Governance is perhaps the most misunderstood concept in a deployment of Microsoft. Too frequently it is forgotten altogether. Further, many view governance to be about stopping users from doing things. In fact, governance is the complete opposite, it is about empowering your users to use Microsoft 365 effectively and securely.
From a beginner’s perspective there are three key considerations for successful Microsoft 365 governance:
- Provisioning – the process of how things are created
- Compliance – how things are maintained during their usage
- Lifecycle – how and when things are disposed of once that usage has finished
Provisioning in Microsoft 365, is the process of how workspaces such as Microsoft Teams and SharePoint Sites are created. Organisations need to think about what workloads they will use for collaboration in Microsoft 365. Often this is mixed to suit different use cases, including Teams, SharePoint and other workloads such as Viva.
Organisations also need to think about the process a user follows to create a new workspace. From a governance perspective, it is often assumed that there are only two choices. This is either everyone creates whatever they like or everything is done by IT. Whilst both options can be followed, they do not achieve the objective of empowering users effectively and securely.
Instead, we advise our clients to implement a streamlined process for users to provision new Sites and Teams. This could be through an existing service management system or through a dedicated app service like ProvisionPoint 365. The advantage of such a process is it is still user-initiated and it is automated to avoid lengthy delays. However, it can include controls like approval before a new Site or Team is created.
Many people assume from a governance perspective that once a Site or Team is created there is no need to do anything until it is time to archive it. In fact, it is during this period that governance is probably the most important.
Organisations must therefore plan for regular reviews of Sites and Teams, to make sure they comply with organisation standards. This is typically a process shared between the administrators of the Microsoft 365 environment and the individual workspace Owners.
There are, of course, many factors that are important to ensure ongoing compliance. These can include checking for disabled owners, checking security, and closing down external access when no longer required. However, the most important thing is for an organisation to define what compliance rules are important for them. At ProvisionPoint we help organisations define personalised policies to identify and correct potential non-compliance.
With some exceptions, most users are bad at cleaning up and archiving data. This can cause organisations significant issues with out of date data being shared. This can include information shared externally with suppliers, partners and customers.
The other challenge is a sprawl of legacy information can leave users frustrated with the ability to find anything on SharePoint and Teams. The biggest risk with this is users will choose to collaborate using platforms away from Microsoft 365 and outside of corporate governance.
There are several simple questions to ask when planning the lifecycle as part of Microsoft 365 governance:
- What defines when a workspace should be archived? (Is it time or activity based)
- What does archived mean to your organisation? (Does the data need to be moved somewhere)
- Are the rules the same for every Site and Team? (Eg is the lifecycle different for externally facing workspaces)
- What is the role of workspace owners? (Will they be able to extend the lifecycle period)
By defining the answers to these questions an organisation can define their approach to lifecycle for Microsoft 365 governance. A service like ProvisionPoint can help automate lifecycle processes either automatically or by engaging workspace owners.
Good governance is essential to a successful Microsoft 365 deployment. Governance helps ensure that users do not use other tools for collaboration and sharing, outside of corporate data retention and residency requirements. It does this by empowering users rather than restricting them.
Governance may seem like a daunting concept for a beginner. However, by following the guidance set out in this post you will have a clear path to success. This can be further supported by leveraging services like ProvisionPoint 365 to deliver a comprehensive approach to Microsoft 365 governance.