What is governance strategy?

Simply put, governance strategy is about defining people, processes, rules, and structure. Let’s elaborate:

Both governance, adoption, and change management are essential. The governance choices we make impact the adoption strategy. Suppose we decide that the owner of a team is the information owner and responsible for permissions and guests. We need to communicate these responsibilities, and we might need to educate the team owners.

It’s not unusual to collect requirements from legal, compliance, HR, IT, etc. We need to understand the internal procedures and the rules and regulations we need to adhere to.

Make sure to align this to what is practically applicable and does not hinder the end-users from being productive. If we lock down the end-users, they will find other ways and places to collaborate. However, we have the best chance to apply governance if the users stay within the platform.

In an ever-changing evergreen environment, we need to be proactive and keep track of what is coming next and how this will impact the tenant and the users.

A typical governance plan

Scope: defining the scope of what the governance strategy will involve. For instance, you might want a separate Governance board for Azure AD (the product with all the different parts)
Goal & Vision: helps us explain why we are doing the things we do and what’s in it for the users.
Steering group/COE/Governance Board: we need people to ensure the strategy is continuously implemented and updated. They need to consider external factors, new laws and regulations, and business requirements.
Roles & Responsibility: We need to define roles for different use cases and responsibilities. It can be technical roles such as who is Global Admin. But also who is responsible for keeping track of the message center, the M365 roadmap, and using “public preview” in Microsoft Teams. Which department does what? It’s also about collecting people that can make decisions. In larger organizations, people working with M365 might support, making suggestions and giving input to Security and IAM.
Processes & Procedures: Defining processers for Microsoft Teams and group lifecycle. Creation, archiving, removal, and managing Teams. It might also involve establishing onboarding and offboarding processes, getting licenses, and correct groups placement. IAM might also own this.
Settings: for Microsoft Teams and the related workstreams.

What happens without governance?

Out of the box, Microsoft has enabled almost all of the functions and settings in Microsoft Teams. Microsoft has made it very easy to create Teams and get your content into teams to start collaborating, which is an excellent thing. However, we are presented with some challenges if proper governance is not in place.

Commonly, organizations experience Teams sprawl, as a colossal amount of teams are created. Some terrifying examples are around 1000 Teams in about two months. Almost every team made has a different structure; most only have the general channel. We also commonly see test and demo teams, and many teams are not being used anymore, with no owner or members.

Why does it matter if we end up with a messy Teams environment then?

It’s tough for the users to know which team is the correct one if there are duplicates. And with different structures in each team, it’s hard to find things. So you are bound to more context switching with only one channel since you are not correctly using the benefits of Microsoft Teams channels and tabs (more on this in another post). It might also increase the workload on IT, and they might need to rename teams and merge teams - which is not a trivial task.

What can governance do?

Governance could bridge an understanding between business and IT and prevent unnecessary communication misses. By involving both, these groups of people understand the responsibilities and expectations from each other. Good governance increases the end-user experience and drives adoption at the same time. This is realized by delivering functions with a balanced approach to controls around them. By implementing compliance features with the end-user at the center, we make sure to roll them out without affecting productivity and also with helping function to make sure the end-user understands why and when to use specific labels and what the policies mean. In addition, the combination of technical implementation of compliance policies and end-user understanding limits the risk of oversharing sensitive data.

Compliance helps us control sprawl by ensuring we don’t create duplicates and that teams start and end. And for the teams not utilized anymore, make sure we have a precise mechanism to get rid of these.

The best thing would be to have governance in place before rolling out Microsoft Teams. For many of us, that train has left the station already. So don’t be scared to implement governance even if it means doing it later.