[New post] 10 Microsoft Teams management tips for IT admins
ShareGate posted: " Looking to leverage Microsoft Teams in your organization to support distributed work? Get up to speed on administration best practices with these actionable Teams management tips. In the wake of COVID-19, Microsoft Teams usage soared as many organ"
Looking to leverage Microsoft Teams in your organization to support distributed work? Get up to speed on administration best practices with these actionable Teams management tips.
In the wake of COVID-19, Microsoft Teams usage soared as many organizations rushed to roll out Microsoft Teams to facilitate new methods of virtual collaboration—often without time to implement an effective Teams management plan.
As explored in our benchmark cloud productivity report, distributed work is expected to continue. IT departments now face the challenge of finding a scalable way to maintain a productive and secure Microsoft 365 environment.
At ShareGate, we want to simplify Teams the same way we simplified your SharePoint migration and management. That's why we created this list of actionable tips and tricks to help you successfully manage your Microsoft Teams environment.
Be aware of link permissions in Microsoft Teams Be aware, don't overshare! Take a peek at the organization-level sharing settings in your SharePoint admin center to avoid accidental data leaks.
Tip #1: Create effective teams faster with templates in Microsoft Teams
With team templates, users can choose from a variety of customizable templates when creating a new Microsoft team, helping them get started quickly. Or, you can create your own custom templates for your organization—allowing you to standardize team structures, surface relevant apps, and scale best practices.
What to remember about Microsoft Teams templates:
Team templates are pre-built definitions of a team's structure designed around a business need or project.
Currently, you can create a team from a template in the Teams client or using Microsoft Graph.
Private channels and sensitivity labels are currently not supported in team templates.
Tip #2: Implement a naming convention for your Microsoft teams
It's challenging to manage your teams if you don't know why they exist or what they're used for. Whether implemented manually or enforced via a naming policy in your Azure Active Directory, an effective naming convention can help you and your users identify the function, membership, geographic region, and/or creator of a team.
What to know about Microsoft Teams naming conventions
A naming convention is a consistent naming structure to define your teams depending on its intended business purpose.
It's important to remember that Teams is built on top of Microsoft 365 Groups, so the name chosen when a user creates a new team will also apply to the corresponding group and all of the associated resources that are provisioned automatically at the moment of creation.
Using Azure AD naming policy for Microsoft 365 groups (and by extension, Microsoft teams) requires that you possess an Azure Active Directory Premium P1 license or Azure AD Basic EDU license for each unique user that is a member of one or more Microsoft 365 groups.
Tip #3: Plan for lifecycle management in Microsoft Teams
Most projects consist of a beginning, middle, and end. And Microsoft teams do, too! But since they can be constructed and used in such a variety of ways, it's not always obvious which stage of their lifecycle they're in. Planning for management at each stage of a team's lifecycle—from the moment of creation and when a team is actively in use all the way through to archival or deletion—will help you track your organization's projects as they go through these stages.
Tips on Managing Microsoft Teams:
Implement any governance policies that your organization has decided it requires before you roll out Teams to your organization. It's usually much easier to implement these requirements before you start scaling your deployment.
Microsoft defines the stages of lifecycle management as follows:
Beginning: When a team is created and the channels are set up
Middle: When a team is used and collaboration is actively occurring
End: When a team has completed its purpose and reached the end of its useful life
Tip #4: Keep guest access turned on in Microsoft Teams
Keeping self-service features (like guest access in Teams) enabled enhances productivity and boosts end-user adoption. And, you can manage guests in your Azure AD and the same compliance and auditing protections as the rest of Microsoft 365 apply. Essentially, guest access lets you maintain complete control and your data never leaves your sight!
What to know about Guest access in Teams:
As of February 8th, 2021, guest access capabilities in Microsoft Teams are turned on by default for any customers who have not configured this setting. This brings the Teams guest access capabilities into alignment with the rest of the suite, where the setting is already on by default.
If you're looking to turn on guest access in Teams after previously disabling it, read our blog article on how to authorize guest access in Microsoft Teams.
Guest access features and capabilities in Teams can be managed through four different levels of authorization. Depending on the needs of your organization, these authorization levels provide you with flexibility in how you set up guest access.
Check out our blog article for more details on how to configure additional guest access settings for secure collaboration in Microsoft Teams.
Tip #5: Manage integrated applications in Microsoft Teams
One of the most powerful aspects of Microsoft Teams is the ability to seamlessly integrate other apps. By default, any user can install and use a supported application. To keep your Teams tidy and secure, you may want to consider managing your apps to only allow Microsoft applications and a specific list of agreed-upon third-party applications.
Tips on managing integrated applications in Teams
As an admin, the Manage apps page in the Microsoft Teams admin center is where you view and manage all Teams apps for your organization.
From there, you can also use app permission policies, app setup policies, and custom app policies and settings to configure the app experience for specific users in your organization.
Tip #6: Create a clearly defined classification scheme
Categorizing your data in a way that conveys its level of sensitivity helps you better understand where sensitive data lives, what users are doing with it, and why it may be at risk. But first, you need to know what the categories are! An effective data classification scheme maps out and defines all of the available options in a way that makes sense for your users.
What to keep in mind for classification schemes:
Make sure the categories in your scheme make sense for your organization and create classifications that are clear and easy-to-understand for your end users.
Once you have your classification scheme in place, there are many things you can implement building on top of it—such as sensitivity labels, Data Loss Prevention (DLP), and retention labels, just to name a few.
Apply classification at the container-level—i.e., at the level of a Microsoft 365 group, team, or SharePoint site—whenever possible.
Tip #7: Understand the backends for different parts of Teams
Did you know that Teams is actually a client interface on top of other Microsoft 365 services? To manage Microsoft Teams successfully, you need to understand the logical architecture of productivity services in Microsoft 365 and how Teams relates to other products, like SharePoint and Microsoft 365 Groups, on the backend.
Good to know: Teams end points
Teams is built on top of Microsoft 365 Groups, the cross-application membership service in Microsoft 365. Every time a new team is created, an associated Microsoft 365 group is automatically provisioned.
The Teams platform ties together other Microsoft 365 services and apps, but that means that most Teams data isn't actually stored in Teams. For example, files and folders visible in a team's Files tab are actually stored in the team's associated SharePoint site.
Depending on the capabilities you want to configure, you'll need to jump between settings in several different admin centers (not just the Microsoft Teams admin center).
Tip #8: Create an organization-wide team in Microsoft Teams
Organization-wide teams provide an automatic way for everyone in a small to medium-sized business (SMB) to be part of a single team for collaboration. Global admins with no more than 10,000 users can easily create a public org-wide team that keeps membership up to date with Active Directory as users join and leave the organization.
What to know about org-wide teams in Teams:
Only global admins can create org-wide teams. Currently, org-wide teams are limited to organizations with no more than 10,000 users. There's also a limit of five org-wide teams per tenant.
When an org-wide team is created, all global admins and Teams service administrators are added as team owners and all active users are added as team members. Unlicensed users are also added to the team and will be assigned a Microsoft Teams Exploratory license the first time they sign in. Guest user accounts will not be added to your org-wide team.
As new employees are added to your organization's directory or an employee leaves the company and their account is disabled, changes are automatically synced and users are added to or removed from the team.
Tip #9: Be aware of link permissions in Microsoft Teams
Once a file is uploaded into a team or Teams chat, it's now a SharePoint object. That means the same sharing capabilities you get from SharePoint and OneDrive apply in Microsoft Teams. To prevent accidental security breaches, we recommend configuring the organization-level sharing settings in your SharePoint admin center according to your business's security needs.
Teams link permission tips:
If you can access a file on your device, you can share the file with other people in Teams. This includes any files that are:
In the Files tab of your channels and chats
In your personal OneDrive or other cloud storage
On your local device
By default, both owners and members of a team can share files and folders with people outside the team—and may include people outside your organization if you have allowed guest sharing.
Tip #10: Configure custom security settings for each Microsoft team
You want to give users the freedom to create new resources as they see fit—but you don't want that freedom to come at the cost of creating a security risk. The scalable solution: configure custom security settings for your Microsoft teams based on their confidentiality and business purpose. That way, you can implement additional restrictions only where needed.
Good to know:
Because Teams is actually a unified interface overlying other Microsoft 365 apps and services, you need to configure settings in multiple admin centers—and through several levels of authorization—if you want to set up custom protection for each team manually.
Sensitivity labels through the Microsoft Information Protection (MIP) framework can be used to classify a team and enforce protection settings based on that classification. However, enabling this feature for Teams requires an Azure AD Premium license and a fair bit of PowerShell scripting.
You can use a third-party governance tool like ShareGate Apricot to apply custom security settings to each Microsoft team. Our sensitivity tag feature enables you to work with owners to define each team's level of sensitivity and automatically apply the right security settings.
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.