Lurking Challenges for Teams and Planner
Teams and Plans for Office 365 Tenants
The recent announcement of Microsoft Teams, the so-called “Slack killer”, generated a lot of interest within Office 365 customers, not least because the new application is free to all Office 365 enterprise and business tenants. Microsoft Planner, the task-based project manager that attained General Availability in June 2016, shares many characteristics with Teams such as the way that both applications leverage Office 365 Groups for authentication and membership.
Microsoft updates Teams on a regular basis and users receive client updates automatically. For example, you can now disable the integration between Teams and Skype for Business if you don’t want to have cross-platform instant messaging (or perhaps more importantly, multiple pop-up notifications for messages). The Teams back-end also receives updates. One recent advance is that you can now disable Teams for specific users by removing the license for the application through the Office 365 Admin Center.
Say Goodbye to Traditional PC Lifecycle Management
Traditional IT tools, including Microsoft SCCM, Ghost Solution Suite, and KACE, often require considerable custom configurations by T3 technicians (an expensive and often elusive IT resource) to enable management of a hybrid onsite + remote workforce. In many cases, even with the best resources, organizations are finding that these on-premise tools simply cannot support remote endpoints consistently and reliably due to infrastructure limitations.
Like all software, the two applications have some challenges. Brad Sams recently surveyed companies to discover what they think of Teams in terms of functionality. This is my take on where I think Microsoft needs to invest more development effort as Teams moves to General Availability status in “early 2017” (very soon). Much the same needs to be done to round out Planner in the same timeframe.
Soft Delete, Please!
Right now, a horrible lurking danger exists if you delete a team or plan in that the action leads to the permanent and irrevocable deletion of the underlying Office 365 Group and all its resources. Confirm and click the button to delete a team (Figure 1) or plan and all hell might break loose.
The root cause is the ongoing lack of soft-delete capability for Office 365 Groups. Microsoft has long promised soft-delete for Office 365 Groups and announced that Ignite that the feature would be available before the end of 2016. No trace has yet appeared and deletes are still as resolutely hard as they ever were. In fact, given that Office 365 Groups have been around for over two years now, it is surprising that it has taken Microsoft so long to provide administrators with the ability to rescue mistaken deletions.
The get-out-of-jail card here is the growing complexity of the ecosystem that has grown up around Office 365 Groups. It’s not just a matter of being able to reverse the deletion of an Exchange Online mailbox and a SharePoint Online team site. Recovery from deletion now should take the recovery of a plan, if one exists, or a team, if that exists, as well as making sure that the recovery does not impact any links used by Power BI and Dynamics CRM. Finally, the Azure Active Directory group project must be brought back from the dead.
The expansion of the Groups ecosystem means that recovery of a group and all its associated resources has become more difficult over time. After all, it is just a matter of software engineering (write some code, etc.). But the recovery must work flawlessly. All the time and no matter what application deletes the group or invokes the recovery. Soft-delete is coming. Let’s hope it works as expected.
Compliance Is a Worry
Compliance is a definite concern for both Teams and Planner. Microsoft’s announcement said “Microsoft Teams is expected to be Office 365 Tier C compliant at launch”. However, in practical terms this doesn’t mean that chats and conversations carried out through in Teams are exposed to eDiscovery searches launched from the Security and Compliance Center. Details of meetings created in user mailboxes and files created in SharePoint are indexed and discoverable.
Much the same problem exists for Planner as plan metadata and the details of task and assignments are not recorded for compliance purposes unless notifications are captured in the group conversation stream. Even so, there is no guarantee that all plans capture these notifications and the notifications do not contain all the information about a task. These are issues that concern corporate compliance officers.
Where Does Teams and Planner Data Rest?
Apart from commenting that all customer data is encrypted at rest and held in regional Office 365 datacenters, Microsoft has not provided a lot of details about where and how Planner and Teams data is managed. This raises the issue of sovereignty. Microsoft has not said which Office 365 regions will host the Planner and Teams applications, which means that tenants might be forced to store data in a country where they would prefer to avoid.
Is Backup Possible?
Microsoft says that Teams retain all messages and keeps deleted messages for at least seven days and at most 30 days before Teams permanently removes the items. However, apart from writing some code using the REST API to extract Teams data, it is hard to see how Teams data can be backed up. The same is true for Planner data.
These factors make it difficult for organizations to back up all the data they own from Office 365 or extract that data if necessary to move to a different platform. You can argue that Microsoft will take care of backups, but that is insufficient for some large enterprises.
Data classification of the kind implemented in Azure Information Protection is another issue that might be important to some tenants. It is probably not important now because neither Teams nor Planner support external access, but it might become more of an issue after Microsoft enables external access for these applications.
Office 365 auditing provides a common collection and access point for audit information extracted from different applications across the service. Office 365 auditing does not record any actions associated with Planner or Teams including fundamental operations such as the creation of a new plan or team. This means that you won’t be able to use the Office 365 Audit Report (Figure 2) or tools such as Microsoft’s Advanced Security Management or Cogmotive Discover & Audit to find out who created a task or bucket within Planner or a channel or tab within Teams. Or, possibly even more important, who removed one of these objects.
In some respects, it is unsurprising that Planner and Teams do not support Office 365 auditing as it usually takes time before applications incorporate the necessary code to record audit events and then feed those events to the Office 365 audit log, but it is an issue that needs to be dealt with in the future.
Office 365 Is Always Changing
I know that some might think I am complaining horribly about Teams and Planner, but I am not really. The applications are valuable and prove that the unique environment created within Office 365 can serve as a toolkit for the creation of new functionality.
I like what I see in Teams and Planner, but there’s work to do to move both applications to the next level. The work described here will be important to different tenants – but it must be done to release the potential that exists within Teams and Planner. Over to Microsoft. No pressure…
Follow Tony on Twitter @12Knocksinna.
Want to know more about how to manage Office 365? Find what you need to know in “Office 365 for IT Pros”, the most comprehensive eBook covering all aspects of Office 365. Available in PDF and EPUB formats (suitable for iBooks) or for Amazon Kindle.