Governance is not always the first thought when it comes to trying to get people to quickly adopt the latest and greatest tools, especially if you’ve been tasked with rolling out Microsoft Teams to as many people as possible in your business, as quickly as possible.

It is critical though, and if you neglect to create a governance strategy for Microsoft Teams you will at best have a mess of Teams created or at worst – legal troubles to deal with.

On the show today Jay talks me through some of the key areas you need to consider – like who you need to talk to, what tools within the Office 365 suite you need to configure to meet governance needs – and how to put it all together.

As always – the notes from the show today:

• WHO: Understanding roles and their needs:
  • Business
    • Accomplish business goals as simply as possible – if it’s too hard/difficult find another way
    • Limit business disruption
  • Security officer
    • prevent data leaks and breaches
    • protects high value information
  • Legal
    • Comply with retention periods
    • Support eDiscovery
  • Employee
    • Get out of my way
    • Make it easy for me to get my work done fast
    • Let me share easily, but protect my secret stuff
  • IT admin
    • Manage the increasing volume of data
    • Keep up with changes services and threats
    • Make all other roles happy

• HOW: How to successfully Govern: It’s all about container and content governance which involves several important focus points to help ensure that our date is safe and secure.

• Empower employees
  • Support self-service creation
  • Use life-cycle management

• Identify valuable content
  • Requires classification for containers
  • Scan with data loss prevention (DLP)
• Protect assets
  • Limit reach
  • Enforce policy
  • Use conditional access
  • Use Information Rights Management (IRM)
• Ensure accountability
  • Manage group/site owners
  • Review external membership
  • Use IT services

• Pulling it together
  • Key decision points can be:
    • Who can create teams
    • Teams naming conventions
    • Guest Access
    • Approved Apps
    • Scheduling of meetings / Recording of meetings
    • Data Security
  • Spin up an early adopters’ pilot to understand how this will impact your business, but also impact any regulatory implications.

• How do we protect the content?
  • Azure Information protection (AIP)
    • Employees label files themselves
    • Prevent external people not in protection policy from opening the file(s)
  • Data loss protection (DLP)
    • Protect things like Credit card numbers, national insurance numbers, social security numbers
    • Detect and prevent oversharing
    • Manage DLP policies across other office 365 workloads
  • Protecting the group
    • Run jobs to change Team settings based on Team classification
    • Unified labels will bring this to Office 365 groups

If you are at Microsoft Ignite the Tour this week, check out Jays’ sessions here where you’ll find out about some of these topics in more detail. And as always, you’ll find Episode 23 above, and at our podcast site, on iTunes, Spotify, TuneIn Radio, Stitcher, Google Podcasts and you can subscribe with your favourite podcast app using the feed. If you’ve got any suggestions for what you’d like to hear on the next shows, let us know. You’ll find us on Twitter as @SteveGoodman & @jaywynn