAMS ISN’T A
MAGICAL UNICORN.
BUT A GROUP CHAT

79. SharePoint Required
• SharePoint Online is a required component for Teams.
• If you don't have SharePoint Online enabled in your tenant, Teams
users are not always able to share files in teams.
• Users in private chat will not be able to share files because
OneDrive for Business is required for that functionality.

80. Teams
• Collection of people, content, and tools surrounding different projects
Channels
• Dedicated sections within a team to keep conversations organized
• Places where everyone on the team can have open conversations
• Can be extended with Tabs, Connectors and Bots
Teams vs Channels

82. Full-functioned chat
client that can be used
from a variety of
browsers.
Doesn’t yet support
conferencing.
Desktop
Provides support for
audio, video, and content
sharing for team
meetings, group calling,
and private one-on-one
or private multi-party
calls.
Mobile
Geared at users participating
in chat-based conversations
while on the go , and
currently allows users to have
peer-to-peer audio call.
Clients for Microsoft Teams
Web
Clients

83. Platform Requirements
Web
Edge: 12+
Internet Explorer: 11+
Chrome: 51.0+
Firefox: 47.0+
Safari (coming soon)
Desktop
Windows 7+ (7, 8, 8.1, 10)
Both 32 & 64 bit available
Mac OSX 10.10+
Mobile
Android 4.4+
iOS (iPhone and iPad) 10+
Windows Phone 10.0.10586+
Requirements

84. Licensing and licensing management

85. Microsoft Teams Licensing Requirements
Business Essentials
Business Premium
Enterprise E1
Enterprise E3
Enterprise E5
Enterprise E4 (retired)
Education
Education Plus
Education E5
Education E3 (retired)
Licensing

86. Microsoft Teams License Assignment
By default, the Microsoft Teams license is enabled for all users assigned with the
eligible Office 365 subscriptions
Licensing

87. Connectors, Bots
and Apps

88. CONNECTORS
Connect what make sense from
3rd party services into your
Groups via Teams Chat or Email
Keep your group current with content and
updates from other services.

89. Then what’s an app?
https://docs.microsoft.com/en-us/microsoftteams/platform/concepts/apps/apps-overview

90. CONNECTORS AND APPS

91. Customizations

92. FORMS
WORKFLOWS
DATA ENTRY
SIMPLE DATA
VISUALIZATION

93. PREVIOUS
SOLUTIONS
INFOPATH
SHAREPOINT
DESIGNER
EXCEL SURVEYS
ACCESS

94. OUR FAVORITES ARE
GOING TO END SOON
(EVENTUALLY)
SHAREPOINT
DESIGNER 2027
INFOPATH APRIL 2023

95. POWERAPPS
&
FLOW

96. POWERAPPS
HELPS YOU CREATE APPS
FOR PHONE AND TABLET
CONNECTED TO 1 OR
MULTIPLE DATA SOURCES
EVERYTHING WE EXPECT FROM AN
APP TODAY (INK, PEN, MULTIPLE SCREENS, CAMERA, ETC…)

98. COULD IT BE
THE FUTURE OF
FORMS?

99. OK, WHAT ABOUT
THE NEW
MICROSOFT
FLOW?

100. SIMILAR TO
IFTTT, ZAPIER
GETTING
BAKED INTO
SHAREPOINT
SIMPLE WORKFLOWS
CONNECTED TO MULTIPLE
PRODUCTS

102. CUSTOMIZATIONS

103. Limits and Specifications

104. https://www.successwithteams.com
https://teamworktools.azurewebsites.net/tft/index.html
http://teamsdemo.office.com
https://docs.microsoft.com/en-us/microsoftteams/planning-workshop-practical-guide

105. I FIND THERE ARE 2 TYPES OF
ORGANIZATIONS THAT ADOPT TEAMS

106. PART 2

107. If you deployed
Microsoft Teams before
the next part, you are in
for quite the ride

108. We’ll have to go over a few things

110. “Proliferation is bad because it leads to fragmentation and
duplication of content. User searches for content, doesn't find it
because they don't have access. User assumes it doesn't exist, so
creates a new site and invites their friends. Rinse and repeat for
EVERY USER.”

111. “1) either we're working in a regulated environment where IT needs
to control where information lives, data ownership, access, etc.
(business is still involved but IT has overall control), or 2) the org
wants to avoid sprawl”

112. Isn’t necessarily linked to
company culture. Fun toy
organization with slides in
the office said the same.

113. “It’s a feeling. The feeling of not being in control. What’s going to
happen with all these sites? Who’s managing those? Who’s
maintaining those? Who’s cleaning them up? It’s hard to fight
emotion with rationale.”

114. So I looked at my data

115. Naming conventions Lifecycle management for Office365 Groups
Prevention of content duplication Classification
Content location for hybrid environments
Ownership regulations/Permission management

116. Roles & Permissions
Team owners are able to invite anyone in the organization they work
Three roles in Teams:
• Owner: person who creates the team or assigned the role.
Responsible for managing team-wide settings and membership,
including invitations
• Team member: the people that have been invited to join the team
• Guests: Office 365 users who are outside of your tenant can be added to
the team by team owners (more info @ aka.ms/guestaccesshelp)

117. Roles & Permissions
Team Owner Team Member Team Guests
Create team ! - -
Leave team ! ! !
Edit team name/description ! - -
Delete team ! - -
Add channel ! !* !*
Edit channel name/
description
! !* !*
Delete channel ! !* !*
Add members !** - -
Add tabs ! !* -
Add connectors ! !* -
Add bots ! !* -

118. Managing Microsoft Teams
in different locations

119. Communicate Usage Guidelines
Integrated Usage
Guidelines
Privacy Settings

120. • Sensitive Groups can be hidden (from GAL and
membership)
• Set-UnifiedGroup
-HiddenFromAddressListsEnabled $True
–HiddenGroupMembershipEnabled
• Caveat: Make sensitive groups private to avoid casual
searches for confidential documents
• Good idea for users to mark secret groups as favorites
so they are easily accessible in all clients
• The CalendarMemberReadOnly flag can be set with Set-UnifiedGroup to stop members
deleting calendar items in sensitive groups
Secret Groups

121. • Originally created as a setting in an OWA mailbox policy• OWA mailbox policy is still used for OWA and Outlook 2016
• New implementation as an Azure Active Directory settings
object• Used to control the ability to create groups through Planner, Dynamics CRM, Power BI and the Outlook
Groups app
• Will eventually control the ability to create groups everywhere
• Basic idea:• Decide to implement a block on general group creation
• Define a list of users who are permitted to create groups (in an AAD distribution group or Office 365
Group)
• Create directory setting object and update settings to implement block by restricting creation to permitted
list
• Clients and integrations access AAD to retrieve directory settings and implement block/permitted list
Group creation policy

122. [PS] C:> Connect-MsolService
[PS] C:> $Policy = Get-MsolSettingTemplate –TemplateId
62375ab9-6b52-47ed-826b-58e47e0e304b
[PS] C:> $Setting = $Policy.CreateSettingsObject()
[PS] C:> $Setting[“EnableGroupCreation”] = "false"
[PS] C:> $Setting[“GroupCreationAllowedGroupId”] =
"a3c13e4d-7083-4448-9224-287f10f23e10"
[PS] C:> New-MsolSettings –SettingsObject $Setting
Group creation policy
Retrieve template
id
Prepare new
setting object
Update settings to
block creation and
assign permitted
list
Create the
directory setting
object
This is the object id of the
group that contains the
permitted list
Connect to
Azure AD

123. Include usage guidelines and Group
classifications in the directory setting object
[PS] C:> $SettingID = (Get-MsolAllSettings –TargetType Groups).ObjectID
[PS] C:> $ExistingSettings = Get-MsolSettings -SettingId $SettingID
[PS] C:> $Values = $ExistingSettings.GetSettingsValue()
[PS] C:> $Values[“UsageGuidelinesUrl”] = “http://office365exchange.com/
GroupGuidelines.html"
[PS] C:> $Values[“ClassificationList”] = “General Usage, External Access,
Internal Only, Confidential”
[PS] C:> Set-MsolSettings -SettingId $SettingID -SettingsValue $Values
Group creation policy
Retrieve ID for
current settings
Retrieve existing
settings
Set new values
Update directory
setting object

124. • Stored in Exchange organization
configuration setting
• Also used by email DLs
• Common implementations:
• Include prefix in name “GRP – group name”
• Include department in name “ Operations – group name”
• Set through EAC or PowerShell
• Administrator can override to create a group named
according to their requirements
• Set-OrganizationConfig
-DistributionGroupNamingPolicy
“GRP - <Department>
Group naming policy
Warning: Use the same
policy on both sides of a
hybrid deployment!

126. • Check audit records for
SharePoint file activity in
document library with
Search-UnifiedAuditLog
• Check the number and
last date of conversations
in group mailbox with Get-
MailboxFolderStatistics
Identifying Inactive Groups
See script at https://
gallery.technet.microsoft.com/Check-for-
obsolete-Office-c0020a42

127. Directory of Teams from Tony Redmond
https://github.com/12Knocksinna/Office365itpros/commit/de90ce065e6104c764ce508021f944f0299e583b
Duplicates - we shall find you

128. • Dynamic Office 365 Groups are implemented
through queries executed against Azure Active
Directory
• The queries defining group membership can only be created and maintained through AAD console
• Requires AAD Premium license for every account that comes in scope for a query used by a
dynamic Office 365 Group
• E.g. “All Company” group for 10,000 user company = $60,000/month cost
• Cost is not an issue if the organization uses AAD Premium licenses for other reasons (like
writeback for hybrid synchronization, password self-service, or the Enterprise Mobility Suite)
Dynamic groups

129. • Requires PowerShell
• Default Domain + Primary SMTP + Group ID
• Email address templates dictate the form of email
addresses assigned to new groups
• Not retrospectively applied
Multi-domain support
[PS] C:> New-EmailAddressPolicy –Name MarketingGroups
–IncludeUnifiedGroupRecipients
–EnabledEmailAddressTemplates
"SMTP:@Marketing.MyDomain.com", "smtp:@AnotherDomain.com"
-ManagedByFilter {Department –eq "Marketing"} –Priority 1

130. • Restricted version of browser “Files” view can be accessed
by guest users
• Can access cloudy attachments
• Can’t see full tenant GAL
• Can’t access conversations
• Restricted view of group members
• No mobile access
• No access from Outlook
• No way to block specific guest users
• Design issue: should you allow guest users access to “full”
groups or “special” groups
Guest user access

131. User managed
• Guest inviter role - Setup a policy
so that users with this role can
only invite guest
• This can be set using user AD
properties such - Title, Job
Description
Domain managed
• Admins can create an allow/deny list of
external partner domains that can be
added as guests.
Group-Level
• Manage guest access at Group
Level
Policies for Guest Access - Best PracticesReach
Title = Manager Guests User Guests
IT approved list of domains
Only IT admin
Guests

132. Managing and governing Office 365 groups at scale
Creation permissions
Naming policy
Expiration policy
Soft delete and restore
Guest access
Reporting
Policies and information protection
Azure AD access reviews
Upgrade DLs to groups in Outlook

133. I recommend you:
This is bigger than Classic to
Modern SharePoint.
It’s the architecture, going
flat and using Office 365
Groups
What is your Office 365
Groups expiry and retention
policy?
Keep visibility on growing
environment
Figure out what your
provisioning cycle looks like
to be ready for self-service
later on
Modernize Plan Provisioning Prevent Sprawl
Beyond individual products,
make sure the right
Classifications, Labels,
External Sharing, etc…
policies are in place
Cross-Product Governance
The self-service nature of
Microsoft Teams can only be
successful if you planned
accordingly
Enable Microsoft Teams
They create, collaborate and
distribute. They also need to
validate all is ok.
Activity, Sharing and other
things happening in their
group.
Make Owners Accountable

134. Cross-Product
Governance
Security/Compliance

135. Audit
• Audit allows to investigate specific activities across Office 365 services
• By default turned off
• Will record last 90 days starting when enabled
• Private preview: 365 days for E5 or E3 with Advanced Compliance add-on
• Event displayed 30 minutes of event occurrence
• Reactive: review past events
• Proactive: get email notification for new events
Who created Team “Contoso”?
Who changed the Channel
settings?
Who made Mallory a Teams
owner?
I want to know whenever a
Team is created!

137. Content Search
• Chat and channel messages
• Results will be displayed as individual messages, not as threaded conversation
• Meta data for calls and meetings
• Putting content on hold
• Without hold, only latest version can be retrieved and no deleted items
• With hold, all previous version and deleted items can be retrieved
• Results can be exported
Who posted about “Longhorn”?
I need to find all message from
Mallory!
What messages have been
posted to channel “Secret”?
What was the content of a
certain deleted message?

138. Hold
• Define locations and conditions
• Same as for content search
• Once hold is enabled
• All versions of modified items will be kept
• Deleted items will be kept
• Can be configured via Exchange portal or eDiscovery case
• Data Locations
Scenario What to place on hold
Microsoft Teams Private Chats User mailbox
Microsoft Teams Channel Chats Group mailbox used for the team
Microsoft Teams Content (e.g. Wiki, Files) SharePoint site used by the team
Private Content OneDrive for Business site of the user

139. eDiscovery
• Electronic discovery is the electronic aspect of identifying,
collecting and producing electronically stored information (ESI)
in response to a request for production in a law suit or
investigation.
• Create “case” for eDiscovery process
• Combines a set of searches and hold configuration
• Hold can be configured directly from eDiscovery
• Search can be scoped to items on hold
• Results can be exported

140. eDiscovery dashboard

141. Supervision
• Allows proactive monitoring of communication
• Can be scoped to specific users or groups
• Based on conditions
• Percentage of message to review
• Define reviewers
• Can mark content as compliant, resolved, questionable or non-complaint
• Supervision check happens every 24 hours
I want to review if someone
posts about “Longhorn” with
someone external to the
company!
I want to review if someone
posts medical and health data!
I want to assigned different
reviewers based on alert

142. Supervision: Conditions
• Define based conditions such as
• Direction: inbound/outbound/internal message
• Message received/sent by certain domains
• Sensitive information types
• ~100 predefined types such as credit card or social security number
• Custom data types with own custom dictionary/lexicon
• Intelligent filters for offensive language
• Currently in private preview

143. Supervision

144. Retention
• Supports preservation and deletion
• Preserve data certain timespan
• Delete data after certain timespan
• Can be combined
• Configuration
• Can be based on file creation or last modified
• Can be scoped to specific users or groups
• Can be configured independently for chats and channels
• Retention is effective on the back-end
• If user deletes messages, they will stay discoverable for admins
• Advanced retention settings currently not supported
• Use content search to review retained data
For legal reasons, we need to
retain some data 7 years.
Other data we need to delete
after one year.

145. Retention
• (Current) minimum for retention is 30 days
• Retention is retroactive
• E.g. a policy set to delete content after 60 days, will delete all older content when
enabled
• Possible delay in deletion
• Exchange Life Cycle assistant (ELC) runs daily, but it has an SLA of 7 days
• E.g. with retention policy to delete after 60 days, these items could persist for up to 67
days
• In most cases, there is no delay

146. Principles of retention
• Overlapping policies follow these principles
• E.g for chat conversations where two users have different policies

147. Retention

148. It’s going to be ok

149. The Modern Workplace

150. thank you
questions?
SHAREGATE.COM/BLOG@BNIAULIN