Office 365 Groups and Governance
Governance is and always has been a crucial part of the success of any Modern Workplace. The introduction of Office 365 Groups (Groups) made Governance even more important. Before I dive into the Governance aspect of Groups, I briefly want to discuss the definition of Groups.
Say Goodbye to Traditional PC Lifecycle Management
Traditional IT tools, including Microsoft SCCM, Ghost Solution Suite, and KACE, often require considerable custom configurations by T3 technicians (an expensive and often elusive IT resource) to enable management of a hybrid onsite + remote workforce. In many cases, even with the best resources, organizations are finding that these on-premise tools simply cannot support remote endpoints consistently and reliably due to infrastructure limitations.
Since the introduction of Groups many years ago, people have attempted to find a clear explanation for Groups. This explanation was often too technical or abstract. I have been thinking for a long time and decided to draw up two definitions. Namely for the two target groups of Office 365 Groups: IT staff and end users. Let’s start with the explanation for the IT staff:
“An Office 365 Group is a Security Group in Azure Active Directory.”
As you can see, this explanation is far too technical for the regular end user. Hence my explanation for the end users:
“An Office 365 Group enables you to work together in teams, departments, and projects”
This definition does not cover the full meaning of Groups but this image would help:
A Group connects the Office 365 tools and services with each other so that end users can optimally use the power of each tool. For example: In the past, a SharePoint agenda was used within project sites but this never provided the same functionality as an Outlook agenda. This problem is now resolved with a Group because SharePoint is connected to an Outlook calendar and an inbox.
In my view, Groups are the foundation, within Office 365, for facilitating collaboration between a group of people. This involves a certain responsibility because it is very easy to create a Group within Office 365. The following tools generate a Group:
- Team Site in SharePoint
- Group in Yammer
- Team in Microsoft Teams
- Group in Outlook 2016
- Plan in Planner
- Group in Stream
There are at least six locations in Office 365 where an Office 365 Group can be created. It is therefore good to imagine what an incredible chaos it can become. With emphasis on can, because of course this is not necessary. You want to avoid chaos. This is where Governance comes into play. The following components apply:
- Creation process
- Naming policy
- Expiration policy
- Soft delete and restore
- Policies and information protection
- Guest access
Microsoft has the tendency to turn on new features by default. This is no different for Groups. It is therefore important to think carefully about the creation process of Groups. I advise you, especially in the beginning, to give a select group of people the rights to create Groups. You have to use PowerShell to change the creation process. After you have adjusted the rights, I recommend setting up a SharePoint list, where employees apply for a collaboration environment supported by Groups. After the application has been approved, a Group is created. Over time, the organization and the end users become more mature, while working with the Modern Workplace. Is the organization mature enough? It is an option to open up the creation process. Of course, this can vary per organization.
Applying a naming policy is not only important for creating a uniform naming structure but you can also block certain words. It is not desirable to create Groups with names of employees or unwanted words. We always use default naming conventions. What are examples for a naming convention? For example for projects: / teams / prj-name project or for departments / teams / dept-name department. You can find relative articles below:
Setting an expiry period, just like the creation process, prevents an overflow of Groups within your organization. You set an expiry period for all groups or a selection of groups. 30 days before the expiry of the expiration period, the owners will receive an e-mail. If the Group is not renewed, it will be moved to the recycle bin. This process results in a great responsibility for Group Owners because they are able to delete a Group. It is therefore crucial that these people are trained and informed about this responsibility. You can find relevant articles below:
Soft Delete and Restore
Not long ago the removal of a Group resulted in the Group and its content to be gone forever. This is obviously not a pleasant situation. If you delete a Group today, it will be ‘kept’ in the recycle bin for 30 days. After the 30 days have expired, the Group is finally gone. My advice is, again, training and informing the owners of the Group, as these people are able to remove a Group. You can find relevant articles below:
Policies and Information Protection
A wise man once said, “With Great Power Comes Great Responsibility.” This certainly applies to Groups. It is therefore recommended that we use clear guidelines. For example, when a staff member creates a Group, it is linked to a document with guidelines. In addition, the standard security topics such as retentions and labels are present. It is also possible to give a classification to a Group, for example high, middle, and low. This indicates the sensitivity in terms of data. Note: It is nothing more or less than a label. It has, for now, no impact on the content in a Group. You can find relative articles below:
Groups support working with external parties. You are able to switch on or off guest access for all Groups. You can also turn it on or off for each Group individually. For some groups, such as certain departments or specific projects, it is not necessary to work with external persons. However, for these Groups it’s easy to turn off guest access.
The Office 365 Administration Center provides multiple reports for gaining insights into the use of Office 365 and Groups. This way, it is possible to discover inactive groups, for example, and thus prevent an overflow of unused Groups. The reports are also supportive in the adoption process because you gain insight into the actual usage of Groups. You are therefore able to jump in and offer additional training. This increases the success of the deployment of Groups within the organization. You can find relative articles below:
- How to Archive Inactive Office 365 Groups (and Teams)
- Finding Obsolete Office 365 Groups with PowerShell
Groups are, in my view, one of the most powerful features within Office 365. The use of Groups offers incredible benefits for end users. As indicated, it supports collaboration for a group of people. This is both internally and externally. That said, Governance is crucial. Without Governance, the management and success of Groups can become critical. So get started immediately. You will not regret it.