In the ever-evolving landscape of Microsoft 365, maintaining a well-governed environment is crucial for accelerating productivity without compromising compliance. In this article, we will explore key standard practices for Microsoft Teams & SharePoint governance.

As a Microsoft 365 admin, you understand the challenges of wearing multiple hats: juggling multiple admin centers, battling sprawl, and responding to diverse departmental requests. However, for a compliant rapid adoption means many need to address Microsoft 365 governance preventively and in a centralized manner, especially when team resources are limited.

Establishing Essential Governance Foundations

Unfortunately, in Microsoft 365 there is no "Governance Center". Wouldn’t that be a dream? However, many OOTB governance features are spread across different admin centers, that you can use to implement core Microsoft 365 governance practices.

Here are key practices for Microsoft 365 governance that everyone should know:

• Adjust Privacy, Sensitivity Labels, and External File Sharing Settings
• Enforce naming conventions and blocked words to create sites
• Define Minimum Members and Owners
• Define Group Settings
• Manage Team Settings

1. Adjust Privacy, Sensitivity Labels, and External File Sharing Settings

Imagine a marketing team accidentally sharing a confidential campaign proposal with an external vendor through an unsecured Team Site. Adjusting these settings prevents such leaks.

That’s why, for every new Team, Team Site, and Communication Site created, it is a standard practice to review and adjust the different settings to protect sensitive information. Privacy and sensitivity labels can be revised from Microsoft Teams or SharePoint. However, adjusting the external sharing settings can only be done on SharePoint Admin Center.

These settings protect sensitive information within Microsoft 365 workspaces:

• Privacy settings: Public teams can be accessed by anyone, while private teams require membership approval. Choosing the right privacy level ensures only authorized users can access confidential information.
• Sensitivity labels: Classify documents, teams, and groups based on their confidentiality level (e.g., highly confidential, public). Sensitivity labels can then enforce access restrictions, encryption, and visual markings to warn users about handling sensitive data.
• External file sharing settings: Control how users share files with people outside the organization. You can choose to restrict sharing entirely, limit access to specific domains, or require additional authentication for external access.

How to do it:

• Navigate to SharePoint Admin Center > Active Sites > Select the site you want to make adjustments to > Settings.

• By default, sensitivity labels are not enabled to be used in the scope of sites, teams and groups. They can be created at the tenant level but they cannot be applied to specific sites, teams and groups for the tenant (groups, sites e teams). To enable them, it can be a bit tricky - follow these steps and soon you will be ready to go
• Once enabled, create or edit sensitivity labels in Microsoft Purview.

• Then, to assign them to sites, teams and groups individually, you need to go to the specific admin centers.
• Additional Resources:
  • How to use sensitivity labels to control access to Microsoft Teams, Groups and Sites
  • Manage sharing settings for SharePoint and OneDrive in Microsoft 365
  • Change the sharing settings for a site
  • Change the default sharing link for a site

2. Enforce naming conventions and blocked words to create sites

When creating Teams, Team Sites and Communication sites, enforcing naming conventions and blocked words will prevent the creation of certain teams or sites that do not follow certain patterns, preventing the creation of unprofessional or inconsistent teams and sites.

• Naming conventions: Enforcing a consistent naming format (e.g., "2024 Micro Project - [Project Name] – Strategy"), with a consistent suffix and/or prefix for the Team Name improves searchability, avoids confusion with similarly named teams, avoids issues with misspelling, wrong capitalization or misusage of symbol (e.g., “ProJecT2024_Te@m”.)
• Blocked words: Blocking inappropriate words or offensive names prevents the creation of unprofessional or offensive team/site names (e.g., “The Spam Squad”, “The Clickbait Crusaders”)

How to do it:

• While Microsoft doesn't offer built-in features for specific scenarios or Communication Sites, you can configure this organization-wide within Entra Admin Center under Groups > Naming Policy.

3. Define Minimum Members and Owners

Project managers, HR personnel or marketing team members, will likely juggle multiple projects, collaborate with diverse teams, and require access to specific information. With uncontrolled growth of Teams and Sites, locating relevant project documents or marketing materials becomes time-consuming.

To minimize sprawl, scattered information and unused workspaces, start by internally aligning a minimum number of members for a team/site to remain active. Although there is no Microsoft OOTB feature to set this up, there are tools out there that can help you.

• Members and Owners: Without a minimum member requirement, users might create teams/sites for a specific purpose and then abandon them. This creates clutter and makes it difficult to find active workspaces.

4. Define Group Settings

Control communication within teams and how group emails are managed. External parties might be brought into a marketing campaign or a specific project Team. These settings define how other people from the same organization but external to the group interact with it. By default, anyone can find these groups across different internal search bars, copies of conversations are not sent, and external senders can't email people within the group. Changing these settings is possible group by group but not for the tenant (at least visually in an admin center) nor for specific scenarios.

• External senders: Decide if external users can email group members directly. This helps prevent spam or unwanted communication.
• Conversations in Inboxes: Determine if team conversations are automatically sent to members' inboxes. This can overwhelm users with emails, especially for large groups.
• Global Address List Visibility: Choose whether specific group email addresses are hidden from the global address list. This reduces clutter and ensures only relevant users see the address.

How to do it:

• Go to Microsoft 365 admin center > expand Groups, and then click Groups > select the group you want to manage to open the settings pane.
• Open the four different tabs and explore the options available to manage group owners and members, send copies of conversations to group members' inboxes, and let people outside the organization email the group. Learn more.

5. Manage Team Settings

These rules include defining member and guest permissions and messaging settings to further control team functionality and maintain a professional environment.

• Restricted creation of private channels: Limit who can create private channels within a team. This helps maintain control over team structure and information flow.
>Disable guest channel modification: Prevent guest users from modifying channels within a team. This ensures team owners retain control over content shared with external guests.
• Restrict GIFs, stickers, and memes (Optional): Consider restricting non-work-related visuals to maintain a professional tone within team communication. Keep in mind that some teams work better in a more casual environment. In that case, we recommend not making such restrictions to maintain team authenticity.

How to do it:

• Most of these can be managed 1:1, team by team, directly in teams under Settings OR within Teams admin center under Manage Teams. The "tenant default" can be configured under Teams Polices.

Conclusion

By implementing these practices within your M365 environment framework, you're establishing fundamental elements of good Microsoft 365 governance. This ensures a secure, organized, and user-friendly experience for all your collaborators. However, if you need to create multiple sites with very different settings, it can get time-consuming. In that case, we can help!

Get Started with a Free SharePoint Governance Template

Building a comprehensive governance strategy from scratch can be daunting. Manually applying it to each Group Site can be even more so. That's why we crafted a pre-built "Governance 101" template for Microsoft Teams & SharePoint – a powerful tool to streamline implementation and provide a solid foundation for your M365 governance journey.

How Does the "Governance 101" Template Help?

Governance should be preventive rather than reactive. By leveraging the pre-configured settings in the "Governance 101" template, you can achieve several benefits:

• Save time and effort: Skip the manual configuration of essential governance settings and automate the entire provisioning process, getting started in minutes.
• Centralize your M365 Management: Stop jumping around between different M365 Suite platforms (Purview, Microsoft 365 Admin Center, Teams admin center, SharePoint admin center, etc.) The template brings all the configurations together.
• Apply governance rules granularly: Apply policies conditionally, per template installed. Package the policies you have already defined and then apply them over your group sites and templates. This allows for more specific control over different types of sites.
• Ensure Consistency: Guarantee all teams adhere to the same governance principles. Not just to Group Sites (Teams and Team Sites, Power BI, Planner) but also to Communication Sites. This creates a uniform experience across your M365 environment.
• Reduce Risk: Minimize the likelihood of security breaches, data leaks, inconsistencies and errors. Pre-configured settings help mitigate these risks.
• Empower users to self-service new workspaces with confidence: Knowing their workspaces comply with organizational policies allows users to create them independently.